Porting swssf branch to trunk
diff --git a/streaming-ws-policy/pom.xml b/streaming-ws-policy/pom.xml
deleted file mode 100644
index 94a3ce9..0000000
--- a/streaming-ws-policy/pom.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.swssf</groupId>
- <artifactId>swssf</artifactId>
- <version>1.0.0</version>
- </parent>
- <groupId>org.swssf</groupId>
- <artifactId>streaming-ws-policy</artifactId>
- <version>1.0.0</version>
- <name>Streaming WebService Policy</name>
-
- <dependencies>
- <dependency>
- <groupId>org.swssf</groupId>
- <artifactId>streaming-ws-security</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>org.swssf</groupId>
- <artifactId>rampart-policy</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>wsdl4j</groupId>
- <artifactId>wsdl4j</artifactId>
- <version>1.6.2</version>
- </dependency>
- <dependency>
- <groupId>org.swssf</groupId>
- <artifactId>streaming-ws-security</artifactId>
- <version>1.0.0</version>
- <classifier>tests</classifier>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.testng</groupId>
- <artifactId>testng</artifactId>
- <version>6.5.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>${log4j.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.ws.security</groupId>
- <artifactId>wss4j</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>javax.xml</groupId>
- <artifactId>jaxrpc-api</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>${xalan.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>serializer</artifactId>
- <version>${xalan.version}</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.9</version>
- <configuration>
- <systemPropertyVariables>
- <log4j.configuration>log4j-wsp.xml</log4j.configuration>
- </systemPropertyVariables>
- <!--<debugForkedProcess>true</debugForkedProcess>-->
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java b/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java
deleted file mode 100644
index b9e2065..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-
-/**
- * @author $Author: giger $
- * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
- */
-public interface Assertable {
-
- SecurityEventConstants.Event[] getSecurityEventType();
-
- boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException;
-
- boolean isAsserted();
-
- String getErrorMessage();
-
- boolean isLogged();
-
- void setLogged(boolean logged);
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/OperationPolicy.java b/streaming-ws-policy/src/main/java/org/swssf/policy/OperationPolicy.java
deleted file mode 100644
index f2b6349..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/OperationPolicy.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.neethi.Policy;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class OperationPolicy {
-
- private String operationName;
- private String operationAction;
- private Policy policy;
- private String soapMessageVersionNamespace;
-
- public OperationPolicy(String operationName) {
- this.operationName = operationName;
- }
-
- public String getOperationName() {
- return operationName;
- }
-
- public void setOperationName(String operationName) {
- this.operationName = operationName;
- }
-
- public String getOperationAction() {
- return operationAction;
- }
-
- public void setOperationAction(String operationAction) {
- this.operationAction = operationAction;
- }
-
- public Policy getPolicy() {
- return policy;
- }
-
- public void setPolicy(Policy policy) {
- this.policy = policy;
- }
-
- public String getSoapMessageVersionNamespace() {
- return soapMessageVersionNamespace;
- }
-
- public void setSoapMessageVersionNamespace(String soapMessageVersionNamespace) {
- this.soapMessageVersionNamespace = soapMessageVersionNamespace;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (!(obj instanceof OperationPolicy)) {
- return false;
- }
- OperationPolicy other = (OperationPolicy) obj;
- return getOperationName().equals(other.getOperationName());
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java
deleted file mode 100644
index ce87037..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyConstants {
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
deleted file mode 100644
index 8198936..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
+++ /dev/null
@@ -1,516 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.neethi.*;
-import org.apache.neethi.builders.PrimitiveAssertion;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.*;
-import org.swssf.policy.assertionStates.*;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
-
-import javax.xml.namespace.QName;
-import java.util.*;
-
-/**
- * The PolicyEnforcer verifies the Policy assertions
- * The Assertion will be validated in realtime as far as possible
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyEnforcer implements SecurityEventListener {
-
- //todo:
- // AlgorithmSuite SoapNorm
- // AlgorithmSuite STR Trans
- // AlgorithmSuite XPath
- // AlgorithmSuite Comp Key
- // Layout? I don't know if it is that relevant and worth. We need security header element numbering
- //to implement it.
- // HttpsToken Algorithms
- //unused tokens must be checked (algorithms etc)
-
- protected static final transient Log log = LogFactory.getLog(PolicyEnforcer.class);
-
- private final List<OperationPolicy> operationPolicies;
- private OperationPolicy effectivePolicy;
- private final List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap;
- private final List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> failedAssertionStateMap;
-
- private final Deque<SecurityEvent> securityEventQueue = new LinkedList<SecurityEvent>();
- private boolean operationSecurityEventOccured = false;
-
- public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction) throws WSSPolicyException {
- this.operationPolicies = operationPolicies;
- assertionStateMap = new LinkedList<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>>();
- failedAssertionStateMap = new LinkedList<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>>();
-
- if (soapAction != null && !soapAction.isEmpty()) {
- effectivePolicy = findPolicyBySOAPAction(operationPolicies, soapAction);
- if (effectivePolicy != null) {
- buildAssertionStateMap(effectivePolicy.getPolicy(), assertionStateMap);
- }
- }
- }
-
- private OperationPolicy findPolicyBySOAPAction(List<OperationPolicy> operationPolicies, String soapAction) {
- Iterator<OperationPolicy> operationPolicyIterator = operationPolicies.iterator();
- while (operationPolicyIterator.hasNext()) {
- OperationPolicy operationPolicy = operationPolicyIterator.next();
- if (soapAction.equals(operationPolicy.getOperationAction())) {
- return operationPolicy;
- }
- }
- return null;
- }
-
- private OperationPolicy findPolicyBySOAPOperationName(List<OperationPolicy> operationPolicies, String soapOperationName) {
- Iterator<OperationPolicy> operationPolicyIterator = operationPolicies.iterator();
- while (operationPolicyIterator.hasNext()) {
- OperationPolicy operationPolicy = operationPolicyIterator.next();
- if (soapOperationName.equals(operationPolicy.getOperationName())) {
- return operationPolicy;
- }
- }
- return null;
- }
-
- /**
- * Precondition: Policy _must_ be normalized!
- */
- private void buildAssertionStateMap(
- PolicyComponent policyComponent,
- List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap) throws WSSPolicyException {
- if (policyComponent instanceof PolicyOperator) {
- PolicyOperator policyOperator = (PolicyOperator) policyComponent;
- List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
- int alternative = 0;
- Iterator<PolicyComponent> policyComponentIterator = policyComponents.iterator();
- while (policyComponentIterator.hasNext()) {
- PolicyComponent curPolicyComponent = policyComponentIterator.next();
- if (policyOperator instanceof ExactlyOne) {
- assertionStateMap.add(new HashMap<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>());
- buildAssertionStateMap(curPolicyComponent, assertionStateMap, alternative++);
- } else {
- buildAssertionStateMap(curPolicyComponent, assertionStateMap);
- }
- }
- } else {
- throw new WSSPolicyException("Invalid PolicyComponent: " + policyComponent + " " + policyComponent.getType());
- }
- }
-
- private void buildAssertionStateMap(
- PolicyComponent policyComponent,
- List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap, int alternative) throws WSSPolicyException {
- if (policyComponent instanceof PolicyOperator) {
- PolicyOperator policyOperator = (PolicyOperator) policyComponent;
- List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
- Iterator<PolicyComponent> policyComponentIterator = policyComponents.iterator();
- while (policyComponentIterator.hasNext()) {
- PolicyComponent curPolicyComponent = policyComponentIterator.next();
- buildAssertionStateMap(curPolicyComponent, assertionStateMap, alternative);
- }
- } else if (policyComponent instanceof AbstractSecurityAssertion) {
- AbstractSecurityAssertion abstractSecurityAssertion = (AbstractSecurityAssertion) policyComponent;
- List<Assertable> assertablesList = getAssertableForAssertion(abstractSecurityAssertion);
- Iterator<Assertable> assertableIterator = assertablesList.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
- final Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(alternative);
- final SecurityEventConstants.Event[] securityEventType = assertable.getSecurityEventType();
- for (int j = 0; j < securityEventType.length; j++) {
- SecurityEventConstants.Event event = securityEventType[j];
- Map<Assertion, List<Assertable>> assertables = map.get(event);
- if (assertables == null) {
- assertables = new HashMap<Assertion, List<Assertable>>();
- map.put(event, assertables);
- }
- addAssertionState(assertables, abstractSecurityAssertion, assertable);
- }
- }
- if (abstractSecurityAssertion instanceof PolicyContainingAssertion) {
- buildAssertionStateMap(((PolicyContainingAssertion) abstractSecurityAssertion).getPolicy(), assertionStateMap, alternative);
- }
- } else if (policyComponent instanceof PrimitiveAssertion) {
- //nothing to-do. should be covered by the surrounding assertion
- } else {
- throw new WSSPolicyException("Unsupported PolicyComponent: " + policyComponent + " type: " + policyComponent.getType());
- }
- }
-
- private void addAssertionState(Map<Assertion, List<Assertable>> assertables, Assertion keyAssertion, Assertable assertable) {
- List<Assertable> assertableList = assertables.get(keyAssertion);
- if (assertableList == null) {
- assertableList = new LinkedList<Assertable>();
- assertables.put(keyAssertion, assertableList);
- }
- assertableList.add(assertable);
- }
-
- protected List<Assertable> getAssertableForAssertion(AbstractSecurityAssertion abstractSecurityAssertion) throws WSSPolicyException {
- List<Assertable> assertableList = new LinkedList<Assertable>();
- if (abstractSecurityAssertion instanceof ContentEncryptedElements) {
- //initialized with asserted=true because it could be that parent elements are encrypted and therefore these element are also encrypted
- //the test if it is really encrypted is done via the PolicyInputProcessor which emits EncryptedElementEvents for unencrypted elements with the unencrypted flag
- assertableList.add(new ContentEncryptedElementsAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof EncryptedParts) {
- //initialized with asserted=true with the same reason as by the EncryptedParts above
- assertableList.add(new EncryptedPartsAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof EncryptedElements) {
- //initialized with asserted=true with the same reason as by the EncryptedParts above
- assertableList.add(new EncryptedElementsAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof SignedParts) {
- //initialized with asserted=true because it could be that parent elements are signed and therefore these element are also signed
- //the test if it is really signed is done via the PolicyInputProcessor which emits SignedElementEvents for unsigned elements with the unsigned flag
- assertableList.add(new SignedPartsAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof SignedElements) {
- //initialized with asserted=true with the same reason as by the SignedParts above
- assertableList.add(new SignedElementsAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof RequiredElements) {
- assertableList.add(new RequiredElementsAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof RequiredParts) {
- assertableList.add(new RequiredPartsAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof UsernameToken) {
- assertableList.add(new UsernameTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof IssuedToken) {
- assertableList.add(new IssuedTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof X509Token) {
- assertableList.add(new X509TokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof KerberosToken) {
- assertableList.add(new KerberosTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof SpnegoContextToken) {
- assertableList.add(new SpnegoContextTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof SecureConversationToken) {
- assertableList.add(new SecureConversationTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof SecurityContextToken) {
- assertableList.add(new SecurityContextTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof SamlToken) {
- assertableList.add(new SamlTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof RelToken) {
- assertableList.add(new RelTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof HttpsToken) {
- assertableList.add(new HttpsTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof KeyValueToken) {
- assertableList.add(new KeyValueTokenAssertionState(abstractSecurityAssertion, false));
- } else if (abstractSecurityAssertion instanceof AlgorithmSuite) {
- //initialized with asserted=true because we do negative matching
- assertableList.add(new AlgorithmSuiteAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof AsymmetricBinding) {
- } else if (abstractSecurityAssertion instanceof SymmetricBinding) {
- } else if (abstractSecurityAssertion instanceof TransportBinding) {
- } /*else if (abstractSecurityAssertion instanceof Layout) {
- assertableList.add(new LayoutAssertionState(abstractSecurityAssertion, true));
- }*/
-
- if (abstractSecurityAssertion instanceof AbstractBinding) {
- AbstractBinding abstractBinding = (AbstractBinding) abstractSecurityAssertion;
- if (abstractBinding instanceof AbstractSymmetricAsymmetricBinding) {
- AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding = (AbstractSymmetricAsymmetricBinding) abstractSecurityAssertion;
- assertableList.add(new ProtectionOrderAssertionState(abstractSymmetricAsymmetricBinding, true));
- assertableList.add(new SignatureProtectionAssertionState(abstractSymmetricAsymmetricBinding, true));
- if (abstractSymmetricAsymmetricBinding.isOnlySignEntireHeadersAndBody()) {
- assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, false));
- }
- assertableList.add(new TokenProtectionAssertionState(abstractSecurityAssertion, true));
- }
-
- //WSP1.3, 6.2 Timestamp Property
- assertableList.add(new IncludeTimeStampAssertionState(abstractBinding, true));
- if (abstractBinding.isIncludeTimestamp()) {
- RequiredElementsAssertionState requiredElementsAssertionState = new RequiredElementsAssertionState(abstractBinding, false);
- List<QName> timestampElementPath = new LinkedList<QName>();
- timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- timestampElementPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementsAssertionState.addElement(timestampElementPath);
- assertableList.add(requiredElementsAssertionState);
-
- SignedElementsAssertionState signedElementsAssertionState = new SignedElementsAssertionState(abstractSecurityAssertion, true);
- signedElementsAssertionState.addElement(timestampElementPath);
- assertableList.add(signedElementsAssertionState);
- }
- }
-
- return assertableList;
- }
-
- /**
- * tries to verify a SecurityEvent in realtime.
- *
- * @param securityEvent
- * @throws WSSPolicyException
- */
- private void verifyPolicy(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
- {
- //We have to check the failed assertions for logging purposes firstly...
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
- alternative:
- while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- //every list entry counts as an alternative...
- Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
- if (assertionListMap != null && assertionListMap.size() > 0) {
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
- while (assertionStateIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
- List<Assertable> assertionStates = assertionStateEntry.getValue();
- Iterator<Assertable> assertableIterator = assertionStates.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
- boolean asserted = assertable.assertEvent(securityEvent);
- //...so if one fails, continue with the next map entry and increment the notAssertedCount
- if (!asserted) {
- continue alternative;
- }
- }
- }
- }
- }
- }
-
- String assertionMessage = null;
- {
- //...and then check the remaining alternatives
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
- //every map entry counts as an alternative...
- alternative:
- while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
- if (assertionListMap != null && assertionListMap.size() > 0) {
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
- while (assertionStateIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
- List<Assertable> assertionStates = assertionStateEntry.getValue();
- Iterator<Assertable> assertableIterator = assertionStates.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
- boolean asserted = assertable.assertEvent(securityEvent);
- //...so if one fails, continue with the next map entry and increment the notAssertedCount
- if (!asserted) {
- assertionMessage = assertable.getErrorMessage();
- failedAssertionStateMap.add(map);
- assertionStateMapIterator.remove();
- continue alternative;
- }
- }
- }
- }
- }
- }
- //if the assertionStateMap is empty (the size of the list is equal to the alternatives)
- //then we could not satisfy any alternative
- if (assertionStateMap.isEmpty()) {
- logFailedAssertions();
- throw new PolicyViolationException(assertionMessage);
- }
- }
-
- /**
- * verifies the whole policy to try to find a satisfied alternative
- *
- * @throws WSSPolicyException throws when the policy is invalid
- * @throws PolicyViolationException thrown when no alternative could be satisifed
- */
- private void verifyPolicy() throws WSSPolicyException {
- String assertionMessage = null;
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
- alternative:
- while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator = map.entrySet().iterator();
- while (iterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry = iterator.next();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = mapEntry.getValue().entrySet().iterator();
- while (assertionStateIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertionStateIterator.next();
- List<Assertable> assertableList = assertionListEntry.getValue();
- Iterator<Assertable> assertableIterator = assertableList.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
- if (!assertable.isAsserted()) {
- assertionMessage = assertable.getErrorMessage();
- failedAssertionStateMap.add(map);
- assertionStateMapIterator.remove();
- continue alternative;
- }
- }
- }
- }
- }
- if (assertionStateMap.isEmpty()) {
- logFailedAssertions();
- throw new WSSPolicyException(assertionMessage);
- }
- }
-
- /**
- * verifies the policy after the OperationSecurityEvent occured. This allows to
- * stop further processing after the header is processed when the policy is not fulfilled.
- *
- * @throws WSSPolicyException throws when the policy is invalid
- * @throws PolicyViolationException thrown when no alternative could be satisifed
- */
- private void verifyPolicyAfterOperationSecurityEvent() throws WSSPolicyException {
- String assertionMessage = null;
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
- alternative:
- while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator = map.entrySet().iterator();
- while (iterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry = iterator.next();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = mapEntry.getValue().entrySet().iterator();
- while (assertionStateIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertionStateIterator.next();
- List<Assertable> assertableList = assertionListEntry.getValue();
- Iterator<Assertable> assertableIterator = assertableList.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
-
- boolean doAssert = false;
- if (assertable instanceof TokenAssertionState) {
- TokenAssertionState tokenAssertionState = (TokenAssertionState) assertable;
- AbstractToken abstractToken = (AbstractToken) tokenAssertionState.getAssertion();
- AbstractSecurityAssertion assertion = abstractToken.getParentAssertion();
- if (assertion instanceof SupportingTokens) {
- doAssert = true;
- }
- } else if (assertable instanceof TokenProtectionAssertionState) {
- doAssert = true;
- }
-
- if (doAssert && !assertable.isAsserted()) {
- assertionMessage = assertable.getErrorMessage();
- failedAssertionStateMap.add(map);
- assertionStateMapIterator.remove();
- continue alternative;
- }
- }
- }
- }
- }
- if (assertionStateMap.isEmpty()) {
- logFailedAssertions();
- throw new WSSPolicyException(assertionMessage);
- }
- }
-
- private void logFailedAssertions() {
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
- while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Set<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> entrySet = map.entrySet();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> entryIterator = entrySet.iterator();
- while (entryIterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> eventCollectionEntry = entryIterator.next();
- Map<Assertion, List<Assertable>> assertionListMap = eventCollectionEntry.getValue();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateEntryIterator = assertionListMap.entrySet().iterator();
- while (assertionStateEntryIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> entry = assertionStateEntryIterator.next();
- List<Assertable> assertionStates = entry.getValue();
- Iterator<Assertable> assertableIterator = assertionStates.iterator();
- while (assertableIterator.hasNext()) {
- Assertable assertable = assertableIterator.next();
- if (!assertable.isAsserted() && !assertable.isLogged()) {
- log.error(entry.getKey().getName() + " not satisfied: " + assertable.getErrorMessage());
- assertable.setLogged(true);
- }
- }
- }
- }
- }
- }
-
- //multiple threads can call this method concurrently -> synchronize access
- public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
-
- if (operationSecurityEventOccured) {
- try {
- verifyPolicy(securityEvent);
- } catch (WSSPolicyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
- }
-
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.Operation) {
- operationSecurityEventOccured = true;
- final OperationSecurityEvent operationSecurityEvent = (OperationSecurityEvent) securityEvent;
- if (effectivePolicy != null) {
- //soap-action spoofing detection
- if (!effectivePolicy.getOperationName().equals(operationSecurityEvent.getOperation().getLocalPart())) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, new WSSPolicyException("SOAPAction (" + effectivePolicy.getOperationName() + ") does not match with the current Operation: " + operationSecurityEvent.getOperation()));
- }
- } else {
- effectivePolicy = findPolicyBySOAPOperationName(operationPolicies, operationSecurityEvent.getOperation().getLocalPart());
- if (effectivePolicy == null) {
- //no policy to the operation given
- effectivePolicy = new OperationPolicy("NoPolicyFoundForOperation");
- effectivePolicy.setPolicy(new Policy());
- }
- try {
- buildAssertionStateMap(effectivePolicy.getPolicy(), assertionStateMap);
- } catch (WSSPolicyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
- }
- try {
- Iterator<SecurityEvent> securityEventIterator = securityEventQueue.descendingIterator();
- while (securityEventIterator.hasNext()) {
- SecurityEvent prevSecurityEvent = securityEventIterator.next();
- verifyPolicy(prevSecurityEvent);
- }
-
- verifyPolicy(securityEvent);
-
- verifyPolicyAfterOperationSecurityEvent();
- } catch (WSSPolicyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
- securityEventQueue.clear();
-
- return;
- } else {
- securityEventQueue.push(securityEvent);
- }
- }
-
- /**
- * the final Policy validation to find a satisfied alternative
- *
- * @throws PolicyViolationException if no alternative could be satisfied
- */
- public void doFinal() throws WSSPolicyException {
- verifyPolicy();
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
deleted file mode 100644
index 5eea7df..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
+++ /dev/null
@@ -1,302 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyBuilder;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.wss.ext.WSSConstants;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import javax.wsdl.*;
-import javax.wsdl.extensions.ExtensibilityElement;
-import javax.wsdl.extensions.UnknownExtensibilityElement;
-import javax.wsdl.extensions.soap.SOAPOperation;
-import javax.wsdl.extensions.soap12.SOAP12Operation;
-import javax.wsdl.factory.WSDLFactory;
-import javax.wsdl.xml.WSDLReader;
-import javax.xml.namespace.QName;
-import java.net.URL;
-import java.util.*;
-
-/**
- * PolicyEnforcerFactory builds a map of all the possible effective Policies
- * and caches them for reuse
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyEnforcerFactory {
-
- protected static final transient Log log = LogFactory.getLog(PolicyEnforcerFactory.class);
-
- private Definition wsdlDefinition;
- private List<OperationPolicy> operationPolicies;
- private final Map<Element, Policy> elementPolicyCache;
-
- private PolicyEnforcerFactory() {
- elementPolicyCache = new HashMap<Element, Policy>();
- }
-
- public static PolicyEnforcerFactory newInstance(URL wsdlUrl) throws WSSPolicyException {
- PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory();
- policyEnforcerFactory.parseWsdl(wsdlUrl);
- return policyEnforcerFactory;
- }
-
- public static PolicyEnforcerFactory newInstance(Document document) throws WSSPolicyException {
- PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory();
- policyEnforcerFactory.parseWsdl(document);
- return policyEnforcerFactory;
- }
-
- //todo enforce uniqueness of operation names to prevent SOAPAction spoofing.
- private void parseWsdl(URL wsdlUrl) throws WSSPolicyException {
- try {
- WSDLFactory wsdlFactory = WSDLFactory.newInstance();
- WSDLReader reader = wsdlFactory.newWSDLReader();
- reader.setFeature("javax.wsdl.verbose", false);
- wsdlDefinition = reader.readWSDL(wsdlUrl.toString());
- operationPolicies = findPoliciesByOperation(wsdlDefinition);
- } catch (WSDLException e) {
- throw new WSSPolicyException(e.getMessage(), e);
- }
- }
-
- //todo enforce uniqueness of operation names to prevent SOAPAction spoofing.
- private void parseWsdl(Document document) throws WSSPolicyException {
- try {
- WSDLFactory wsdlFactory = WSDLFactory.newInstance();
- WSDLReader reader = wsdlFactory.newWSDLReader();
- reader.setFeature("javax.wsdl.verbose", false);
- wsdlDefinition = reader.readWSDL(document.getDocumentURI(), document);
- operationPolicies = findPoliciesByOperation(wsdlDefinition);
- } catch (WSDLException e) {
- throw new WSSPolicyException(e.getMessage(), e);
- }
- }
-
- private List<OperationPolicy> findPoliciesByOperation(Definition wsdlDefinition) throws WSSPolicyException {
-
- List<OperationPolicy> operationPolicyList = new ArrayList<OperationPolicy>();
- @SuppressWarnings("unchecked")
- Iterator<Map.Entry> services = wsdlDefinition.getAllServices().entrySet().iterator();
- while (services.hasNext()) {
- @SuppressWarnings("unchecked")
- Map.Entry<QName, Service> serviceEntry = services.next();
- Service service = serviceEntry.getValue();
- @SuppressWarnings("unchecked")
- Iterator<Map.Entry> ports = service.getPorts().entrySet().iterator();
- while (ports.hasNext()) {
- @SuppressWarnings("unchecked")
- Map.Entry<QName, Port> portEntry = ports.next();
- Port port = portEntry.getValue();
- Binding binding = port.getBinding();
-
- @SuppressWarnings("unchecked")
- List<BindingOperation> bindingOperations = binding.getBindingOperations();
- for (int i = 0; i < bindingOperations.size(); i++) {
- BindingOperation bindingOperation = bindingOperations.get(i);
-
- Operation operation = bindingOperation.getOperation();
-
- OperationPolicy operationPolicy = new OperationPolicy(operation.getName());
- operationPolicyList.add(operationPolicy);
-
- @SuppressWarnings("unchecked")
- List<ExtensibilityElement> extensibilityElements = bindingOperation.getExtensibilityElements();
- for (int j = 0; j < extensibilityElements.size(); j++) {
- ExtensibilityElement extensibilityElement = extensibilityElements.get(j);
- if (extensibilityElement instanceof SOAPOperation) {
- SOAPOperation soapOperation = (SOAPOperation) extensibilityElement;
- String soapActionUri = soapOperation.getSoapActionURI();
- operationPolicy.setOperationAction(soapActionUri);
- operationPolicy.setSoapMessageVersionNamespace(WSSConstants.NS_SOAP11);
- } else if (extensibilityElement instanceof SOAP12Operation) {
- SOAP12Operation soap12Operation = (SOAP12Operation) extensibilityElement;
- String soapActionUri = soap12Operation.getSoapActionURI();
- operationPolicy.setOperationAction(soapActionUri);
- operationPolicy.setSoapMessageVersionNamespace(WSSConstants.NS_SOAP12);
- }
- }
-
- Policy policy = getPolicy(service, port, binding, bindingOperation, operation);
- operationPolicy.setPolicy(policy.normalize(true));
- }
- }
- }
- return operationPolicyList;
- }
-
- private Policy getPolicy(Service service, Port port, Binding binding, BindingOperation bindingOperation, Operation operation) throws WSSPolicyException {
- List<Policy> policies = new ArrayList<Policy>();
-
- Policy servicePolicy = findPolicies(service);
- if (servicePolicy != null) {
- policies.add(servicePolicy);
- }
- Policy portPolicy = findPolicies(port);
- if (portPolicy != null) {
- policies.add(portPolicy);
- }
- Policy bindingPolicy = findPolicies(binding);
- if (bindingPolicy != null) {
- policies.add(bindingPolicy);
- }
-
- Policy bindingOperationPolicy = findPolicies(bindingOperation);
- if (bindingOperationPolicy != null) {
- policies.add(bindingOperationPolicy);
- }
-
- Policy bindingOperationInputPolicy = findPolicies(bindingOperation.getBindingInput());
- if (bindingOperationInputPolicy != null) {
- policies.add(bindingOperationInputPolicy);
- }
-
- Policy portTypePolicy = findPortTypePolicy(binding, operation);
- if (portTypePolicy != null) {
- policies.add(portTypePolicy);
- }
-
- if (policies.size() == 0) {
- return new Policy();
- }
-
- Policy mergedPolicy = policies.get(0);
- for (int i = 1; i < policies.size(); i++) {
- Policy policy = policies.get(i);
- mergedPolicy = mergedPolicy.merge(policy);
- }
- return mergedPolicy;
- }
-
- private Policy findPortTypePolicy(Binding binding, Operation operation) throws WSSPolicyException {
-
- List<Policy> policies = new ArrayList<Policy>();
-
- PortType portType = binding.getPortType();
- Policy portTypePolicy = findPolicies(portType);
- if (portTypePolicy != null) {
- policies.add(portTypePolicy);
- }
-
- @SuppressWarnings("unchecked")
- List<Operation> operations = portType.getOperations();
- for (int i = 0; i < operations.size(); i++) {
- Operation portTypeOperation = operations.get(i);
- if (portTypeOperation.getName().equals(operation.getName())) {
- Policy operationPolicy = findPolicies(portTypeOperation);
- if (operationPolicy != null) {
- policies.add(operationPolicy);
- }
-
- Policy inputPolicy = findPolicies(portTypeOperation.getInput());
- if (inputPolicy != null) {
- policies.add(inputPolicy);
- }
-
- Policy messagePolicy = findPolicies(portTypeOperation.getInput().getMessage());
- if (messagePolicy != null) {
- policies.add(messagePolicy);
- }
- }
- }
-
- if (policies.size() == 0) {
- return new Policy();
- }
-
- Policy mergedPolicy = policies.get(0);
- for (int i = 1; i < policies.size(); i++) {
- Policy policy = policies.get(i);
- mergedPolicy = mergedPolicy.merge(policy);
- }
- return mergedPolicy;
- }
-
- private Policy findPolicies(WSDLElement wsdlElement) throws WSSPolicyException {
- if (wsdlElement == null) {
- return new Policy();
- }
-
- List<Policy> policies = new ArrayList<Policy>();
-
- @SuppressWarnings("unchecked")
- List<ExtensibilityElement> extensibilityElements = wsdlElement.getExtensibilityElements();
- for (int i = 0; i < extensibilityElements.size(); i++) {
- ExtensibilityElement extensibilityElement = extensibilityElements.get(i);
- if (extensibilityElement instanceof UnknownExtensibilityElement) {
- UnknownExtensibilityElement unknownExtensibilityElement = (UnknownExtensibilityElement) extensibilityElement;
- if (unknownExtensibilityElement.getElementType().getLocalPart().equals("PolicyReference")) {
- String uri = unknownExtensibilityElement.getElement().getAttribute("URI").substring(1);
- NodeList policyNodeList = unknownExtensibilityElement.getElement().getOwnerDocument().getElementsByTagNameNS("*", "Policy");
-
- boolean found = false;
- for (int j = 0; j < policyNodeList.getLength(); j++) {
- Element element = (Element) policyNodeList.item(j);
- String refUri = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
- if (refUri != null && refUri.equals(uri)) {
- found = true;
- Policy policy = parsePolicy(element);
- policies.add(policy);
- break;
- }
- }
- if (!found) {
- throw new WSSPolicyException("Referenced Policy not found " + uri);
- }
- } else if (unknownExtensibilityElement.getElementType().getLocalPart().equals("Policy")) {
- Element element = unknownExtensibilityElement.getElement();
- Policy policy = parsePolicy(element);
- policies.add(policy);
- }
- }
- }
-
- if (policies.size() == 0) {
- return new Policy();
- }
-
- Policy mergedPolicy = policies.get(0);
- for (int i = 1; i < policies.size(); i++) {
- Policy policy = policies.get(i);
- mergedPolicy = mergedPolicy.merge(policy);
- }
- return mergedPolicy;
- }
-
- private Policy parsePolicy(Element element) throws WSSPolicyException {
- if (elementPolicyCache.containsKey(element)) {
- return elementPolicyCache.get(element);
- }
- PolicyBuilder policyBuilder = new PolicyBuilder();
- Policy policy = policyBuilder.getPolicy(element);
- elementPolicyCache.put(element, policy);
- return policy;
- }
-
- public PolicyEnforcer newPolicyEnforcer(String soapAction) throws WSSPolicyException {
- return new PolicyEnforcer(this.operationPolicies, soapAction);
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
deleted file mode 100644
index a2d4d0e..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.processor.input.SecurityHeaderInputProcessor;
-import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
-import org.swssf.wss.securityEvent.RequiredElementSecurityEvent;
-import org.swssf.wss.securityEvent.RequiredPartSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
-import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamConstants;
-import javax.xml.stream.XMLStreamException;
-import java.util.List;
-
-/**
- * Processor to generate SecurityEvents regarding not secured elements
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyInputProcessor extends AbstractInputProcessor {
-
- private final PolicyEnforcer policyEnforcer;
-
- public PolicyInputProcessor(PolicyEnforcer policyEnforcer, XMLSecurityProperties securityProperties) {
- super(securityProperties);
- this.setPhase(WSSConstants.Phase.POSTPROCESSING);
- this.addBeforeProcessor(SecurityHeaderInputProcessor.class.getName());
- this.policyEnforcer = policyEnforcer;
- }
-
- @Override
- public XMLSecEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
- XMLSecEvent xmlSecEvent = inputProcessorChain.processHeaderEvent();
- //test if non encrypted element have to be encrypted per policy
- boolean transportSecurityActive = Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
- //if transport security is active, every element is encrypted/signed
- //WSP1.3, 4.2.1 EncryptedParts Assertion
- List<QName> elementPath = null;
- if (!transportSecurityActive) {
- elementPath = xmlSecEvent.getElementPath();
- if (!inputProcessorChain.getDocumentContext().isInEncryptedContent()
- && WSSUtils.isInSecurityHeader(xmlSecEvent, elementPath,
- ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
- testEncryptionPolicy(xmlSecEvent, elementPath);
- }
- }
- if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
- XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
- if (elementPath == null) {
- elementPath = xmlSecStartElement.getElementPath();
- }
- final int documentLevel = elementPath.size();
- if (documentLevel == 3 && WSSUtils.isInSOAPHeader(elementPath)) {
-
- RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
- requiredPartSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- requiredElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- } else if (documentLevel > 3) {
- //test for required elements
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- requiredElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- }
- }
- return xmlSecEvent;
- }
-
- @Override
- public XMLSecEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
- XMLSecEvent xmlSecEvent = inputProcessorChain.processEvent();
-
- List<QName> elementPath = null;
- switch (xmlSecEvent.getEventType()) {
- case XMLStreamConstants.START_ELEMENT:
- XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
- int documentLevel = xmlSecStartElement.getDocumentLevel();
- //test for required elements
- if (documentLevel > 3) {
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- elementPath = xmlSecStartElement.getElementPath();
- requiredElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- }
- break;
- case XMLStreamConstants.END_ELEMENT:
- XMLSecEndElement xmlSecEndElement = xmlSecEvent.asEndElement();
- //ns mismatch should be detected by the xml parser so a local-name equality check should be enough
- if (xmlSecEndElement.getDocumentLevel() == 1
- && xmlSecEvent.asEndElement().getName().getLocalPart().equals(WSSConstants.TAG_soap_Envelope_LocalName)) {
- try {
- policyEnforcer.doFinal();
- } catch (WSSPolicyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
- }
- break;
- }
-
- boolean transportSecurityActive = Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
- //if transport security is active, every element is encrypted/signed
- //WSP1.3, 4.2.1 EncryptedParts Assertion
- //test if non encrypted element have to be encrypted per policy
- if (!transportSecurityActive) {
- final DocumentContext documentContext = inputProcessorChain.getDocumentContext();
- final boolean inEncryptedContent = documentContext.isInEncryptedContent();
- final boolean inSignedContent = documentContext.isInSignedContent();
- if (!inEncryptedContent || !inSignedContent) {
- if (elementPath == null) {
- elementPath = xmlSecEvent.getElementPath();
- }
- if (!inEncryptedContent
- && !WSSUtils.isInSecurityHeader(xmlSecEvent, elementPath,
- ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
- testEncryptionPolicy(xmlSecEvent, elementPath);
- }
-
- //WSP1.3, 4.1.1 SignedParts Assertion
- //test if non signed element have to be signed per policy
- if (!inSignedContent) {
- testSignaturePolicy(xmlSecEvent, elementPath);
- }
- }
- }
- return xmlSecEvent;
- }
-
- private void testSignaturePolicy(XMLSecEvent xmlSecEvent, List<QName> elementPath) throws WSSecurityException {
- if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
- final int documentLevel = elementPath.size();
- if (documentLevel == 3 && WSSUtils.isInSOAPHeader(elementPath)) {
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
- signedPartSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- } else if (documentLevel == 2 && WSSUtils.isInSOAPBody(elementPath)) {
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
- signedPartSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- } else if (documentLevel > 3) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, false, null);
- signedElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
- }
-
- private void testEncryptionPolicy(XMLSecEvent xmlSecEvent, List<QName> elementPath) throws WSSecurityException {
- //the following events are only interesting for policy verification. So call directly the policyEnforcer for these
- switch (xmlSecEvent.getEventType()) {
- case XMLStreamConstants.START_ELEMENT:
- final int documentLevel = elementPath.size();
- if (documentLevel == 3 && WSSUtils.isInSOAPHeader(elementPath)) {
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent
- = new EncryptedPartSecurityEvent(null, false, null);
- encryptedPartSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- } else if (documentLevel == 3 && WSSUtils.isInSOAPBody(elementPath)) {
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent
- = new EncryptedPartSecurityEvent(null, false, null);
- encryptedPartSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- } else if (documentLevel > 3) {
-
- EncryptedElementSecurityEvent encryptedElementSecurityEvent
- = new EncryptedElementSecurityEvent(null, false, null);
- encryptedElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- //... or it could be a contentEncryption too...
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent
- = new ContentEncryptedElementSecurityEvent(null, false, null);
- contentEncryptedElementSecurityEvent.setElementPath(xmlSecEvent.getParentXMLSecStartElement().getElementPath());
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- }
- break;
- case XMLStreamConstants.CHARACTERS:
- case XMLStreamConstants.ENTITY_REFERENCE:
- case XMLStreamConstants.PROCESSING_INSTRUCTION:
- //can only be a content encryption
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent
- = new ContentEncryptedElementSecurityEvent(null, false, null);
- contentEncryptedElementSecurityEvent.setElementPath(xmlSecEvent.getElementPath());
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- break;
- }
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java
deleted file mode 100644
index 8fee7c2..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.ws.secpolicy.model.XPath;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyUtils {
-
- public static List<QName> getElementPath(XPath xPath) {
- List<QName> elements = new LinkedList<QName>();
- String[] xPathElements = xPath.getXPath().split("/");
- for (int j = 0; j < xPathElements.length; j++) {
- String xPathElement = xPathElements[j];
- if (StringUtils.isEmpty(xPathElement)) {
- continue;
- }
- String[] elementParts = xPathElement.split(":");
- if (elementParts.length == 2) {
- String ns = xPath.getPrefixNamespaceMap().get(elementParts[0]);
- if (ns == null) {
- throw new IllegalArgumentException("Namespace not declared");
- }
- elements.add(new QName(ns, elementParts[1]));
- } else {
- elements.add(new QName(elementParts[0]));
- }
- }
- return elements;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java b/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
deleted file mode 100644
index 4fc6fab..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-
-/**
- * Exception for PolicyViolation
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class PolicyViolationException extends WSSPolicyException {
-
- public PolicyViolationException(String message) {
- super(message);
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
deleted file mode 100644
index ecbd173..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-
-/**
- * WSP1.3, 6.1 Algorithm Suite Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class AlgorithmSuiteAssertionState extends AssertionState implements Assertable {
-
- public AlgorithmSuiteAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- SecurityEventConstants.AlgorithmSuite
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
- AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
-
- XMLSecurityConstants.KeyUsage keyUsage = algorithmSuiteSecurityEvent.getKeyUsage();
- if (WSSConstants.Sym_Sig.equals(keyUsage)) {
- if (algorithmSuite.getSymmetricSignature() != null
- && !algorithmSuite.getSymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Symmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
- }
- } else if (WSSConstants.Asym_Sig.equals(keyUsage)) {
- if (algorithmSuite.getAsymmetricSignature() != null
- && !algorithmSuite.getAsymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Asymmetric algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Asymmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
- }
- } else if (WSSConstants.Dig.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getDigest().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Digest algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Enc.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getEncryption().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Symmetric encryption algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
- }
- } else if (WSSConstants.Sym_Key_Wrap.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getSymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Symmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Symmetric key wrap algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
- }
- } else if (WSSConstants.Asym_Key_Wrap.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Asymmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
- setAsserted(false);
- setErrorMessage("Asymmetric key wrap algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
- }
- } else if (WSSConstants.Comp_Key.equals(keyUsage)) {
- if (algorithmSuite.getComputedKey() != null
- && !algorithmSuite.getComputedKey().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Computed key algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Enc_KD.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getEncryptionKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Encryption key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Sig_KD.equals(keyUsage)) {
- if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getSignatureKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Signature key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.C14n.equals(keyUsage)) {
- if (algorithmSuite.getC14n() != null
- && !algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Soap_Norm.equals(keyUsage)) {
- if (algorithmSuite.getSoapNormType() != null
- && !algorithmSuite.getSoapNormType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Soap normalization algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.STR_Trans.equals(keyUsage)) {
- if (algorithmSuite.getStrType() != null
- && !algorithmSuite.getStrType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("STR transformation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.XPath.equals(keyUsage)) {
- if (algorithmSuite.getXPathType() != null
- && !algorithmSuite.getXPathType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("XPath algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- }
- return isAsserted();
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementsAssertionState.java
deleted file mode 100644
index 4d3f0f9..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementsAssertionState.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.ContentEncryptedElements;
-import org.apache.ws.secpolicy.model.XPath;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.policy.PolicyUtils;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * WSP1.3, 4.2.3 ContentEncryptedElements Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class ContentEncryptedElementsAssertionState extends AssertionState implements Assertable {
-
- private final List<List<QName>> pathElements = new ArrayList<List<QName>>();
-
- public ContentEncryptedElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
-
- ContentEncryptedElements contentEncryptedElements = (ContentEncryptedElements) assertion;
- for (int i = 0; i < contentEncryptedElements.getXPaths().size(); i++) {
- XPath xPath = contentEncryptedElements.getXPaths().get(i);
- List<QName> elements = PolicyUtils.getElementPath(xPath);
- pathElements.add(elements);
- }
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.ContentEncrypted
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
-
- Iterator<List<QName>> pathElementIterator = pathElements.iterator();
- while (pathElementIterator.hasNext()) {
- List<QName> pathElements = pathElementIterator.next();
- if (WSSUtils.pathMatches(pathElements, contentEncryptedElementSecurityEvent.getElementPath(), true, false)) {
- if (contentEncryptedElementSecurityEvent.isEncrypted()) {
- setAsserted(true);
- return true;
- } else {
- //an element must be encrypted but isn't
- setAsserted(false);
- setErrorMessage("Content of element " + WSSUtils.pathAsString(contentEncryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
- return false;
- }
- }
- }
- //if we return false here other encrypted elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java
deleted file mode 100644
index f56354d..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.EncryptedElements;
-import org.apache.ws.secpolicy.model.XPath;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.policy.PolicyUtils;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * WSP1.3, 4.2.2 EncryptedElements Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class EncryptedElementsAssertionState extends AssertionState implements Assertable {
-
- private final List<List<QName>> pathElements = new ArrayList<List<QName>>();
-
- public EncryptedElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
-
- EncryptedElements encryptedElements = (EncryptedElements) assertion;
- for (int i = 0; i < encryptedElements.getXPaths().size(); i++) {
- XPath xPath = encryptedElements.getXPaths().get(i);
- List<QName> elements = PolicyUtils.getElementPath(xPath);
- pathElements.add(elements);
- }
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.EncryptedElement
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
-
- Iterator<List<QName>> pathElementIterator = pathElements.iterator();
- while (pathElementIterator.hasNext()) {
- List<QName> pathElements = pathElementIterator.next();
- if (WSSUtils.pathMatches(pathElements, encryptedElementSecurityEvent.getElementPath(), true, false)) {
- if (encryptedElementSecurityEvent.isEncrypted()) {
- setAsserted(true);
- return true;
- } else {
- //an element must be encrypted but isn't
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
- return false;
- }
- }
- }
- //if we return false here other encrypted elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java
deleted file mode 100644
index 5ae9227..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.EncryptedParts;
-import org.apache.ws.secpolicy.model.Header;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * WSP1.3, 4.2.1 EncryptedParts Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class EncryptedPartsAssertionState extends AssertionState implements Assertable {
-
- public EncryptedPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.EncryptedPart
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
-
- //todo attachments
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
- EncryptedParts encryptedParts = (EncryptedParts) getAssertion();
-
- if (encryptedParts.isBody()
- && (WSSUtils.pathMatches(WSSConstants.SOAP_11_BODY_PATH, encryptedPartSecurityEvent.getElementPath(), true, false))) {
- if (encryptedPartSecurityEvent.isEncrypted()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedPartSecurityEvent.getElementPath()) + " must be encrypted");
- return false;
- }
- }
- //body processed above. so this must be a header element
- for (int i = 0; i < encryptedParts.getHeaders().size(); i++) {
- Header header = encryptedParts.getHeaders().get(i);
- QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
-
- List<QName> header11Path = new LinkedList<QName>();
- header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- header11Path.add(headerQName);
-
- if (WSSUtils.pathMatches(header11Path, encryptedPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
- if (encryptedPartSecurityEvent.isEncrypted()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedPartSecurityEvent.getElementPath()) + " must be encrypted");
- return false;
- }
- }
- }
-
- //if we return false here other encrypted elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
deleted file mode 100644
index fdf91e7..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.HttpsToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.10 HttpsToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class HttpsTokenAssertionState extends TokenAssertionState {
-
- public HttpsTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.HttpsToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof HttpsTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a HttpsTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
- HttpsToken httpsToken = (HttpsToken) abstractToken;
-
- if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- if (httpsToken.getAuthenticationType() != null) {
- switch (httpsToken.getAuthenticationType()) {
- case HttpBasicAuthentication:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
- setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
- return false;
- }
- break;
- case HttpDigestAuthentication:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
- setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
- return false;
- }
- break;
- case RequireClientCertificate:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
- setErrorMessage("Policy enforces HttClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
- return false;
- }
- break;
- }
- }
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
deleted file mode 100644
index 498ac3a..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.model.AbstractBinding;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 6.2 Timestamp Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class IncludeTimeStampAssertionState extends AssertionState implements Assertable {
-
- public IncludeTimeStampAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.Timestamp
- };
- }
-
- public boolean assertEvent(SecurityEvent securityEvent) {
- // TimestampSecurityEvent timestampSecurityEvent = (TimestampSecurityEvent) securityEvent;
- boolean isIncludeTimestamp = ((AbstractBinding) getAssertion()).isIncludeTimestamp();
-
- if (isIncludeTimestamp) {
- setAsserted(true);
- } else {
- setAsserted(false);
- setErrorMessage("Timestamp must not be present");
- }
- return isAsserted();
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
deleted file mode 100644
index 878922c..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.IssuedTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.2 IssuedToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class IssuedTokenAssertionState extends TokenAssertionState {
-
- public IssuedTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SecurityContextToken,
- WSSecurityEventConstants.SamlToken,
- WSSecurityEventConstants.RelToken,
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof IssuedTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a IssuedTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- IssuedToken issuedToken = (IssuedToken) abstractToken;
- IssuedTokenSecurityEvent issuedTokenSecurityEvent = (IssuedTokenSecurityEvent) tokenSecurityEvent;
- if (issuedToken.getIssuerName() != null) {
- if (!issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- }
- //todo internal/external reference?
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
deleted file mode 100644
index 95ce9c4..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.KerberosToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.KerberosTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.4 KerberosToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class KerberosTokenAssertionState extends TokenAssertionState {
-
- public KerberosTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.KerberosToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof KerberosTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a KerberosTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- KerberosToken kerberosToken = (KerberosToken) abstractToken;
- KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) tokenSecurityEvent;
- if (kerberosToken.getIssuerName() != null) {
- if (!kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + kerberosTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- }
- if (kerberosToken.getApReqTokenType() != null) {
- switch (kerberosToken.getApReqTokenType()) {
- case WssKerberosV5ApReqToken11:
- if (!kerberosTokenSecurityEvent.isKerberosV5ApReqToken11()) {
- setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
- return false;
- }
- break;
- case WssGssKerberosV5ApReqToken11:
- if (!kerberosTokenSecurityEvent.isGssKerberosV5ApReqToken11()) {
- setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
- return false;
- }
- break;
- }
- }
- //todo
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
deleted file mode 100644
index d571962..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.KeyValueToken;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.11 KeyValueToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class KeyValueTokenAssertionState extends TokenAssertionState {
-
- public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.KeyValueToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof KeyValueTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a KeyValueTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- KeyValueTokenSecurityEvent keyValueTokenSecurityEvent = (KeyValueTokenSecurityEvent) tokenSecurityEvent;
- KeyValueToken keyValueToken = (KeyValueToken) abstractToken;
- if (keyValueToken.isRsaKeyValue() && keyValueTokenSecurityEvent.getKeyValueTokenType() != KeyValueTokenSecurityEvent.KeyValueTokenType.RSA) {
- setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a " + keyValueTokenSecurityEvent.getKeyValueTokenType() + "KeyValue");
- return false;
- }
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java
deleted file mode 100644
index 574ffef..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.Layout;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class LayoutAssertionState extends AssertionState implements Assertable {
-
- private List<SecurityEventConstants.Event> occuredEvents = new ArrayList<SecurityEventConstants.Event>();
-
- public LayoutAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.UsernameToken,
- WSSecurityEventConstants.IssuedToken,
- SecurityEventConstants.X509Token,
- WSSecurityEventConstants.KerberosToken,
- WSSecurityEventConstants.SpnegoContextToken,
- WSSecurityEventConstants.SecurityContextToken,
- WSSecurityEventConstants.SecureConversationToken,
- WSSecurityEventConstants.SamlToken,
- WSSecurityEventConstants.RelToken,
- WSSecurityEventConstants.HttpsToken,
- SecurityEventConstants.KeyValueToken,
- WSSecurityEventConstants.Timestamp,
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- Layout layout = (Layout) getAssertion();
- switch (layout.getLayoutType()) {
- case Strict:
- //todo
- break;
- case Lax:
- //todo?
- break;
- case LaxTsFirst:
- if (occuredEvents.isEmpty() && securityEvent.getSecurityEventType() != WSSecurityEventConstants.Timestamp) {
- setAsserted(false);
- setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " + securityEvent.getSecurityEventType() + " occured first");
- }
- break;
- case LaxTsLast:
- if (occuredEvents.contains(WSSecurityEventConstants.Timestamp)) {
- setAsserted(false);
- setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " + securityEvent.getSecurityEventType() + " occured last");
- }
- break;
- }
- occuredEvents.add(securityEvent.getSecurityEventType());
- return isAsserted();
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
deleted file mode 100644
index cbafc93..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 6.6 Entire Header and Body Signatures Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class OnlySignEntireHeadersAndBodyAssertionState extends AssertionState implements Assertable {
-
- public OnlySignEntireHeadersAndBodyAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SignedPart
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
- AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding = (AbstractSymmetricAsymmetricBinding) getAssertion();
- if (abstractSymmetricAsymmetricBinding.isOnlySignEntireHeadersAndBody()
- && WSSUtils.pathMatches(signedPartSecurityEvent.getElementPath(), WSSConstants.SOAP_11_BODY_PATH, true, false)) {
- if (signedPartSecurityEvent.isSigned()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- }
- //body processed above. so this must be a header element
- if (abstractSymmetricAsymmetricBinding.isOnlySignEntireHeadersAndBody()) {
- if (signedPartSecurityEvent.isSigned()
- //todo revisit: the equality check for wsse_Security probably opens the door
- //for a rewriting attack! If the Security Header is not signed then all child
- //elements must be signed!
- // @see http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html#_Toc212617840
- || WSSUtils.pathMatches(signedPartSecurityEvent.getElementPath(), WSSConstants.WSSE_SECURITY_HEADER_PATH, true, false)) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- }
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
deleted file mode 100644
index faaed41..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-
-import javax.xml.namespace.QName;
-import java.util.List;
-
-/**
- * WSP1.3, 6.3 Protection Order Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class ProtectionOrderAssertionState extends AssertionState implements Assertable {
-
- public ProtectionOrderAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- SecurityEventConstants.SignedElement,
- WSSecurityEventConstants.SignedPart,
- WSSecurityEventConstants.EncryptedElement,
- WSSecurityEventConstants.EncryptedPart,
- WSSecurityEventConstants.ContentEncrypted,
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
- SecurityEventConstants.Event event = securityEvent.getSecurityEventType();
- if (event == WSSecurityEventConstants.SignedElement) {
- SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
- if (!signedElementSecurityEvent.isSigned()) {
- return true;
- }
- List<XMLSecurityConstants.ContentType> contentTypes = signedElementSecurityEvent.getProtectionOrder();
- testProtectionOrder(protectionOrder, contentTypes, signedElementSecurityEvent.getElementPath());
- } else if (event == WSSecurityEventConstants.SignedPart) {
- SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
- if (!signedPartSecurityEvent.isSigned()) {
- return true;
- }
- List<XMLSecurityConstants.ContentType> contentTypes = signedPartSecurityEvent.getProtectionOrder();
- testProtectionOrder(protectionOrder, contentTypes, signedPartSecurityEvent.getElementPath());
- } else if (event == WSSecurityEventConstants.EncryptedElement) {
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
- if (!encryptedElementSecurityEvent.isEncrypted()) {
- return true;
- }
- List<XMLSecurityConstants.ContentType> contentTypes = encryptedElementSecurityEvent.getProtectionOrder();
- testProtectionOrder(protectionOrder, contentTypes, encryptedElementSecurityEvent.getElementPath());
- } else if (event == WSSecurityEventConstants.EncryptedPart) {
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
- if (!encryptedPartSecurityEvent.isEncrypted()) {
- return true;
- }
- List<XMLSecurityConstants.ContentType> contentTypes = encryptedPartSecurityEvent.getProtectionOrder();
- testProtectionOrder(protectionOrder, contentTypes, encryptedPartSecurityEvent.getElementPath());
- } else if (event == WSSecurityEventConstants.ContentEncrypted) {
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
- if (!contentEncryptedElementSecurityEvent.isEncrypted()) {
- return true;
- }
- List<XMLSecurityConstants.ContentType> contentTypes = contentEncryptedElementSecurityEvent.getProtectionOrder();
- testProtectionOrder(protectionOrder, contentTypes, contentEncryptedElementSecurityEvent.getElementPath());
- }
- return isAsserted();
- }
-
- private void testProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder, List<XMLSecurityConstants.ContentType> contentTypes, List<QName> elementPath) {
- switch (protectionOrder) {
- case SignBeforeEncrypting: {
- int lastSignature = contentTypes.lastIndexOf(XMLSecurityConstants.ContentType.SIGNATURE);
- int firstEncryption = contentTypes.indexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
- if (firstEncryption >= 0 && firstEncryption < lastSignature) {
- setAsserted(false);
- setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath) + " was encrypted and then signed");
- }
- break;
- }
- case EncryptBeforeSigning: {
- int lastEncytpion = contentTypes.lastIndexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
- int firstSignature = contentTypes.indexOf(XMLSecurityConstants.ContentType.SIGNATURE);
- if (firstSignature >= 0 && firstSignature < lastEncytpion) {
- setAsserted(false);
- setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath) + " was signed and then encrypted");
- }
- break;
- }
- }
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
deleted file mode 100644
index 2635388..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.RelToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.RelTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.9 RelToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class RelTokenAssertionState extends TokenAssertionState {
-
- public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.RelToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof RelTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a RelTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- RelTokenSecurityEvent relTokenSecurityEvent = (RelTokenSecurityEvent) tokenSecurityEvent;
- RelToken relToken = (RelToken) abstractToken;
-
- if (relToken.getIssuerName() != null && !relToken.getIssuerName().equals(relTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + relToken.getIssuerName() + ") didn't match with the one in the RelToken (" + relTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
-
- //todo RequireKeyIdentifierReference
- //todo WssRelV*
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java
deleted file mode 100644
index f8c41dc..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.RequiredElements;
-import org.apache.ws.secpolicy.model.XPath;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.policy.PolicyUtils;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.RequiredElementSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-/**
- * WSP1.3, 4.3.1 RequiredElements Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class RequiredElementsAssertionState extends AssertionState implements Assertable {
-
- private final Map<List<QName>, Boolean> pathElements = new HashMap<List<QName>, Boolean>();
-
- public RequiredElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
-
- if (assertion instanceof RequiredElements) {
- RequiredElements requiredElements = (RequiredElements) assertion;
- for (int i = 0; i < requiredElements.getXPaths().size(); i++) {
- XPath xPath = requiredElements.getXPaths().get(i);
- List<QName> elements = PolicyUtils.getElementPath(xPath);
- pathElements.put(elements, Boolean.FALSE);
- }
- }
- }
-
- public void addElement(List<QName> pathElement) {
- this.pathElements.put(pathElement, Boolean.FALSE);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.RequiredElement
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- RequiredElementSecurityEvent requiredElementSecurityEvent = (RequiredElementSecurityEvent) securityEvent;
-
- Iterator<Map.Entry<List<QName>, Boolean>> elementMapIterator = pathElements.entrySet().iterator();
- while (elementMapIterator.hasNext()) {
- Map.Entry<List<QName>, Boolean> next = elementMapIterator.next();
- List<QName> qNameList = next.getKey();
- if (WSSUtils.pathMatches(qNameList, requiredElementSecurityEvent.getElementPath(), true, false)) {
- next.setValue(Boolean.TRUE);
- break;
- }
- }
- //if we return false here other required elements will trigger a PolicyViolationException
- return true;
- }
-
- @Override
- public boolean isAsserted() {
- Iterator<Map.Entry<List<QName>, Boolean>> elementMapIterator = pathElements.entrySet().iterator();
- while (elementMapIterator.hasNext()) {
- Map.Entry<List<QName>, Boolean> next = elementMapIterator.next();
- if (Boolean.FALSE.equals(next.getValue())) {
- setErrorMessage("Element " + WSSUtils.pathAsString(next.getKey()) + " must be present");
- return false;
- }
- }
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java
deleted file mode 100644
index 217cf20..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.Header;
-import org.apache.ws.secpolicy.model.RequiredParts;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.RequiredPartSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.*;
-
-/**
- * WSP1.3, 4.3.2 RequiredParts Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class RequiredPartsAssertionState extends AssertionState implements Assertable {
-
- private final Map<Header, Boolean> headers = new HashMap<Header, Boolean>();
-
- public RequiredPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
-
- RequiredParts requiredParts = (RequiredParts) assertion;
- for (int i = 0; i < requiredParts.getHeaders().size(); i++) {
- Header header = requiredParts.getHeaders().get(i);
- headers.put(header, Boolean.FALSE);
- }
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.RequiredPart
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- RequiredPartSecurityEvent requiredPartSecurityEvent = (RequiredPartSecurityEvent) securityEvent;
-
- Iterator<Map.Entry<Header, Boolean>> elementMapIterator = headers.entrySet().iterator();
- while (elementMapIterator.hasNext()) {
- Map.Entry<Header, Boolean> next = elementMapIterator.next();
- Header header = next.getKey();
- QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
-
- List<QName> header11Path = new LinkedList<QName>();
- header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- header11Path.add(headerQName);
-
- if (WSSUtils.pathMatches(header11Path, requiredPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
- next.setValue(Boolean.TRUE);
- break;
- }
- }
- //if we return false here other required elements will trigger a PolicyViolationException
- return true;
- }
-
- @Override
- public boolean isAsserted() {
- Iterator<Map.Entry<Header, Boolean>> elementMapIterator = headers.entrySet().iterator();
- while (elementMapIterator.hasNext()) {
- Map.Entry<Header, Boolean> next = elementMapIterator.next();
- if (Boolean.FALSE.equals(next.getValue())) {
- setErrorMessage("Element " + next.getKey().toString() + " must be present");
- return false;
- }
- }
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
deleted file mode 100644
index 7e057ee..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.SamlToken;
-import org.opensaml.common.SAMLVersion;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.SamlTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-
-/**
- * WSP1.3, 5.4.8 SamlToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class SamlTokenAssertionState extends TokenAssertionState {
-
- public SamlTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SamlToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException {
- if (!(tokenSecurityEvent instanceof SamlTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a SamlTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
- SamlTokenSecurityEvent samlTokenSecurityEvent = (SamlTokenSecurityEvent) tokenSecurityEvent;
- SamlToken samlToken = (SamlToken) abstractToken;
-
- if (samlToken.getIssuerName() != null && !samlToken.getIssuerName().equals(samlTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + samlToken.getIssuerName() + ") didn't match with the one in the SamlToken (" + samlTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- if (samlToken.isRequireKeyIdentifierReference() && ((AbstractSecurityToken) samlTokenSecurityEvent.getSecurityToken()).getKeyIdentifierType() != WSSConstants.WSSKeyIdentifierType.X509_KEY_IDENTIFIER) {
- setErrorMessage("Policy enforces KeyIdentifierReference but we got " + samlTokenSecurityEvent.getSecurityToken().getTokenType());
- return false;
- }
- if (samlToken.getSamlTokenType() != null) {
- switch (samlToken.getSamlTokenType()) {
- case WssSamlV11Token10:
- if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_10) {
- setErrorMessage("Policy enforces SamlVersion11Profile10 but we got " + samlTokenSecurityEvent.getSamlVersion());
- return false;
- }
- break;
- case WssSamlV11Token11:
- if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_11) {
- setErrorMessage("Policy enforces SamlVersion11Profile11 but we got " + samlTokenSecurityEvent.getSamlVersion());
- return false;
- }
- break;
- case WssSamlV20Token11:
- if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_20) {
- setErrorMessage("Policy enforces SamlVersion20Profile11 but we got " + samlTokenSecurityEvent.getSamlVersion());
- return false;
- }
- break;
- case WssSamlV10Token10:
- case WssSamlV10Token11:
- setErrorMessage("Unsupported token type: " + samlToken.getSamlTokenType());
- return false;
- }
- }
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
deleted file mode 100644
index f2504e1..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.SecureConversationTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.7 SecureConversationToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class SecureConversationTokenAssertionState extends TokenAssertionState {
-
- public SecureConversationTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SecureConversationToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof SecureConversationTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a SecureConversationSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
- SecureConversationTokenSecurityEvent secureConversationSecurityEvent = (SecureConversationTokenSecurityEvent) tokenSecurityEvent;
- SecureConversationToken secureConversationToken = (SecureConversationToken) abstractToken;
-
- if (secureConversationToken.getIssuerName() != null && !secureConversationToken.getIssuerName().equals(secureConversationSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + secureConversationToken.getIssuerName() + ") didn't match with the one in the SecureConversationToken (" + secureConversationSecurityEvent.getIssuerName() + ")");
- return false;
- }
- if (secureConversationToken.isRequireExternalUriReference() && !secureConversationSecurityEvent.isExternalUriRef()) {
- setErrorMessage("Policy enforces externalUriRef but we didn't got one");
- return false;
- }
- //todo sp:SC13SecurityContextToken:
- //todo MustNotSendCancel etc...
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
deleted file mode 100644
index 8a55e7e..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.SecurityContextToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.SecurityContextTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.6 SecurityContextToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class SecurityContextTokenAssertionState extends TokenAssertionState {
-
- public SecurityContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SecurityContextToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof SecurityContextTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a SecurityContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
- SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
- SecurityContextToken securityContextToken = (SecurityContextToken) abstractToken;
-
- if (securityContextToken.getIssuerName() != null && !securityContextToken.getIssuerName().equals(securityContextTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + securityContextToken.getIssuerName() + ") didn't match with the one in the SecurityContextToken (" + securityContextTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- if (securityContextToken.isRequireExternalUriReference() && !securityContextTokenSecurityEvent.isExternalUriRef()) {
- setErrorMessage("Policy enforces externalUriRef but we didn't got one");
- return false;
- }
- //todo sp:SC13SecurityContextToken:
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
deleted file mode 100644
index ea9d05e..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * WSP1.3, 6.4 Signature Protection Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SignatureProtectionAssertionState extends AssertionState implements Assertable {
-
- private final List<List<QName>> elementPaths = new ArrayList<List<QName>>();
-
- public SignatureProtectionAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- List<QName> signature11Path = new LinkedList<QName>();
- signature11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- signature11Path.add(WSSConstants.TAG_wsse_Security);
- signature11Path.add(WSSConstants.TAG_dsig_Signature);
- elementPaths.add(signature11Path);
-
- List<QName> signatureConfirmation11Path = new LinkedList<QName>();
- signatureConfirmation11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- signatureConfirmation11Path.add(WSSConstants.TAG_wsse_Security);
- signatureConfirmation11Path.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- elementPaths.add(signatureConfirmation11Path);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.EncryptedElement
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
- AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding = (AbstractSymmetricAsymmetricBinding) getAssertion();
- //todo better matching until we have a streaming xpath evaluation engine (work in progress)
-
- Iterator<List<QName>> pathElementsIterator = elementPaths.iterator();
- while (pathElementsIterator.hasNext()) {
- List<QName> qNameList = pathElementsIterator.next();
- if (WSSUtils.pathMatches(qNameList, encryptedElementSecurityEvent.getElementPath(), true, false)) {
- if (encryptedElementSecurityEvent.isEncrypted()) {
- if (abstractSymmetricAsymmetricBinding.isEncryptSignature()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must not be encrypted");
- return false;
- }
- } else {
- if (abstractSymmetricAsymmetricBinding.isEncryptSignature()) {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
- return false;
- } else {
- setAsserted(true);
- return true;
- }
- }
- }
- }
- //if we return false here other encrypted elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java
deleted file mode 100644
index 23ae5a1..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.SignedElements;
-import org.apache.ws.secpolicy.model.XPath;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.swssf.policy.Assertable;
-import org.swssf.policy.PolicyUtils;
-import org.swssf.wss.ext.WSSUtils;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * WSP1.3, 4.1.2 SignedElements Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SignedElementsAssertionState extends AssertionState implements Assertable {
-
- private final List<List<QName>> pathElements = new ArrayList<List<QName>>();
-
- public SignedElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
-
- if (assertion instanceof SignedElements) {
- SignedElements signedElements = (SignedElements) assertion;
- for (int i = 0; i < signedElements.getXPaths().size(); i++) {
- XPath xPath = signedElements.getXPaths().get(i);
- List<QName> elements = PolicyUtils.getElementPath(xPath);
- pathElements.add(elements);
- }
- }
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- SecurityEventConstants.SignedElement
- };
- }
-
- public void addElement(List<QName> pathElement) {
- this.pathElements.add(pathElement);
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
-
- Iterator<List<QName>> pathElementIterator = pathElements.iterator();
- while (pathElementIterator.hasNext()) {
- List<QName> pathElements = pathElementIterator.next();
- if (WSSUtils.pathMatches(pathElements, signedElementSecurityEvent.getElementPath(), true, false)) {
- if (signedElementSecurityEvent.isSigned()) {
- setAsserted(true);
- return true;
- } else {
- //an element must be signed but isn't
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedElementSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- }
- }
- //if we return false here other signed elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java
deleted file mode 100644
index ebd7075..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.Header;
-import org.apache.ws.secpolicy.model.SignedParts;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * WSP1.3, 4.1.1 SignedParts Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SignedPartsAssertionState extends AssertionState implements Assertable {
-
- public SignedPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SignedPart
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
-
- //todo attachments
-
- SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
- SignedParts signedParts = (SignedParts) getAssertion();
-
- if (signedParts.isBody()
- && (WSSUtils.pathMatches(WSSConstants.SOAP_11_BODY_PATH, signedPartSecurityEvent.getElementPath(), true, false))) {
- if (signedPartSecurityEvent.isSigned()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- }
- //body processed above. so this must be a header element
- if (signedParts.isSignAllHeaders()) {
- if (signedPartSecurityEvent.isSigned()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- } else {
- for (int i = 0; i < signedParts.getHeaders().size(); i++) {
- Header header = signedParts.getHeaders().get(i);
- QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
-
- List<QName> header11Path = new LinkedList<QName>();
- header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- header11Path.add(headerQName);
-
- if (WSSUtils.pathMatches(header11Path, signedPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
- if (signedPartSecurityEvent.isSigned()) {
- setAsserted(true);
- return true;
- } else {
- setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
- return false;
- }
- }
- }
- }
-
- //if we return false here other signed elements will trigger a PolicyViolationException
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
deleted file mode 100644
index a246f7a..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.SpnegoContextToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.swssf.wss.securityEvent.SpnegoContextTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-
-/**
- * WSP1.3, 5.4.5 SpnegoContextToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class SpnegoContextTokenAssertionState extends TokenAssertionState {
-
- public SpnegoContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.SpnegoContextToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
- if (!(tokenSecurityEvent instanceof SpnegoContextTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a SpnegoContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- SpnegoContextToken spnegoContextToken = (SpnegoContextToken) abstractToken;
- SpnegoContextTokenSecurityEvent spnegoContextTokenSecurityEvent = (SpnegoContextTokenSecurityEvent) tokenSecurityEvent;
- if (spnegoContextToken.getIssuerName() != null) {
- if (!spnegoContextToken.getIssuerName().equals(spnegoContextTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + spnegoContextToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + spnegoContextTokenSecurityEvent.getIssuerName() + ")");
- return false;
- }
- }
- //todo MustNotSend*
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
deleted file mode 100644
index 64984fa..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
+++ /dev/null
@@ -1,186 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.*;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * WSP1.3, 5 Token Assertions
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public abstract class TokenAssertionState extends AssertionState implements Assertable {
-
- //todo WSP1.3, 5.2.1 Token Issuer: <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>
- //todo? WSP1.3 5.2.3 Required Claims
- //todo derived keys?
-
- public TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
-
- if (isAsserted()) {
- //just return true when this token assertion is already fulfilled.
- return true;
- }
-
- TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
- AbstractToken abstractToken = (AbstractToken) getAssertion();
- final AbstractSecurityAssertion parentAssertion = abstractToken.getParentAssertion();
-
- int ignoreToken = 0;
- final List<SecurityToken.TokenUsage> tokenUsages = tokenSecurityEvent.getSecurityToken().getTokenUsages();
- Iterator<SecurityToken.TokenUsage> tokenUsageIterator = tokenUsages.iterator();
- while (tokenUsageIterator.hasNext()) {
- SecurityToken.TokenUsage tokenUsage = tokenUsageIterator.next();
- switch (tokenUsage) {
- case MainSignature:
- if (!(parentAssertion instanceof InitiatorToken)
- && !(parentAssertion instanceof InitiatorSignatureToken)
- && !(parentAssertion instanceof SignatureToken)
- && !(parentAssertion instanceof ProtectionToken)
- && !(parentAssertion instanceof TransportToken)) {
- ignoreToken++;
- break;
- }
- break;
- case Signature:
- throw new WSSPolicyException("Illegal token usage!");
- case MainEncryption:
- if (!(parentAssertion instanceof RecipientToken)
- && !(parentAssertion instanceof RecipientEncryptionToken)
- && !(parentAssertion instanceof EncryptionToken)
- && !(parentAssertion instanceof ProtectionToken)
- && !(parentAssertion instanceof TransportToken)) {
- ignoreToken++;
- break;
- }
- break;
- case Encryption:
- throw new WSSPolicyException("Illegal token usage!");
- case SupportingTokens:
- case SignedSupportingTokens:
- case EndorsingSupportingTokens:
- case SignedEndorsingSupportingTokens:
- case SignedEncryptedSupportingTokens:
- case EncryptedSupportingTokens:
- case EndorsingEncryptedSupportingTokens:
- case SignedEndorsingEncryptedSupportingTokens:
- if (!(parentAssertion instanceof SupportingTokens)) {
- ignoreToken++;
- break;
- }
-
- SupportingTokens supportingTokens = (SupportingTokens) parentAssertion;
- SecurityToken.TokenUsage expectedTokenUsage = SecurityToken.TokenUsage.valueOf(supportingTokens.getName().getLocalPart());
- if (expectedTokenUsage != tokenUsage) {
- ignoreToken++;
- break;
- }
- break;
- }
- }
- if (ignoreToken >= tokenUsages.size()) {
- //token is not for us, so return true to prevent false alarm
- return true;
- }
-
- boolean asserted = true;
-
- //WSP1.3, 5.1 Token Inclusion
- //todo do we need a global token cache to fullfill ".../IncludeToken/Once" ?
- SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
- if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- setErrorMessage("Token must not be included");
- asserted = false;
- }
-
- //WSP1.3, 5.3 Token Properties
- boolean hasDerivedKeys = false;
- hasDerivedKeys = hasDerivedKeys(tokenSecurityEvent.getSecurityToken());
- if (abstractToken.getDerivedKeys() != null) {
- AbstractToken.DerivedKeys derivedKeys = abstractToken.getDerivedKeys();
- switch (derivedKeys) {
- case RequireDerivedKeys:
- case RequireExplicitDerivedKeys:
- case RequireImpliedDerivedKeys:
- if (!hasDerivedKeys) {
- setErrorMessage("Derived key must be used");
- asserted = false;
- }
- }
- } else {
- if (hasDerivedKeys) {
- setErrorMessage("Derived key must not be used");
- asserted = false;
- }
- }
-
- asserted &= assertToken(tokenSecurityEvent, abstractToken);
- if (asserted) {
- setAsserted(true);
- }
- if (!asserted && (tokenUsages.contains(SecurityToken.TokenUsage.MainSignature)
- || tokenUsages.contains(SecurityToken.TokenUsage.MainEncryption))) {
- //return false if not asserted for the main signature and encryption tokens
- return false;
- } else {
- //always return true for supporting tokens.
- return true;
- }
- }
-
- public abstract boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException;
-
- protected boolean hasDerivedKeys(SecurityToken securityToken) throws XMLSecurityException {
- if (securityToken == null) {
- return false;
- } else if (securityToken.getTokenType() == WSSConstants.DerivedKeyToken) {
- return true;
- }
-
- if (securityToken.getWrappedTokens().size() == 0) {
- return false;
- }
-
- //all wrapped tokens must be derived!:
- boolean hasDerivedKeys = true;
- for (int i = 0; i < securityToken.getWrappedTokens().size(); i++) {
- SecurityToken wrappedSecurityToken = securityToken.getWrappedTokens().get(i);
- hasDerivedKeys &= hasDerivedKeys(wrappedSecurityToken);
- }
- return hasDerivedKeys;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenProtectionAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenProtectionAssertionState.java
deleted file mode 100644
index 77b348a..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenProtectionAssertionState.java
+++ /dev/null
@@ -1,260 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.neethi.Assertion;
-import org.apache.ws.secpolicy.AssertionState;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
-import org.swssf.policy.Assertable;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-
-import javax.xml.namespace.QName;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * WSP1.3, 6.5 Token Protection Property
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class TokenProtectionAssertionState extends AssertionState implements Assertable {
-
- private final List<SignedElementSecurityEvent> signedElementEvents = new LinkedList<SignedElementSecurityEvent>();
- private final List<TokenSecurityEvent> tokenSecurityEvents = new LinkedList<TokenSecurityEvent>();
-
- public TokenProtectionAssertionState(Assertion assertion, boolean initialAssertionState) {
- super(assertion, initialAssertionState);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- SecurityEventConstants.SignedElement,
- WSSecurityEventConstants.EncryptedKeyToken,
- WSSecurityEventConstants.IssuedToken,
- WSSecurityEventConstants.KerberosToken,
- SecurityEventConstants.KeyValueToken,
- WSSecurityEventConstants.RelToken,
- WSSecurityEventConstants.SamlToken,
- WSSecurityEventConstants.SecureConversationToken,
- WSSecurityEventConstants.SecurityContextToken,
- WSSecurityEventConstants.SpnegoContextToken,
- WSSecurityEventConstants.UsernameToken,
- SecurityEventConstants.X509Token,
- WSSecurityEventConstants.Operation,
- };
- }
-
- @Override
- public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
-
- AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding = (AbstractSymmetricAsymmetricBinding) getAssertion();
- boolean protectTokens = abstractSymmetricAsymmetricBinding.isProtectTokens();
-
- if (securityEvent instanceof SignedElementSecurityEvent) {
- SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
- if (signedElementSecurityEvent.isSigned()) {
- signedElementEvents.add(signedElementSecurityEvent);
- }
- } else if (securityEvent instanceof TokenSecurityEvent) {
- TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
- tokenSecurityEvents.add(tokenSecurityEvent);
- } else { //Operation
- Iterator<TokenSecurityEvent> tokenSecurityEventIterator = tokenSecurityEvents.iterator();
- while (tokenSecurityEventIterator.hasNext()) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEventIterator.next();
-
- SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
- while (securityToken.getKeyWrappingToken() != null) {
- securityToken = securityToken.getKeyWrappingToken();
- }
-
- if (isSignatureToken(securityToken)) {
- //[WSP1.3_8.9]
- boolean signsItsSignatureToken = signsItsSignatureToken(securityToken);
- if (protectTokens && !signsItsSignatureToken) {
- setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(securityToken.getElementPath()) + " must be signed by its signature.");
- return false;
- } else if (!protectTokens && signsItsSignatureToken) {
- setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(securityToken.getElementPath()) + " must not be signed by its signature.");
- return false;
- }
- }
-
- if (isEndorsingToken(securityToken)) {
- //[WSP1.3_8.9b]
- if (!signsMainSignature(securityToken)) {
- setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(securityToken.getElementPath()) + " must sign the main signature.");
- return false;
- }
- }
-
- if (isMainSignatureToken(securityToken)) {
- //[WSP1.3_8.9c] [WSP1.3_8.9d]
- if (!signsSignedSupportingTokens(securityToken)) {
- setAsserted(false);
- setErrorMessage("Main signature must sign the Signed*Supporting-Tokens.");
- return false;
- }
- }
- }
- }
- return true;
- }
-
- private boolean isSignatureToken(SecurityToken securityToken) {
- List<SecurityToken.TokenUsage> tokenUsages = securityToken.getTokenUsages();
- for (int i = 0; i < tokenUsages.size(); i++) {
- SecurityToken.TokenUsage tokenUsage = tokenUsages.get(i);
- if (tokenUsage == SecurityToken.TokenUsage.Signature
- || tokenUsage == SecurityToken.TokenUsage.MainSignature
- || tokenUsage.name().contains("Endorsing")) {
- return true;
- }
- }
- return false;
- }
-
- private boolean isEndorsingToken(SecurityToken securityToken) {
- List<SecurityToken.TokenUsage> tokenUsages = securityToken.getTokenUsages();
- for (int i = 0; i < tokenUsages.size(); i++) {
- SecurityToken.TokenUsage tokenUsage = tokenUsages.get(i);
- if (tokenUsage.name().contains("Endorsing")) {
- return true;
- }
- }
- return false;
- }
-
- private boolean isSignedSupportingToken(SecurityToken securityToken) {
- List<SecurityToken.TokenUsage> tokenUsages = securityToken.getTokenUsages();
- for (int i = 0; i < tokenUsages.size(); i++) {
- SecurityToken.TokenUsage tokenUsage = tokenUsages.get(i);
- if (tokenUsage.name().contains("Signed")) {
- return true;
- }
- }
- return false;
- }
-
- private boolean isMainSignatureToken(SecurityToken securityToken) {
- List<SecurityToken.TokenUsage> tokenUsages = securityToken.getTokenUsages();
- return tokenUsages.contains(SecurityToken.TokenUsage.MainSignature);
- }
-
- private boolean signsMainSignature(SecurityToken securityToken) throws XMLSecurityException {
-
- List<QName> signaturePath = new LinkedList<QName>();
- signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- signaturePath.add(WSSConstants.TAG_dsig_Signature);
-
- Iterator<SignedElementSecurityEvent> securityEventIterator = signedElementEvents.iterator();
- while (securityEventIterator.hasNext()) {
- SignedElementSecurityEvent signedElementSecurityEvent = securityEventIterator.next();
- if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), signaturePath, true, false)) {
- SecurityToken signingSecurityToken = signedElementSecurityEvent.getSecurityToken();
- while (signingSecurityToken != null && signingSecurityToken.getKeyWrappingToken() != null) {
- signingSecurityToken = signingSecurityToken.getKeyWrappingToken();
- }
- //todo ATM me just check if the token signs a signature but we don't know if it's the main signature
- if (signingSecurityToken == securityToken) {
- return true;
- }
- }
- }
- return false;
- }
-
- private boolean signsItsSignatureToken(SecurityToken securityToken) throws XMLSecurityException {
- Iterator<SignedElementSecurityEvent> securityEventIterator = signedElementEvents.iterator();
- while (securityEventIterator.hasNext()) {
- SignedElementSecurityEvent signedElementSecurityEvent = securityEventIterator.next();
- if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), securityToken.getElementPath(), false, false)) {
-
- SecurityToken signingSecurityToken = signedElementSecurityEvent.getSecurityToken();
- while (signingSecurityToken != null && signingSecurityToken.getKeyWrappingToken() != null) {
- signingSecurityToken = signingSecurityToken.getKeyWrappingToken();
- }
-
- if (signingSecurityToken == securityToken) {
- return true;
- }
- }
- }
- return false;
- }
-
- private boolean signsSignedSupportingTokens(SecurityToken securityToken) throws XMLSecurityException {
-
- List<SecurityToken> signedSupportingTokens = new LinkedList<SecurityToken>();
- List<SignedElementSecurityEvent> signedElements = new LinkedList<SignedElementSecurityEvent>();
- Iterator<TokenSecurityEvent> tokenSecurityEventIterator = tokenSecurityEvents.iterator();
- while (tokenSecurityEventIterator.hasNext()) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEventIterator.next();
- SecurityToken supportingToken = tokenSecurityEvent.getSecurityToken();
- if (isSignedSupportingToken(supportingToken)) {
- if (signedSupportingTokens.contains(supportingToken)) {
- continue;
- }
- signedSupportingTokens.add(supportingToken);
- List<QName> elementPath = supportingToken.getElementPath();
-
- boolean found = false;
- Iterator<SignedElementSecurityEvent> signedElementSecurityEventIterator = signedElementEvents.iterator();
- while (signedElementSecurityEventIterator.hasNext()) {
- SignedElementSecurityEvent signedElementSecurityEvent = signedElementSecurityEventIterator.next();
- if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), elementPath, false, false)) {
- SecurityToken elementSignatureToken = signedElementSecurityEvent.getSecurityToken();
- while (elementSignatureToken != null && elementSignatureToken.getKeyWrappingToken() != null) {
- elementSignatureToken = elementSignatureToken.getKeyWrappingToken();
- }
- if (signedElementSecurityEvent.getSecurityToken() == securityToken) {
- if (!signedElements.contains(signedElementSecurityEvent)) {
- signedElements.add(signedElementSecurityEvent);
- }
- found = true;
- }
- }
- }
- if (!found) {
- return false;
- }
- }
- }
- if (signedSupportingTokens.size() > signedElements.size()) {
- return false;
- }
-
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
deleted file mode 100644
index c66157f..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.UsernameToken;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.impl.securityToken.UsernameSecurityToken;
-import org.swssf.wss.securityEvent.UsernameTokenSecurityEvent;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-
-/**
- * WSP1.3, 5.4.1 UsernameToken Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class UsernameTokenAssertionState extends TokenAssertionState {
-
- public UsernameTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- WSSecurityEventConstants.UsernameToken
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException {
- if (!(tokenSecurityEvent instanceof UsernameTokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a UsernameSecurityTokenEvent but got " + tokenSecurityEvent.getClass().getName());
- }
- UsernameSecurityToken usernameSecurityToken = (UsernameSecurityToken) tokenSecurityEvent.getSecurityToken();
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = (UsernameTokenSecurityEvent) tokenSecurityEvent;
- UsernameToken usernameToken = (UsernameToken) abstractToken;
-
- if (usernameToken.getPasswordType() != null) {
- switch (usernameToken.getPasswordType()) {
- case NoPassword:
- if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
- setErrorMessage("UsernameToken contains a password but the policy prohibits it");
- return false;
- }
- break;
- case HashPassword:
- if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
- setErrorMessage("UsernameToken does not contain a hashed password");
- return false;
- }
- break;
- }
- }
- if (usernameToken.isCreated() && (usernameSecurityToken.getCreated() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)) {
- setErrorMessage("UsernameToken does not contain a created timestamp or password is not plain text");
- return false;
- }
- if (usernameToken.isNonce() && (usernameSecurityToken.getNonce() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)) {
- setErrorMessage("UsernameToken does not contain a nonce or password is not plain text");
- return false;
- }
- if (usernameToken.getUsernameTokenType() != null) {
- switch (usernameToken.getUsernameTokenType()) {
- case WssUsernameToken10:
- if (usernameTokenSecurityEvent.getUsernameTokenProfile().equals(WSSConstants.NS_USERNAMETOKEN_PROFILE11)) {
- setErrorMessage("Policy enforces UsernameToken profile 1.0 but we got 1.1");
- return false;
- }
- break;
- case WssUsernameToken11:
- if (!usernameTokenSecurityEvent.getUsernameTokenProfile().equals(WSSConstants.NS_USERNAMETOKEN_PROFILE11)) {
- setErrorMessage("Policy enforces UsernameToken profile 1.1 but we got 1.0");
- return false;
- }
- break;
- }
- }
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java b/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
deleted file mode 100644
index 1c63271..0000000
--- a/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.assertionStates;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
-import org.apache.ws.secpolicy.model.AbstractToken;
-import org.apache.ws.secpolicy.model.X509Token;
-import org.swssf.wss.ext.WSSConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-
-import java.security.cert.X509Certificate;
-
-/**
- * WSP1.3, 5.4.3 X509Token Assertion
- *
- * @author $Author$
- * @version $Revision$ $Date$
- */
-
-public class X509TokenAssertionState extends TokenAssertionState {
-
- public X509TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
- super(assertion, asserted);
- }
-
- @Override
- public SecurityEventConstants.Event[] getSecurityEventType() {
- return new SecurityEventConstants.Event[]{
- SecurityEventConstants.X509Token
- };
- }
-
- @Override
- public boolean assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException {
- if (!(tokenSecurityEvent instanceof X509TokenSecurityEvent)) {
- throw new WSSPolicyException("Expected a X509TokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
- }
-
- X509Token x509Token = (X509Token) abstractToken;
-
- AbstractSecurityToken securityToken = (AbstractSecurityToken) tokenSecurityEvent.getSecurityToken();
- XMLSecurityConstants.TokenType tokenType = securityToken.getTokenType();
- if (!(WSSConstants.X509V3Token.equals(tokenType)
- || WSSConstants.X509V1Token.equals(tokenType)
- || WSSConstants.X509Pkcs7Token.equals(tokenType)
- || WSSConstants.X509PkiPathV1Token.equals(tokenType))) {
- throw new WSSPolicyException("Invalid Token for this assertion");
- }
-
- try {
- X509Certificate x509Certificate = securityToken.getX509Certificates()[0];
- if (x509Token.getIssuerName() != null) {
- final String certificateIssuerName = x509Certificate.getIssuerX500Principal().getName();
- if (!x509Token.getIssuerName().equals(certificateIssuerName)) {
- setErrorMessage("IssuerName in Policy (" + x509Token.getIssuerName() + ") didn't match with the one in the certificate (" + certificateIssuerName + ")");
- return false;
- }
- }
- if (x509Token.isRequireKeyIdentifierReference() && securityToken.getKeyIdentifierType() != WSSConstants.WSSKeyIdentifierType.X509_KEY_IDENTIFIER) {
- setErrorMessage("Policy enforces KeyIdentifierReference but we got " + securityToken.getKeyIdentifierType());
- return false;
- } else if (x509Token.isRequireIssuerSerialReference() && securityToken.getKeyIdentifierType() != WSSConstants.WSSKeyIdentifierType.ISSUER_SERIAL) {
- setErrorMessage("Policy enforces IssuerSerialReference but we got " + securityToken.getKeyIdentifierType());
- return false;
- } else if (x509Token.isRequireEmbeddedTokenReference() && securityToken.getKeyIdentifierType() != WSSConstants.WSSKeyIdentifierType.SECURITY_TOKEN_DIRECT_REFERENCE) {
- setErrorMessage("Policy enforces EmbeddedTokenReference but we got " + securityToken.getKeyIdentifierType());
- return false;
- } else if (x509Token.isRequireThumbprintReference() && securityToken.getKeyIdentifierType() != WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- setErrorMessage("Policy enforces ThumbprintReference but we got " + securityToken.getKeyIdentifierType());
- return false;
- }
- if (x509Certificate.getVersion() == 2) {
- setErrorMessage("X509Certificate Version " + x509Certificate.getVersion() + " not supported");
- return false;
- }
- if (x509Token.getTokenType() != null) {
- switch (x509Token.getTokenType()) {
- case WssX509V3Token10:
- case WssX509V3Token11:
- if (WSSConstants.X509V3Token != securityToken.getTokenType() || x509Certificate.getVersion() != 3) {
- setErrorMessage("X509Certificate Version " + x509Certificate.getVersion() + " mismatch; Policy enforces " + x509Token.getTokenType());
- return false;
- }
- break;
- case WssX509V1Token11:
- if (WSSConstants.X509V1Token != securityToken.getTokenType() || x509Certificate.getVersion() != 1) {
- setErrorMessage("X509Certificate Version " + x509Certificate.getVersion() + " mismatch; Policy enforces " + x509Token.getTokenType());
- return false;
- }
- break;
- case WssX509PkiPathV1Token10:
- case WssX509PkiPathV1Token11:
- if (securityToken.getTokenType() != WSSConstants.X509PkiPathV1Token) {
- setErrorMessage("Policy enforces " + x509Token.getTokenType() + " but we got " + securityToken.getTokenType());
- return false;
- }
- break;
- case WssX509Pkcs7Token10:
- case WssX509Pkcs7Token11:
- setErrorMessage("Unsupported token type: " + securityToken.getTokenType());
- return false;
- }
- }
- } catch (XMLSecurityException e) {
- setErrorMessage(e.getMessage());
- return false;
- }
- //always return true to prevent false alarm in case additional tokens with the same usage
- //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
- return true;
- }
-}
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-addr200408.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-addr200408.xsd
deleted file mode 100644
index 8a668e2..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-addr200408.xsd
+++ /dev/null
@@ -1,149 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Copyright © 2002-2004 BEA Systems Inc., International Business Machines Corporation,
-Microsoft Corporation, Inc, SAP AG, and Sun Microsystems, Inc.. All rights reserved.
-
-Permission to copy, display, perform, modify and distribute the WS-Addressing Specification,
-and to authorize others to do the foregoing, in any medium without fee or royalty is hereby
-granted for the purpose of developing and evaluating the WS-Addressing Specification.
-
-BEA, IBM, Microsoft, SAP AG, and Sun Microsystems (collectively, the "Authors") each agree
-to grant a license to third parties, under royalty-free and otherwise reasonable,
-non-discriminatory terms and conditions, to their respective essential patent claims that
-they deem necessary to implement the WS-Addressing Specification.
-
-DISCLAIMERS:
-
-THE WS-Addressing Specification IS PROVIDED "AS IS", AND THE AUTHORS MAKE NO REPRESENTATIONS
-OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE
-CONTENTS OF THE WS-Addressing Specification IS SUITABLE FOR ANY PURPOSE; NOR THAT THE
-IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
-TRADEMARKS OR OTHER RIGHTS.
-
-THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
-DAMAGES ARISING OUT OF ANY USE OF THE WS-Addressing Specification OR THE PERFORMANCE OR
-IMPLEMENTATION OF THE CONTENTS THEREOF.
-
-You may remove these disclaimers from your modified versions of the WS-Addressing
-Specification provided that you effectively disclaim all warranties and liabilities on behalf
-of all copyright holders in the copies of any such modified versions you distribute.
-
-The name and trademarks of the Authors may NOT be used in any manner, including advertising
-or publicity pertaining to the WS-Addressing Specification or its contents without specific,
-written prior permission. Title to copyright in the WS-Addressing Specification will at all
-times remain with the Authors.
-
-No other rights are granted by implication, estoppel or otherwise.
-
--->
-<xs:schema targetNamespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" elementFormDefault="qualified" blockDefault="#all">
- <!-- //////////////////// WS-Addressing //////////////////// -->
- <!-- Endpoint reference -->
- <xs:element name="EndpointReference" type="wsa:EndpointReferenceType"/>
- <xs:complexType name="EndpointReferenceType">
- <xs:sequence>
- <xs:element name="Address" type="wsa:AttributedURI"/>
- <xs:element name="ReferenceProperties" type="wsa:ReferencePropertiesType" minOccurs="0"/>
- <xs:element name="ReferenceParameters" type="wsa:ReferenceParametersType" minOccurs="0"/>
- <xs:element name="PortType" type="wsa:AttributedQName" minOccurs="0"/>
- <xs:element name="ServiceName" type="wsa:ServiceNameType" minOccurs="0"/>
- <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
- <xs:annotation>
- <xs:documentation>
- If "Policy" elements from namespace "http://schemas.xmlsoap.org/ws/2002/12/policy#policy" are used, they must appear first (before any extensibility elements).
- </xs:documentation>
- </xs:annotation>
- </xs:any>
- </xs:sequence>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:complexType>
- <xs:complexType name="ReferencePropertiesType">
- <xs:sequence>
- <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- <xs:complexType name="ReferenceParametersType">
- <xs:sequence>
- <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- <xs:complexType name="ServiceNameType">
- <xs:simpleContent>
- <xs:extension base="xs:QName">
- <xs:attribute name="PortName" type="xs:NCName"/>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <!-- Message information header blocks -->
- <xs:element name="MessageID" type="wsa:AttributedURI"/>
- <xs:element name="RelatesTo" type="wsa:Relationship"/>
- <xs:element name="To" type="wsa:AttributedURI"/>
- <xs:element name="Action" type="wsa:AttributedURI"/>
- <xs:element name="From" type="wsa:EndpointReferenceType"/>
- <xs:element name="ReplyTo" type="wsa:EndpointReferenceType"/>
- <xs:element name="FaultTo" type="wsa:EndpointReferenceType"/>
- <xs:complexType name="Relationship">
- <xs:simpleContent>
- <xs:extension base="xs:anyURI">
- <xs:attribute name="RelationshipType" type="xs:QName" use="optional"/>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:simpleType name="RelationshipTypeValues">
- <xs:restriction base="xs:QName">
- <xs:enumeration value="wsa:Reply"/>
- </xs:restriction>
- </xs:simpleType>
- <!--
- June 19, 2007: The ReplyAfter element is deprecated. The name of this element does not match the
- name (RetryAfter) used in the specification (http://www.w3.org/Submission/2004/SUBM-ws-addressing-20040810/).
- -->
- <xs:element name="ReplyAfter" type="wsa:ReplyAfterType"/>
- <xs:complexType name="ReplyAfterType">
- <xs:simpleContent>
- <xs:extension base="xs:nonNegativeInteger">
- <xs:anyAttribute namespace="##other"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <!--
- June 19, 2007: The RetryAfter element has been added to be consistent with the specification
- (http://www.w3.org/Submission/2004/SUBM-ws-addressing-20040810/).
- -->
- <xs:element name="RetryAfter" type="wsa:RetryAfterType"/>
- <xs:complexType name="RetryAfterType">
- <xs:simpleContent>
- <xs:extension base="xs:nonNegativeInteger">
- <xs:anyAttribute namespace="##other"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:simpleType name="FaultSubcodeValues">
- <xs:restriction base="xs:QName">
- <xs:enumeration value="wsa:InvalidMessageInformationHeader"/>
- <xs:enumeration value="wsa:MessageInformationHeaderRequired"/>
- <xs:enumeration value="wsa:DestinationUnreachable"/>
- <xs:enumeration value="wsa:ActionNotSupported"/>
- <xs:enumeration value="wsa:EndpointUnavailable"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:attribute name="Action" type="xs:anyURI"/>
- <!-- Common declarations and definitions -->
- <xs:complexType name="AttributedQName">
- <xs:simpleContent>
- <xs:extension base="xs:QName">
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:complexType name="AttributedURI">
- <xs:simpleContent>
- <xs:extension base="xs:anyURI">
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-</xs:schema>
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-addr200508.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-addr200508.xsd
deleted file mode 100644
index 47362ed..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-addr200508.xsd
+++ /dev/null
@@ -1,137 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- W3C XML Schema defined in the Web Services Addressing 1.0 specification
- http://www.w3.org/TR/ws-addr-core
-
- Copyright © 2005 World Wide Web Consortium,
-
- (Massachusetts Institute of Technology, European Research Consortium for
- Informatics and Mathematics, Keio University). All Rights Reserved. This
- work is distributed under the W3C® Software License [1] in the hope that
- it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
- [1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
-
- $Id: ws-addr.xsd,v 1.2 2008/07/23 13:38:16 plehegar Exp $
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://www.w3.org/2005/08/addressing" targetNamespace="http://www.w3.org/2005/08/addressing" blockDefault="#all" elementFormDefault="qualified" finalDefault="" attributeFormDefault="unqualified">
-
- <!-- Constructs from the WS-Addressing Core -->
-
- <xs:element name="EndpointReference" type="tns:EndpointReferenceType"/>
- <xs:complexType name="EndpointReferenceType" mixed="false">
- <xs:sequence>
- <xs:element name="Address" type="tns:AttributedURIType"/>
- <xs:element ref="tns:ReferenceParameters" minOccurs="0"/>
- <xs:element ref="tns:Metadata" minOccurs="0"/>
- <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:complexType>
-
- <xs:element name="ReferenceParameters" type="tns:ReferenceParametersType"/>
- <xs:complexType name="ReferenceParametersType" mixed="false">
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:complexType>
-
- <xs:element name="Metadata" type="tns:MetadataType"/>
- <xs:complexType name="MetadataType" mixed="false">
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:complexType>
-
- <xs:element name="MessageID" type="tns:AttributedURIType"/>
- <xs:element name="RelatesTo" type="tns:RelatesToType"/>
- <xs:complexType name="RelatesToType" mixed="false">
- <xs:simpleContent>
- <xs:extension base="xs:anyURI">
- <xs:attribute name="RelationshipType" type="tns:RelationshipTypeOpenEnum" use="optional" default="http://www.w3.org/2005/08/addressing/reply"/>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:simpleType name="RelationshipTypeOpenEnum">
- <xs:union memberTypes="tns:RelationshipType xs:anyURI"/>
- </xs:simpleType>
-
- <xs:simpleType name="RelationshipType">
- <xs:restriction base="xs:anyURI">
- <xs:enumeration value="http://www.w3.org/2005/08/addressing/reply"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="ReplyTo" type="tns:EndpointReferenceType"/>
- <xs:element name="From" type="tns:EndpointReferenceType"/>
- <xs:element name="FaultTo" type="tns:EndpointReferenceType"/>
- <xs:element name="To" type="tns:AttributedURIType"/>
- <xs:element name="Action" type="tns:AttributedURIType"/>
-
- <xs:complexType name="AttributedURIType" mixed="false">
- <xs:simpleContent>
- <xs:extension base="xs:anyURI">
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <!-- Constructs from the WS-Addressing SOAP binding -->
-
- <xs:attribute name="IsReferenceParameter" type="xs:boolean"/>
-
- <xs:simpleType name="FaultCodesOpenEnumType">
- <xs:union memberTypes="tns:FaultCodesType xs:QName"/>
- </xs:simpleType>
-
- <xs:simpleType name="FaultCodesType">
- <xs:restriction base="xs:QName">
- <xs:enumeration value="tns:InvalidAddressingHeader"/>
- <xs:enumeration value="tns:InvalidAddress"/>
- <xs:enumeration value="tns:InvalidEPR"/>
- <xs:enumeration value="tns:InvalidCardinality"/>
- <xs:enumeration value="tns:MissingAddressInEPR"/>
- <xs:enumeration value="tns:DuplicateMessageID"/>
- <xs:enumeration value="tns:ActionMismatch"/>
- <xs:enumeration value="tns:MessageAddressingHeaderRequired"/>
- <xs:enumeration value="tns:DestinationUnreachable"/>
- <xs:enumeration value="tns:ActionNotSupported"/>
- <xs:enumeration value="tns:EndpointUnavailable"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="RetryAfter" type="tns:AttributedUnsignedLongType"/>
- <xs:complexType name="AttributedUnsignedLongType" mixed="false">
- <xs:simpleContent>
- <xs:extension base="xs:unsignedLong">
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:element name="ProblemHeaderQName" type="tns:AttributedQNameType"/>
- <xs:complexType name="AttributedQNameType" mixed="false">
- <xs:simpleContent>
- <xs:extension base="xs:QName">
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:element name="ProblemIRI" type="tns:AttributedURIType"/>
-
- <xs:element name="ProblemAction" type="tns:ProblemActionType"/>
- <xs:complexType name="ProblemActionType" mixed="false">
- <xs:sequence>
- <xs:element ref="tns:Action" minOccurs="0"/>
- <xs:element name="SoapAction" minOccurs="0" type="xs:anyURI"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##other" processContents="lax"/>
- </xs:complexType>
-
-</xs:schema>
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-policy-200409.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-policy-200409.xsd
deleted file mode 100644
index 88d2532..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-policy-200409.xsd
+++ /dev/null
@@ -1,118 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-(c) 2001-2006 BEA Systems Inc., International Business Machines Corporation, Microsoft Corporation, Inc., SAP AG, Sonic Software, and VeriSign, Inc. All rights reserved.
-
-Permission to copy and display the WS-Policy Specification (the "Specification", which includes WSDL and schema documents), in any medium without fee or royalty is hereby granted, provided that you include the following on ALL copies of the WS-Policy Specification, that you make:
-
-1. A link or URL to the WS-Policy Specification at one of the Authors' websites
-2. The copyright notice as shown in the WS-Policy Specification.
-
-BEA Systems, IBM, Microsoft, SAP, Sonic Software, and VeriSign (collectively, the "Authors") each agree to grant you a license, under royalty-free and otherwise reasonable, non-discriminatory terms and conditions, to their respective essential patent claims that they deem necessary to implement the WS-Policy Specification.
-
-THE WS-POLICY SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE WS-POLICY SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
-
-THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THE WS-POLICY SPECIFICATION.
-
-The name and trademarks of the Authors may NOT be used in any manner, including advertising or publicity pertaining to the WS-Policy Specification or its contents without specific, written prior permission. Title to copyright in the WS-Policy Specification will at all times remain with the Authors.
-
-No other rights are granted by implication, estoppel or otherwise.
--->
-<xs:schema
- targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import
- namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
- schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
-
- <xs:import
- namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" />
-
- <!-- ////////// WS-Policy ////////// -->
-
- <xs:element name="Policy" >
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="tns:OperatorContentType" >
- <xs:attribute name="Name" type="xs:anyURI" />
- <xs:attribute ref="wsu:Id" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="All" type="tns:OperatorContentType" />
- <xs:element name="ExactlyOne" type="tns:OperatorContentType" />
-
- <xs:complexType name="OperatorContentType" >
- <xs:sequence>
- <xs:choice minOccurs="0" maxOccurs="unbounded" >
- <xs:element ref="tns:Policy" />
- <xs:element ref="tns:All" />
- <xs:element ref="tns:ExactlyOne" />
- <xs:element ref="tns:PolicyReference" />
- <xs:any namespace="##other" processContents="lax" />
- </xs:choice>
- </xs:sequence>
- </xs:complexType>
-
- <xs:element name="PolicyReference" >
- <xs:complexType>
- <xs:attribute name="URI" type="xs:anyURI" use="required" />
- <xs:attribute name="Digest" type="xs:base64Binary" />
- <xs:attribute name="DigestAlgorithm"
- type="xs:anyURI"
- default="http://schemas.xmlsoap.org/ws/2004/09/policy/Sha1Exc"
- />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- </xs:element>
-
- <xs:attribute name="Optional" type="xs:boolean" default="false" />
-
- <!-- ////////// WS-PolicyAttachment ////////// -->
-
- <xs:attribute name="PolicyURIs" >
- <xs:simpleType>
- <xs:list itemType="xs:anyURI" />
- </xs:simpleType>
- </xs:attribute>
-
- <xs:element name="PolicyAttachment" >
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="tns:AppliesTo" />
- <xs:choice maxOccurs="unbounded" >
- <xs:element ref="tns:Policy" />
- <xs:element ref="tns:PolicyReference" />
- </xs:choice>
- <!-- omitted only because it causes the content model to be non-determistic
- <xs:element ref="wsse:Security" minOccurs="0" />
--->
- <xs:any namespace="##other"
- processContents="lax"
- minOccurs="0"
- maxOccurs="unbounded" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- </xs:element>
-
- <xs:element name="AppliesTo" >
- <xs:complexType>
- <xs:sequence>
- <xs:any namespace="##any"
- processContents="lax"
- maxOccurs="unbounded" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2-errata-cd-01.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2-errata-cd-01.xsd
deleted file mode 100644
index 441bfe9..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2-errata-cd-01.xsd
+++ /dev/null
@@ -1,1227 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
-implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
-specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
-available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
-of this specification, can be obtained from the OASIS Executive Director.
-OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
-cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
-Copyright © OASIS Open 2002-2007. All Rights Reserved.
-This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
-in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
-above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
-in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
-in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
-it into languages other than English.
-The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
-This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--->
-<xs:schema
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:tns='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:wsa="http://www.w3.org/2005/08/addressing"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import namespace="http://www.w3.org/2005/08/addressing"
- schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" />
-
- <!--
- 4. Protection Assertions
- -->
- <xs:element name="SignedParts" type="tns:SePartsType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.1.1 SignedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedParts" type="tns:SePartsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.2.1 EncryptedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SePartsType">
- <xs:sequence>
- <xs:element name="Body" type="tns:EmptyType" minOccurs="0" />
- <xs:element name="Header" type="tns:HeaderType" minOccurs="0" maxOccurs="unbounded" />
- <xs:element name="Attachments" type="tns:EmptyType" minOccurs="0" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="EmptyType" />
- <xs:complexType name="HeaderType" >
- <xs:attribute name="Name" type="xs:QName" use="optional" />
- <xs:attribute name="Namespace" type="xs:anyURI" use="required" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="SignedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 4.1.2 SignedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.2.2 EncryptedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ContentEncryptedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.2.3 ContentEncryptedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequiredElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 4.3.1 RequiredElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SerElementsType">
- <xs:sequence>
- <xs:element name="XPath" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="RequiredParts" type="tns:SePartsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.3.2 RequiredParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="ReqPartsType">
- <xs:sequence>
- <xs:element name="Header" type="tns:HeaderType" minOccurs="0" maxOccurs="unbounded" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <!--
- 5. Token Assertions
- -->
- <xs:attribute name="IncludeToken" type="tns:IncludeTokenOpenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.1 Token Inclusion
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:simpleType name="IncludeTokenOpenType">
- <xs:union memberTypes="tns:IncludeTokenType xs:anyURI" />
- </xs:simpleType>
- <xs:simpleType name="IncludeTokenType">
- <xs:restriction base="xs:anyURI" >
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always" />
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="UsernameToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="TokenAssertionType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="NoPassword" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HashPassword" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssUsernameToken10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssUsernameToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined below. -->
- <!-- RequireImpliedDerivedKeys defined below. -->
- <!-- RequireExplicitDerivedKeys defined below. -->
-
- <xs:complexType name="QNameAssertionType">
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="IssuedToken" type="tns:IssuedTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="IssuedTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <xs:element name="RequestSecurityTokenTemplate" type="tns:RequestSecurityTokenTemplateType" />
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="RequestSecurityTokenTemplateType">
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute name="TrustVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="RequireDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireImpliedDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireExplicitDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireExternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireInternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="X509Token" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
-
- <xs:element name="RequireKeyIdentifierReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireIssuerSerialReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireEmbeddedTokenReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireThumbprintReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="KerberosToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssGssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SpnegoContextToken" type="tns:SpnegoContextTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SpnegoContextTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <xs:element name="MustNotSendCancel" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustNotSendAmend" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustNotSendRenew" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SecurityContextToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
-
- <xs:element name="RequireExternalUriReference" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SC13SecurityContextToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SecureConversationToken" type="tns:SecureConversationTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SecureConversationTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireExternalUriReference defined above. -->
- <!-- SC13SecurityContextToken defined above. -->
- <!-- MustNotSendCancel defined above. -->
- <!-- MustNotSendAmend defined above. -->
- <!-- MustNotSendRenew defined above. -->
-
- <xs:element name="BootstrapPolicy" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SamlToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssSamlV11Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV11Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RelToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssRelV10Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV10Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="HttpsToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HttpBasicAuthentication" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HttpDigestAuthentication" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireClientCertificate" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="KeyValueToken" type="tns:KeyValueTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.11 KeyValueToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="KeyValueTokenType">
- <xs:sequence>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:element name="RsaKeyValue" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.11 KeyValueToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 7. Security Binding Assertions
- -->
- <xs:element name="AlgorithmSuite" type="tns:NestedPolicyType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="NestedPolicyType">
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="Basic256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDes" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesRsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="InclusiveC14N" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SOAPNormalization10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="STRTransform10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="XPath10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="XPathFilter20" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="AbsXPath" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Layout" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Strict" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Lax" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsFirst" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsLast" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
-
- <xs:element name="IncludeTimestamp" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8=7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
-
- <xs:element name="EncryptBeforeSigning" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptSignature" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="OnlySignEntireHeadersAndBody" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="AsymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorSignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorEncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientSignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientEncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
- <!-- EncryptBeforeSigning defined above. -->
- <!-- EncryptSignature defined above. -->
- <!-- ProtectTokens defined above. -->
- <!-- OnlySignEntireHeadersAndBody defined above. -->
-
- <!--
- 8. Supporting Tokens
- -->
- <xs:element name="SupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 SupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 SignedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.3 EndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SignedEndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.5 SignedEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.6 EncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.7 EndorsingEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.8 SignedEndorsingEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <!--
- 9. WSS: SOAP Message Security Options
- -->
- <xs:element name="Wss10" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportRefKeyIdentifier" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefIssuerSerial" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefExternalURI" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEmbeddedToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Wss11" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- MustSupportRefKeyIdentifier defined above. -->
- <!-- MustSupportRefIssuerSerial defined above. -->
- <!-- MustSupportRefExternalURI defined above. -->
- <!-- MustSupportRefEmbeddedToken defined above. -->
-
- <xs:element name="MustSupportRefThumbprint" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEncryptedKey" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireSignatureConfirmation" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 10. WS-Trust Options
- -->
- <xs:element name="Trust13" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportClientChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportServerChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireClientEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireServerEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportIssuedTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireRequestSecurityTokenCollection" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireAppliesTo" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2.xsd
deleted file mode 100644
index 710acf4..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.2.xsd
+++ /dev/null
@@ -1,1205 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
-implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
-specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
-available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
-of this specification, can be obtained from the OASIS Executive Director.
-OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
-cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
-Copyright © OASIS Open 2002-2007. All Rights Reserved.
-This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
-in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
-above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
-in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
-in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
-it into languages other than English.
-The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
-This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--->
-<xs:schema
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:tns='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:wsa="http://www.w3.org/2005/08/addressing"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import namespace="http://www.w3.org/2005/08/addressing"
- schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" />
-
- <!--
- 4. Protection Assertions
- -->
- <xs:element name="SignedParts" type="tns:SePartsType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.1.1 SignedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedParts" type="tns:SePartsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.2.1 EncryptedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SePartsType">
- <xs:sequence>
- <xs:element name="Body" type="tns:EmptyType" minOccurs="0" />
- <xs:element name="Header" type="tns:HeaderType" minOccurs="0" maxOccurs="unbounded" />
- <xs:element name="Attachments" type="tns:EmptyType" minOccurs="0" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="EmptyType" />
- <xs:complexType name="HeaderType" >
- <xs:attribute name="Name" type="xs:QName" use="optional" />
- <xs:attribute name="Namespace" type="xs:anyURI" use="required" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="SignedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 4.1.2 SignedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 4.2.2 EncryptedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequiredElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 4.3.1 RequiredElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SerElementsType">
- <xs:sequence>
- <xs:element name="XPath" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <!--
- 5. Token Assertions
- -->
- <xs:attribute name="IncludeToken" type="tns:IncludeTokenOpenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.1 Token Inclusion
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:simpleType name="IncludeTokenOpenType">
- <xs:union memberTypes="tns:IncludeTokenType xs:anyURI" />
- </xs:simpleType>
- <xs:simpleType name="IncludeTokenType">
- <xs:restriction base="xs:anyURI" >
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Never" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Once" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/AlwaysToRecipient" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/AlwaysToInitiator" />
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Always" />
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="UsernameToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="TokenAssertionType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="NoPassword" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HashPassword" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssUsernameToken10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssUsernameToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined below. -->
- <!-- RequireImpliedDerivedKeys defined below. -->
- <!-- RequireExplicitDerivedKeys defined below. -->
-
- <xs:complexType name="QNameAssertionType">
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="IssuedToken" type="tns:IssuedTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="IssuedTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <xs:element name="RequestSecurityTokenTemplate" type="tns:RequestSecurityTokenTemplateType" />
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="RequestSecurityTokenTemplateType">
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute name="TrustVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="RequireDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireImpliedDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireExplicitDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireExternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireInternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="X509Token" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
-
- <xs:element name="RequireKeyIdentifierReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireIssuerSerialReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireEmbeddedTokenReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireThumbprintReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="KerberosToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssGssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SpnegoContextToken" type="tns:SpnegoContextTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SpnegoContextTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <xs:element name="MustNotSendCancel" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustNotSendAmend" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustNotSendRenew" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SecurityContextToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
-
- <xs:element name="RequireExternalUriReference" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SC13SecurityContextToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SecureConversationToken" type="tns:SecureConversationTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SecureConversationTokenType">
- <xs:sequence>
- <xs:choice minOccurs="0">
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
- <xs:element name="IssuerName" type="xs:anyURI" />
- </xs:choice>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireExternalUriReference defined above. -->
- <!-- SC13SecurityContextToken defined above. -->
- <!-- MustNotSendCancel defined above. -->
- <!-- MustNotSendAmend defined above. -->
- <!-- MustNotSendRenew defined above. -->
-
- <xs:element name="BootstrapPolicy" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SamlToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssSamlV11Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV11Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RelToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireImpliedDerivedKeys defined above. -->
- <!-- RequireExplicitDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssRelV10Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV10Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="HttpsToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HttpBasicAuthentication" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="HttpDigestAuthentication" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireClientCertificate" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="KeyValueToken" type="tns:KeyValueTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.11 KeyValueToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="KeyValueTokenType">
- <xs:sequence>
- <!--
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:element name="RsaKeyValue" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.11 KeyValueToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 7. Security Binding Assertions
- -->
- <xs:element name="AlgorithmSuite" type="tns:NestedPolicyType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="NestedPolicyType">
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="Basic256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDes" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesRsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="InclusiveC14N" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SOAPNormalization10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="STRTransform10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="XPath10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="XPathFilter20" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="AbsXPath" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Layout" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Strict" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Lax" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsFirst" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsLast" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
-
- <xs:element name="IncludeTimestamp" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8=7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
-
- <xs:element name="EncryptBeforeSigning" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptSignature" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="OnlySignEntireHeadersAndBody" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="AsymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorSignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorEncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientSignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientEncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 7.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
- <!-- EncryptBeforeSigning defined above. -->
- <!-- EncryptSignature defined above. -->
- <!-- ProtectTokens defined above. -->
- <!-- OnlySignEntireHeadersAndBody defined above. -->
-
- <!--
- 8. Supporting Tokens
- -->
- <xs:element name="SupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 SupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 SignedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.3 EndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SignedEndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.5 SignedEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.6 EncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.7 EndorsingEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.8 SignedEndorsingEncryptedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <!--
- 9. WSS: SOAP Message Security Options
- -->
- <xs:element name="Wss10" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportRefKeyIdentifier" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefIssuerSerial" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefExternalURI" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEmbeddedToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Wss11" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- MustSupportRefKeyIdentifier defined above. -->
- <!-- MustSupportRefIssuerSerial defined above. -->
- <!-- MustSupportRefExternalURI defined above. -->
- <!-- MustSupportRefEmbeddedToken defined above. -->
-
- <xs:element name="MustSupportRefThumbprint" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEncryptedKey" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireSignatureConfirmation" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 10. WS-Trust Options
- -->
- <xs:element name="Trust13" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportClientChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportServerChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireClientEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireServerEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportIssuedTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireRequestSecurityTokenCollection" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireAppiesTo" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.3.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.3.xsd
deleted file mode 100644
index cab4de3..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-1.3.xsd
+++ /dev/null
@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
-implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
-specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
-available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
-of this specification, can be obtained from the OASIS Executive Director.
-OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
-cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
-Copyright © OASIS Open 2002-2008. All Rights Reserved.
-This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
-in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
-above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
-in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
-in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
-it into languages other than English.
-The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
-This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--->
-<xs:schema
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802'
- xmlns:tns='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802'
- xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:wsa="http://www.w3.org/2005/08/addressing"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import namespace="http://www.w3.org/2005/08/addressing"
- schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" />
-
- <xs:import namespace="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- schemaLocation="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2.xsd" />
-
- <!--
- 4.1.2 New XPath 2.0 assertion parameter
- Uses extensibility point defined for sp:SignedElements
- -->
- <xs:element name="XPath2" type="tns:XPath2Type"/>
- <xs:complexType name="XPath2Type">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="Filter" type="xs:string" use ="required"/>
- <!-- Intended values from XPath Filter 2.0 spec http://www.w3.org/TR/xmldsig-filter2/
- <enumeration value="intersect"/>
- <enumeration value="subtract"/>
- <enumeration value="union"/>
- -->
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <!--
- 5.4.1 New UsernameToken Assertions
- -->
-
- <xs:element name="Created" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Nonce" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 10.1 Trust13 Assertion
- Added ScopePolicy15, MustSupportInteractiveChallenge assertions
- -->
- <xs:element name="ScopePolicy15" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportInteractiveChallenge" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200507.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200507.xsd
deleted file mode 100644
index bc668f0..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200507.xsd
+++ /dev/null
@@ -1,979 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<xs:schema
- targetNamespace="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
- xmlns:tns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- schemaLocation="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
-
- <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
- schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd" />
-
- <!--
- 5. Protection Assertions
- -->
- <xs:element name="SignedParts" type="tns:SePartsType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.1.1 SignedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedParts" type="tns:SePartsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.2.1 EncryptedParts Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SePartsType">
- <xs:sequence>
- <xs:element name="Body" type="tns:EmptyType" minOccurs="0" />
- <xs:element name="Header" type="tns:HeaderType" minOccurs="0" maxOccurs="unbounded" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="EmptyType" />
- <xs:complexType name="HeaderType" >
- <xs:attribute name="Name" type="xs:QName" use="optional" />
- <xs:attribute name="Namespace" type="xs:anyURI" use="required" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="SignedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.1.2 SignedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptedElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.2.2 EncryptedElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequiredElements" type="tns:SerElementsType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 5.3.1 RequiredElements Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SerElementsType">
- <xs:sequence>
- <xs:element name="XPath" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <!--
- 6. Token Assertions
- -->
- <xs:attribute name="IncludeToken" type="tns:IncludeTokenOpenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.1 Token Inclusion
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:simpleType name="IncludeTokenOpenType">
- <xs:union memberTypes="tns:IncludeTokenType xs:anyURI" />
- </xs:simpleType>
- <xs:simpleType name="IncludeTokenType">
- <xs:restriction base="xs:anyURI" >
- <xs:enumeration value="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
- <xs:enumeration value="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
- <xs:enumeration value="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
- <xs:enumeration value="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="UsernameToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 6.3.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="TokenAssertionType">
- <xs:sequence>
- <!--
- *** Accurate content model is nondeterministic ***
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="WssUsernameToken10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssUsernameToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="QNameAssertionType">
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="IssuedToken" type="tns:IssuedTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="IssuedTokenType">
- <xs:sequence>
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" minOccurs="0" />
- <xs:element name="RequestSecurityTokenTemplate" type="tns:RequestSecurityTokenTemplateType" />
- <!--
- *** Accurate content model is nondeterministic ***
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <xs:complexType name="RequestSecurityTokenTemplateType">
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute name="TrustVersion" type="xs:anyURI" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="RequireDerivedKeys" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireExternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireInternalReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.2 IssuedToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="X509Token" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RequireKeyIdentifierReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireIssuerSerialReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireEmbeddedTokenReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireThumbprintReference" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V1Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token10" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509V3Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509Pkcs7Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssX509PkiPathV1Token11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.3 X509Token Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="KerberosToken" type="tns:TokenAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssGssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.4 KerberosToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SpnegoContextToken" type="tns:SpnegoContextTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 6.3.5 SpnegoContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SpnegoContextTokenType">
- <xs:sequence>
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" minOccurs="0" />
- <!--
- *** Accurate content model is nondeterministic ***
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
-
- <xs:element name="SecurityContextToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
-
- <xs:element name="RequireExternalUriReference" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SC10SecurityContextToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.6 SecurityContextToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SecureConversationToken" type="tns:SecureConversationTokenType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="SecureConversationTokenType">
- <xs:sequence>
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" minOccurs="0" />
- <!--
- *** Accurate content model is nondeterministic ***
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
- </xs:sequence>
- <xs:attribute ref="tns:IncludeToken" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireExternalUriReference defined above. -->
- <!-- SC10SecurityContextToken defined above. -->
-
- <xs:element name="BootstrapPolicy" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.7 SecureConversationToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="SamlToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en" >
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssSamlV10Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV11Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV10Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV11Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssSamlV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.8 SamlToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RelToken" type="tns:TokenAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <!-- RequireKeyIdentifierReference defined above. -->
-
- <xs:element name="WssRelV10Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV10Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="WssRelV20Token11" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.9 RelToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="HttpsToken" type="tns:HttpsTokenType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 6.3.10 HttpsToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="HttpsTokenType">
- <xs:sequence>
- <!--
- *** Accurate content model is nondeterministic ***
- <xs:element ref="wsp:Policy" minOccurs="0" />
- -->
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:attribute name="RequireClientCertificate" type="xs:boolean" use="required" />
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <!--
- 8. Security Binding Assertions
- -->
- <xs:element name="AlgorithmSuite" type="tns:NestedPolicyType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:complexType name="NestedPolicyType">
- <xs:sequence>
- <xs:element ref="wsp:Policy" />
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="Basic256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDes" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesRsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic256Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic192Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Basic128Sha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="TripleDesSha256Rsa15" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="InclusiveC14N" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SOAPNormalization10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="STRTransform10" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="XPathFilter20" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.1 AlgorithmSuite Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Layout" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Strict" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="Lax" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsFirst" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="LaxTsLast" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.2 Layout Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="TransportToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
-
- <xs:element name="IncludeTimestamp" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.3 TransportBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
-
- <xs:element name="SymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="SignatureToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectionToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
-
- <xs:element name="EncryptBeforeSigning" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="EncryptSignature" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="ProtectTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- RequireDerivedKeys defined above. -->
- <xs:element name="OnlySignEntireHeadersAndBody" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.4 SymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="AsymmetricBinding" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="InitiatorToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="RecipientToken" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 8.5 AsymmetricBinding Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- Layout defined above. -->
- <!-- IncludeTimestamp defined above. -->
- <!-- EncryptBeforeSigning defined above. -->
- <!-- EncryptSignature defined above. -->
- <!-- ProtectTokens defined above. -->
- <!-- RequireDerivedKeys defined above. -->
- <!-- OnlySignEntireHeadersAndBody defined above. -->
-
- <!--
- 9. Supporting Tokens
- -->
- <xs:element name="SupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.1 SupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.2 SignedSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="EndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.3 EndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <xs:element name="SignedEndorsingSupportingTokens" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 9.4 SignedEndorsingSupportingTokens Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- AlgorithmSuite defined above. -->
- <!-- SignedParts defined above. -->
- <!-- SignedElements defined above. -->
- <!-- EncryptedParts defined above. -->
- <!-- EncryptedElements defined above. -->
-
- <!--
- 10. WSS: SOAP Message Security Options
- -->
- <xs:element name="Wss10" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportRefKeyIdentifier" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefIssuerSerial" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefExternalURI" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEmbeddedToken" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Wss10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Wss11" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <!-- MustSupportRefKeyIdentifier defined above. -->
- <!-- MustSupportRefIssuerSerial defined above. -->
- <!-- MustSupportRefExternalURI defined above. -->
- <!-- MustSupportRefEmbeddedToken defined above. -->
-
- <xs:element name="MustSupportRefThumbprint" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportRefEncryptedKey" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireSignatureConfirmation" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.2 Wss11 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 11. WS-Trust Options
- -->
- <xs:element name="Trust10" type="tns:NestedPolicyType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportClientChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportServerChallenge" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireClientEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="RequireServerEntropy" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="MustSupportIssuedTokens" type="tns:QNameAssertionType">
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 11.1 Trust10 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200802.xsd b/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200802.xsd
deleted file mode 100644
index 3c8bf7a..0000000
--- a/streaming-ws-policy/src/main/resources/schemas/ws-securitypolicy-200802.xsd
+++ /dev/null
@@ -1,103 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
-implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
-specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
-available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
-of this specification, can be obtained from the OASIS Executive Director.
-OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
-cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
-Copyright © OASIS Open 2002-2008. All Rights Reserved.
-This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
-in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
-above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
-in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
-in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
-it into languages other than English.
-The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
-This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--->
-<xs:schema
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802'
- xmlns:tns='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802'
- xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
- xmlns:wsa="http://www.w3.org/2005/08/addressing"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- blockDefault="#all" >
-
- <xs:import namespace="http://www.w3.org/2005/08/addressing"
- schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" />
-
- <xs:import namespace="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- schemaLocation="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-errata-cd-01.xsd" />
-
- <!--
- 4.1.1 New SignedParts assertion parameters
- Uses extensibility point defined for sp:SignedElements
- -->
- <xs:element name="ContentSignatureTransform" type="sp:EmptyType"/>
- <xs:element name="AttachmentCompleteSignatureTransform" type="sp:EmptyType"/>
-
- <!--
- 4.1.2 New XPath 2.0 assertion parameter
- Uses extensibility point defined for sp:SignedElements
- -->
- <xs:element name="XPath2" type="tns:XPath2Type"/>
- <xs:complexType name="XPath2Type">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="Filter" type="xs:string" use ="required"/>
- <!-- Intended values from XPath Filter 2.0 spec http://www.w3.org/TR/xmldsig-filter2/
- <enumeration value="intersect"/>
- <enumeration value="subtract"/>
- <enumeration value="union"/>
- -->
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <!--
- 5.4.1 New UsernameToken Assertions
- -->
-
- <xs:element name="Created" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="Nonce" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 5.4.1 UsernameToken Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!--
- 10.1 Trust13 Assertion
- Added ScopePolicy15, MustSupportInteractiveChallenge assertions
- -->
- <xs:element name="ScopePolicy15" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <xs:element name="MustSupportInteractiveChallenge" type="sp:QNameAssertionType" >
- <xs:annotation>
- <xs:documentation xml:lang="en">
- 10.1 Trust13 Assertion
- </xs:documentation>
- </xs:annotation>
- </xs:element>
-
-</xs:schema>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
deleted file mode 100644
index abd3e64..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyEnforcerFactory;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.impl.securityToken.X509SecurityToken;
-import org.swssf.wss.test.AbstractTestBase;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class AbstractPolicyTestBase extends AbstractTestBase {
-
- protected PolicyEnforcer buildAndStartPolicyEngine(String policyString) throws ParserConfigurationException, SAXException, IOException, WSSPolicyException {
- return this.buildAndStartPolicyEngine(policyString, false);
- }
-
- protected PolicyEnforcer buildAndStartPolicyEngine(String policyString, boolean replacePolicyElement) throws ParserConfigurationException, SAXException, IOException, WSSPolicyException {
- DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
- documentBuilderFactory.setNamespaceAware(true);
- documentBuilderFactory.setValidating(false);
- DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
- Document document = documentBuilder.parse(this.getClass().getClassLoader().getResourceAsStream("testdata/wsdl/wsdl-template.wsdl"));
- NodeList nodeList = document.getElementsByTagNameNS("*", SPConstants.P_LOCALNAME);
-
- Document policyDocument = documentBuilder.parse(new ByteArrayInputStream(policyString.getBytes("UTF-8")));
- Node policyNode = document.importNode(policyDocument.getDocumentElement(), true);
- Element element = (Element) nodeList.item(0);
- if (replacePolicyElement) {
- element.getParentNode().replaceChild(element, policyNode);
- } else {
- element.appendChild(policyNode);
- }
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(document);
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("");
-
- return policyEnforcer;
- }
-
- public X509SecurityToken getX509Token(WSSConstants.TokenType tokenType) throws Exception {
- return getX509Token(tokenType, "transmitter");
- }
-
- public X509SecurityToken getX509Token(WSSConstants.TokenType tokenType, final String keyAlias) throws Exception {
-
- final KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
-
- return new X509SecurityToken(tokenType, null, null, null, "", WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- @Override
- protected String getAlias() throws XMLSecurityException {
- return keyAlias;
- }
-
- @Override
- public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
- try {
- return keyStore.getKey(keyAlias, "default".toCharArray());
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
- }
-
- @Override
- public PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
- try {
- return keyStore.getCertificate(keyAlias).getPublicKey();
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
- }
-
- @Override
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- Certificate[] certificates;
- try {
- certificates = keyStore.getCertificateChain(keyAlias);
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
-
- X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
- for (int i = 0; i < certificates.length; i++) {
- Certificate certificate = certificates[i];
- x509Certificates[i] = (X509Certificate) certificate;
- }
- return x509Certificates;
- }
- };
- }
-
- protected String loadResourceAsString(String resource, String encoding) throws IOException {
- InputStreamReader inputStreamReader = new InputStreamReader(this.getClass().getClassLoader().getResourceAsStream(resource), encoding);
- StringBuilder stringBuilder = new StringBuilder();
- int read = 0;
- char[] buffer = new char[1024];
- while ((read = inputStreamReader.read(buffer)) != -1) {
- stringBuilder.append(buffer, 0, read);
- }
- return stringBuilder.toString();
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java
deleted file mode 100644
index 3804e9e..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class AlgorithmSuiteTest extends AbstractPolicyTestBase {
-
- @Test
- public void testAlgorithmSuitePolicy() throws Exception {
- String policyString =
- "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:TripleDesRsa15/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AlgorithmSuite>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- algorithmSuiteSecurityEvent.setKeyLength(192);
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testAlgorithmSuitePolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:TripleDesRsa15/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AlgorithmSuite>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- algorithmSuiteSecurityEvent.setKeyLength(192);
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#sha256");
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Dig);
- try {
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Digest algorithm http://www.w3.org/2001/04/xmlenc#sha256 does not meet policy");
- }
- }
-
- @Test
- public void testAlgorithmSuitePolicyNegative() throws Exception {
- String policyString =
- "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:TripleDesRsa15/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AlgorithmSuite>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- algorithmSuiteSecurityEvent.setKeyLength(128);
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
- try {
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Encryption algorithm http://www.w3.org/2001/04/xmlenc#aes128-cbc does not meet policy\n" +
- "Symmetric encryption algorithm key length 128 does not meet policy");
- }
- }
-
- @Test
- public void testAlgorithmSuitePolicyAlternatives() throws Exception {
- String policyString =
- "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<wsp:ExactlyOne>\n" +
- "<sp:Basic256/>\n" +
- "<sp:TripleDesRsa15/>\n" +
- "</wsp:ExactlyOne>\n" +
- "</wsp:Policy>\n" +
- "</sp:AlgorithmSuite>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- algorithmSuiteSecurityEvent.setKeyLength(192);
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testAlgorithmSuitePolicyAlternativesNegative() throws Exception {
- String policyString =
- "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<wsp:ExactlyOne>\n" +
- "<sp:Basic256/>\n" +
- "<sp:TripleDesRsa15/>\n" +
- "</wsp:ExactlyOne>\n" +
- "</wsp:Policy>\n" +
- "</sp:AlgorithmSuite>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- algorithmSuiteSecurityEvent.setKeyLength(128);
- algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
- try {
- policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Encryption algorithm http://www.w3.org/2001/04/xmlenc#aes128-cbc does not meet policy\n" +
- "Symmetric encryption algorithm key length 128 does not meet policy");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
deleted file mode 100644
index 945a1e2..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
+++ /dev/null
@@ -1,2277 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyInputProcessor;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.test.CallbackHandlerImpl;
-import org.swssf.wss.crypto.CryptoType;
-import org.swssf.wss.crypto.Merlin;
-import org.apache.xml.security.stax.ext.SecurePart;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import java.io.*;
-import java.security.KeyStore;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase {
-
- @Test
- public void testIncludeTimestampPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testIncludeTimestampPolicy2ndAlternative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <wsp:ExactlyOne>\n" +
- " <wsp:All>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V1Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " </wsp:All>\n" +
- " <wsp:All>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testIncludeTimestampPolicyNegativeTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Timestamp must not be present");
- }
- }
-
- @Test
- public void testIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testIncludeTimestampAndSignedUsernameSupportingTokenPolicyNegativeTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be signed");
- }
- }
-
- @Test
- public void testIncludeTimestampAndSignedUsernameSupportingTokenPolicyNegativeTest2() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied");
- }
- }
-
- @Test
- public void testIncludeTimestampAndProtectionOrderEncryptBeforeSignAndSignedUsernameSupportingTokenPolicyTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:EncryptBeforeSigning/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.ENCRYPT, WSSConstants.SIGNATURE};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testSignatureAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:ProtectTokens/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Asymmetric algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 does not meet policy");
- }
- }
-
- @Test
- public void testC14NAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:ProtectTokens/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2006/12/xml-c14n11");
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "C14N algorithm http://www.w3.org/2006/12/xml-c14n11 does not meet policy");
- }
- }
-
- @Test
- public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:ProtectTokens/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
- }
- }
-
- @Test
- public void testEncryptionAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:ProtectTokens/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Encryption algorithm http://www.w3.org/2001/04/xmlenc#tripledes-cbc does not meet policy\n" +
- "Symmetric encryption algorithm key length 192 does not meet policy");
- }
- }
-
- @Test
- public void testSignatureProtectionPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:EncryptSignature/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_dsig_Signature, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testSignatureProtectionPolicyNegative1() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:EncryptSignature/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://www.w3.org/2000/09/xmldsig#}Signature must be encrypted");
- }
- }
-
- @Test
- public void testSignatureProtectionPolicyNegative2() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_dsig_Signature, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://www.w3.org/2000/09/xmldsig#}Signature must not be encrypted");
- }
- }
-
- @Test
- public void testEntireHeaderAndBodySignature() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:OnlySignEntireHeadersAndBody/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Expires" +
- " </sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(new QName("http://schemas.xmlsoap.org/wsdl/", "definitions"), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testEntireHeaderAndBodySignatureNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:OnlySignEntireHeadersAndBody/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://schemas.xmlsoap.org/wsdl/}definitions must be signed");
- }
- }
-
- /*@Test
- public void testLayoutLaxTimestampFirstNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:LaxTsFirst/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Policy enforces LaxTsFirst but X509Token occured first");
- }
- }*/
-
- @Test
- public void testTokenScenario() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken IncludeToken=\" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always\">\n" +
- " <sp:IssuerName>www.example.com</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Expires" +
- " </sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.USERNAMETOKEN, WSSConstants.SAML_TOKEN_SIGNED, WSSConstants.ENCRYPT_WITH_DERIVED_KEY};
- outSecurityProperties.setOutAction(actions);
- CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
- callbackHandler.setSamlVersion(SAMLVersion.VERSION_20);
- callbackHandler.setStatement(CallbackHandlerImpl.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
- callbackHandler.setIssuer("www.example.com");
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
- callbackHandler.setSecret(secret);
- KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
- Merlin crypto = new Merlin();
- crypto.setKeyStore(keyStore);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias("transmitter");
- callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
- outSecurityProperties.setCallbackHandler(callbackHandler);
- outSecurityProperties.setTokenUser("tester");
- outSecurityProperties.setSignatureKeyIdentifierType(WSSConstants.WSSKeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires, SecurePart.Modifier.Content));
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testTokenScenarioLateEncryption() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken IncludeToken=\" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always\">\n" +
- " <sp:IssuerName>www.example.com</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" " +
- " xmlns:xsd=\"http://www.w3.org/1999/XMLSchema\">" +
- " /soap:Envelope/soap:Body/wsdl:definitions/wsdl:types/xsd:schema/xsd:simpleType" +
- " </sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.USERNAMETOKEN, WSSConstants.SAML_TOKEN_SIGNED, WSSConstants.ENCRYPT_WITH_DERIVED_KEY};
- outSecurityProperties.setOutAction(actions);
- CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
- callbackHandler.setSamlVersion(SAMLVersion.VERSION_20);
- callbackHandler.setStatement(CallbackHandlerImpl.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
- callbackHandler.setIssuer("www.example.com");
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
- callbackHandler.setSecret(secret);
- KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
- Merlin crypto = new Merlin();
- crypto.setKeyStore(keyStore);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias("transmitter");
- callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
- outSecurityProperties.setCallbackHandler(callbackHandler);
- outSecurityProperties.setTokenUser("tester");
- outSecurityProperties.setSignatureKeyIdentifierType(WSSConstants.WSSKeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "simpleType"), SecurePart.Modifier.Element));
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java
deleted file mode 100644
index a216840..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java
+++ /dev/null
@@ -1,313 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class AsymmetricBindingTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNotIncludeTimestamp() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Timestamp must not be present");
- }
- }
-
- @Test
- public void testPolicyWrongProtectionOrder() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptBeforeSigning/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces EncryptBeforeSigning but the /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body was signed and then encrypted");
- }
- }
-
- @Test
- public void testPolicySignatureNotEncrypted() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://www.w3.org/2000/09/xmldsig#}Signature must be encrypted");
- }
- }
-
- @Test
- public void testPolicyNotWholeBodySigned() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body must be signed");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java
deleted file mode 100644
index 665bedb..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class ContentEncryptedElementsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:ContentEncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:ContentEncryptedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- contentEncryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- //additional ContentEncryptedElements are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "b"));
- contentEncryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:ContentEncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:ContentEncryptedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- contentEncryptedElementSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Content of element /{http://example.org}a must be encrypted");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
deleted file mode 100644
index 6a11b61..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
+++ /dev/null
@@ -1,495 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.X509SecurityToken;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class DerivedKeyTests extends AbstractPolicyTestBase {
-
- @Test
- public void testDerivedKeyInitiatorTokenPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
-
- X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
-
- derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testDerivedKeyInitiatorTokenPolicyNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
-
- X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Derived key must be used");
- }
- }
-
- @Test
- public void testDerivedKeyRecipientTokenPolicyNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
-
- X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Derived key must be used");
- }
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicy() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicyNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: \n" +
- "Derived key must be used");
- }
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testDerivedKeySupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireDerivedKeys/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
- securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java
deleted file mode 100644
index ac73c1b..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class EncryptedElementsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:EncryptedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- //additional EncryptedElements are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "b"));
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:EncryptedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- encryptedElementSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://example.org}a must be encrypted");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java
deleted file mode 100644
index bfcd63b..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class EncryptedPartsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments/>\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- //additional encryptedParts are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments/>\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://example.org}a must be encrypted");
- }
- }
-
- @Test
- public void testPolicyWholeBody() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyWholeBodyNegative() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, null);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- try {
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body must be encrypted");
- }
- }
-
- @Test
- public void testPolicyWildcardHeader() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments/>\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- //additional encryptedParts are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyWildcardHeaderNegative() throws Exception {
- String policyString =
- "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments/>\n" +
- "</sp:EncryptedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- encryptedPartSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://example.org}a must be encrypted");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java
deleted file mode 100644
index 554ee89..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class HttpsTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireClientCertificate/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>" +
- " </wsp:Policy>\n" +
- "</sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- httpsTokenSecurityEvent.setSecurityToken(securityToken);
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
- httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireClientCertificate/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>" +
- " </wsp:Policy>\n" +
- "</sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- httpsTokenSecurityEvent.setSecurityToken(securityToken);
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces HttClientCertificateAuthentication but we got HttpBasicAuthentication");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java
deleted file mode 100644
index ea824ad..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.swssf.policy.test;
-
-import org.opensaml.common.SAMLVersion;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SamlTokenSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class IssuedTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SamlTokenSecurityEvent initiatorTokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SamlTokenSecurityEvent recipientTokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- //todo more tests
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java
deleted file mode 100644
index eee9f3b..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.KerberosTokenSecurityEvent;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class KerberosTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssKerberosV5ApReqToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssKerberosV5ApReqToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- KerberosTokenSecurityEvent initiatorTokenSecurityEvent = new KerberosTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- KerberosTokenSecurityEvent recipientTokenSecurityEvent = new KerberosTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- //todo more tests
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
deleted file mode 100644
index 97342e0..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class KeyValueTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
-
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- KeyValueTokenSecurityEvent initiatorTokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- KeyValueTokenSecurityEvent recipientTokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
-
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- KeyValueTokenSecurityEvent initiatorTokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-ecdsa");
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- KeyValueTokenSecurityEvent recipientTokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a ECKeyValue");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java
deleted file mode 100644
index 70e134a..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java
+++ /dev/null
@@ -1,194 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class LayoutTest extends AbstractPolicyTestBase {
-
- /*@Test
- public void testPolicyStrict() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:LaxTsFirst/>\n" +
- "</wsp:Policy>\n" +
- "</sp:Layout>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(x509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }*/
-
- /*@Test
- public void testPolicyLaxTsFirst() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:LaxTsFirst/>\n" +
- "</wsp:Policy>\n" +
- "</sp:Layout>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(x509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }*/
-
- /*@Test
- public void testPolicyLaxTsFirstNegative() throws Exception {
- String policyString =
- "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:LaxTsFirst/>\n" +
- "</wsp:Policy>\n" +
- "</sp:Layout>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces LaxTsFirst but X509Token occured first");
- }
- }*/
-
- /*@Test
- public void testPolicyLaxTsLast() throws Exception {
- String policyString =
- "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:LaxTsLast/>\n" +
- "</wsp:Policy>\n" +
- "</sp:Layout>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }*/
-
- /*@Test
- public void testPolicyLaxTsLastNegative() throws Exception {
- String policyString =
- "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:LaxTsLast/>\n" +
- "</wsp:Policy>\n" +
- "</sp:Layout>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces LaxTsLast but X509Token occured last");
- }
- }*/
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/ProtectionOrderTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/ProtectionOrderTest.java
deleted file mode 100644
index ad49b4b..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/ProtectionOrderTest.java
+++ /dev/null
@@ -1,253 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class ProtectionOrderTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicySignBeforeEncrypt() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
-
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicySignBeforeEncryptWithoutEncryption() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicySignBeforeEncryptNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- try {
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces SignBeforeEncrypting but the /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body was encrypted and then signed");
- }
- }
-
- @Test
- public void testPolicyEncryptBeforeSign() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:EncryptBeforeSigning/>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
-
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
-
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyEncryptBeforeSignWithoutSignature() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:EncryptBeforeSigning/>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyEncryptBeforeSignNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:EncryptBeforeSigning/>\n" +
- " </wsp:Policy>\n" +
- "</sp:AsymmetricBinding>\n";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, true, protectionOrder);
- encryptedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- try {
- policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces EncryptBeforeSigning but the /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body was signed and then encrypted");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java
deleted file mode 100644
index cae96aa..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.RelTokenSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class RelTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:RelToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssRelV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:RelToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:RelToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssRelV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:RelToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- RelTokenSecurityEvent initiatorTokenSecurityEvent = new RelTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- RelTokenSecurityEvent recipientTokenSecurityEvent = new RelTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- //todo more tests
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java
deleted file mode 100644
index 3f2e90d..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.RequiredElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class RequiredElementsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:RequiredElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- requiredElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- //additional RequiredElements are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "b"));
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:RequiredElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- requiredElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- try {
- policyEnforcer.doFinal();
- Assert.fail("Exception expected");
- } catch (WSSPolicyException e) {
- Assert.assertEquals(e.getMessage(), "\nElement /{http://example.org}a must be present");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java
deleted file mode 100644
index e761f9a..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.RequiredPartSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class RequiredPartsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:RequiredParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "</sp:RequiredParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
- requiredPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- requiredPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- //additional encryptedParts are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- requiredPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:RequiredParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "</sp:RequiredParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
- requiredPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- try {
- policyEnforcer.doFinal();
- Assert.fail("Exception expected");
- } catch (WSSPolicyException e) {
- Assert.assertEquals(e.getMessage(), "\nElement {http://example.org}a must be present");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java
deleted file mode 100644
index 44bb4c5..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.opensaml.common.SAMLVersion;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SamlTokenSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SamlTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SamlTokenSecurityEvent initiatorTokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SamlTokenSecurityEvent recipientTokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:WssSamlV20Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SamlTokenSecurityEvent initiatorTokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SamlTokenSecurityEvent recipientTokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:otherURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "IssuerName in Policy (xs:anyURI) didn't match with the one in the SamlToken (xs:otherURI)");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java
deleted file mode 100644
index 2d8d969..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SecureConversationTokenSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SecureConversationTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
- initiatorTokenSecurityEvent.setExternalUriRef(true);
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
- recipientTokenSecurityEvent.setExternalUriRef(true);
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("sss");
- initiatorTokenSecurityEvent.setExternalUriRef(true);
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("sss");
- recipientTokenSecurityEvent.setExternalUriRef(true);
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "IssuerName in Policy (xs:anyURI) didn't match with the one in the SecureConversationToken (sss)");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java
deleted file mode 100644
index 549b6c1..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
-*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SecurityContextTokenSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SecurityContextTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SecurityContextTokenSecurityEvent initiatorTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
- initiatorTokenSecurityEvent.setExternalUriRef(true);
-
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecurityContextTokenSecurityEvent recipientTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
- recipientTokenSecurityEvent.setExternalUriRef(true);
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireExternalUriReference/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SecurityContextTokenSecurityEvent initiatorTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("sss");
- initiatorTokenSecurityEvent.setExternalUriRef(true);
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecurityContextTokenSecurityEvent recipientTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("sss");
- recipientTokenSecurityEvent.setExternalUriRef(true);
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "IssuerName in Policy (xs:anyURI) didn't match with the one in the SecurityContextToken (sss)");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java
deleted file mode 100644
index ca4f1ca..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SignedElementsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SignedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:SignedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- //additional SignedElements are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- signedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:SignedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
- "</sp:SignedElements>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- signedElementSecurityEvent = new SignedElementSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.add(new QName("http://example.org", "a"));
- signedElementSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://example.org}a must be signed");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java
deleted file mode 100644
index aa8a3da..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SignedPartsTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments>\n" +
- "<sp3:ContentSignatureTransform/>\n" +
- "<sp3:AttachmentCompleteSignatureTransform/>\n" +
- "</sp:Attachments>\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- //additional signedParts are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyMultipleAssertionEventsNegative() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments>\n" +
- "<sp3:ContentSignatureTransform/>\n" +
- "<sp3:AttachmentCompleteSignatureTransform/>\n" +
- "</sp:Attachments>\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedPartSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://example.org}a must be signed");
- }
- }
-
- @Test
- public void testPolicyAllHeaders() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyBodyNegative() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- try {
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body must be signed");
- }
- }
-
- @Test
- public void testPolicyWildcardHeader() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments>\n" +
- "<sp3:ContentSignatureTransform/>\n" +
- "<sp3:AttachmentCompleteSignatureTransform/>\n" +
- "</sp:Attachments>\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- //additional signedParts are also allowed!
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "b"));
- signedPartSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyWildcardHeaderNegative() throws Exception {
- String policyString =
- "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<sp:Body/>\n" +
- "<sp:Header Namespace=\"http://example.org\"/>\n" +
- "<sp:Attachments>\n" +
- "<sp3:ContentSignatureTransform/>\n" +
- "<sp3:AttachmentCompleteSignatureTransform/>\n" +
- "</sp:Attachments>\n" +
- "</sp:SignedParts>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
- headerPath.add(new QName("http://example.org", "a"));
- signedPartSecurityEvent.setElementPath(headerPath);
- try {
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://example.org}a must be signed");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java
deleted file mode 100644
index c7bb532..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.swssf.wss.securityEvent.SpnegoContextTokenSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SpnegoContextTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:MustNotSendCancel/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:MustNotSendCancel/>\n" +
- " </wsp:Policy>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SpnegoContextTokenSecurityEvent initiatorTokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SpnegoContextTokenSecurityEvent recipientTokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- //todo more tests
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
deleted file mode 100644
index c8b7ecc..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
+++ /dev/null
@@ -1,1568 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.opensaml.common.SAMLVersion;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityContext;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
-import org.swssf.wss.impl.securityToken.UsernameSecurityToken;
-import org.swssf.wss.impl.securityToken.X509SecurityToken;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.Date;
-
-/**
- * @author $Author: $
- * @version $Revision: $ $Date: $
- */
-public class SupportingTokensTest extends AbstractPolicyTestBase {
-
- @Test
- public void testSupportingTokenPolicy() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSupportingTokenPolicyNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: \n" +
- "X509Certificate Version 3 mismatch; Policy enforces WssX509V3Token11");
- }
- }
-
- @Test
- public void testX509SupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testX509SupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testX509SupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testX509SupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- x509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testUsernameSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:UsernameToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testUsernameSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:UsernameToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testUsernameSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:UsernameToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testUsernameSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:UsernameToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", null, new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testIssuedSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy/>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testIssuedSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy/>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testIssuedSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy/>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testIssuedSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:IssuedToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <sp:RequestSecurityTokenTemplate/>\n" +
- " <wsp:Policy/>\n" +
- " </sp:IssuedToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- securityContextTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKerberosSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKerberosSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testKerberosSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKerberosSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KerberosToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:KerberosToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KerberosTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSpnegoSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SpnegoContextTokenSecurityEvent tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSpnegoSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SpnegoContextTokenSecurityEvent tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testSpnegoSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SpnegoContextTokenSecurityEvent tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSpnegoSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SpnegoContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SpnegoContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SpnegoContextTokenSecurityEvent tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecurityContextTokenSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecurityContextToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecurityContextToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecureConversationTokenSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecureConversationTokenSecurityEvent tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecureConversationTokenSecurityEvent tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecureConversationTokenSecurityEvent tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SecureConversationToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SecureConversationToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecureConversationTokenSecurityEvent tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSamlTokenSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "CN=transmitter,OU=swssf,C=CH", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "CN=transmitter,OU=swssf,C=CH", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSamlTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testSamlTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "CN=transmitter,OU=swssf,C=CH", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testSamlTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:SamlToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy/>\n" +
- " </sp:SamlToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
- SecurityToken securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "CN=transmitter,OU=swssf,C=CH", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new SamlTokenSecurityEvent();
- securityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, "xs:anyURI", null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testRelTokenSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RelToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " </sp:RelToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testRelTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RelToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " </sp:RelToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testRelTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RelToken>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " </sp:RelToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testRelTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RelTokenSecurityEvent>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " </sp:RelTokenSecurityEvent>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("test");
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new RelTokenSecurityEvent();
- tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKeyValueTokenSupportingTokenPolicyAdditionalToken() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-dsa");
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-dsa");
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- }
- }
-
- @Test
- public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
- String policyString =
- "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:KeyValueToken>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RsaKeyValue/>\n" +
- " </wsp:Policy>\n" +
- " </sp:KeyValueToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SupportingTokens>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
- tokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java
deleted file mode 100644
index 269ef86..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java
+++ /dev/null
@@ -1,314 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.SecureConversationSecurityToken;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class SymmetricBindingTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- SecurityToken securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNotIncludeTimestamp() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- SecurityToken securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Timestamp must not be present");
- }
- }
-
- @Test
- public void testPolicyWrongProtectionOrder() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptBeforeSigning/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- SecurityToken securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- secureConversationTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Policy enforces EncryptBeforeSigning but the /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body was signed and then encrypted");
- }
- }
-
- @Test
- public void testPolicySignatureNotEncrypted() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:ProtectTokens/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- SecurityToken securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://www.w3.org/2000/09/xmldsig#}Signature must be encrypted");
- }
- }
-
- @Test
- public void testPolicyNotWholeBodySigned() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "<sp:EncryptSignature/>\n" +
- "<sp:OnlySignEntireHeadersAndBody/>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- SecureConversationTokenSecurityEvent initiatorTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- SecurityToken securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- SecureConversationTokenSecurityEvent recipientTokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- securityToken = new SecureConversationSecurityToken(null, null, null, "1", null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- try {
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body must be signed");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TokenProtectionTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/TokenProtectionTest.java
deleted file mode 100644
index 09b007b..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TokenProtectionTest.java
+++ /dev/null
@@ -1,468 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.X509SecurityToken;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.*;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class TokenProtectionTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- List<QName> bstPath = new ArrayList<QName>();
- bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- bstPath.add(WSSConstants.TAG_wsse_BinarySecurityToken);
-
- List<QName> sigPath = new ArrayList<QName>();
- sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- sigPath.add(WSSConstants.TAG_dsig_Signature);
-
- List<SecurityToken> securityTokens = new LinkedList<SecurityToken>();
-
- for (SecurityToken.TokenUsage tokenUsage : EnumSet.allOf(SecurityToken.TokenUsage.class)) {
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityTokens.add(securityToken);
-
- securityToken.setElementPath(bstPath);
- securityToken.addTokenUsage(tokenUsage);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- if (tokenUsage.name().contains("Signature") || tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
-
- if (tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(sigPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- SecurityToken mainSignatureToken = null;
- Iterator<SecurityToken> securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().contains(SecurityToken.TokenUsage.MainSignature)) {
- mainSignatureToken = securityToken;
- break;
- }
- }
-
- securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().get(0).name().contains("Signed")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(mainSignatureToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNoTokenProtection() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- List<QName> bstPath = new ArrayList<QName>();
- bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- bstPath.add(WSSConstants.TAG_wsse_BinarySecurityToken);
-
- List<QName> sigPath = new ArrayList<QName>();
- sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- sigPath.add(WSSConstants.TAG_dsig_Signature);
-
- List<SecurityToken> securityTokens = new LinkedList<SecurityToken>();
-
- for (SecurityToken.TokenUsage tokenUsage : EnumSet.allOf(SecurityToken.TokenUsage.class)) {
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityTokens.add(securityToken);
-
- securityToken.setElementPath(bstPath);
- securityToken.addTokenUsage(tokenUsage);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- if (tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(sigPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- SecurityToken mainSignatureToken = null;
- Iterator<SecurityToken> securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().contains(SecurityToken.TokenUsage.MainSignature)) {
- mainSignatureToken = securityToken;
- break;
- }
- }
-
- securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().get(0).name().contains("Signed")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(mainSignatureToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must not be signed by its signature.");
- }
- }
-
- @Test
- public void testPolicyElementNotSigned() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- List<QName> path = new ArrayList<QName>();
- path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- path.add(WSSConstants.TAG_wsse_BinarySecurityToken);
- securityToken.setElementPath(path);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, false, protectionOrder);
- signedElementSecurityEvent.setElementPath(path);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must be signed by its signature.");
- }
- }
-
- @Test
- public void testPolicyElementSignedByOtherSignature() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- List<QName> path = new ArrayList<QName>();
- path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- path.add(WSSConstants.TAG_wsse_BinarySecurityToken);
- securityToken.setElementPath(path);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(getX509Token(WSSConstants.X509V3Token), false, protectionOrder);
- signedElementSecurityEvent.setElementPath(path);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must be signed by its signature.");
- }
- }
-
- @Test
- public void testPolicyElementSignedByOtherSignatureReverseSecurityEventOrder() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- List<QName> path = new ArrayList<QName>();
- path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- path.add(WSSConstants.TAG_wsse_BinarySecurityToken);
- securityToken.setElementPath(path);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(getX509Token(WSSConstants.X509V3Token), false, protectionOrder);
- signedElementSecurityEvent.setElementPath(path);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
-
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must be signed by its signature.");
- }
- }
-
- @Test
- public void testPolicyEndorsingTokenNotSigningMainSignatureToken() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- List<QName> bstPath = new ArrayList<QName>();
- bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- bstPath.add(WSSConstants.TAG_wsse_BinarySecurityToken);
-
- List<QName> sigPath = new ArrayList<QName>();
- sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- sigPath.add(WSSConstants.TAG_dsig_Signature);
-
- List<SecurityToken> securityTokens = new LinkedList<SecurityToken>();
-
- for (SecurityToken.TokenUsage tokenUsage : EnumSet.allOf(SecurityToken.TokenUsage.class)) {
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
-
- securityTokens.add(securityToken);
-
- securityToken.setElementPath(bstPath);
- securityToken.addTokenUsage(tokenUsage);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- if (tokenUsage.name().contains("Signature") || tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- SecurityToken mainSignatureToken = null;
- Iterator<SecurityToken> securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().contains(SecurityToken.TokenUsage.MainSignature)) {
- mainSignatureToken = securityToken;
- break;
- }
- }
-
- securityTokenIterator = securityTokens.iterator();
- while (securityTokenIterator.hasNext()) {
- SecurityToken securityToken = securityTokenIterator.next();
- if (securityToken.getTokenUsages().get(0).name().contains("Signed")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(mainSignatureToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must sign the main signature.");
- }
- }
-
- @Test
- public void testPolicyMainSignatureNotSigningEndorsingSignatureTokens() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:ProtectTokens/>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
-
- List<QName> bstPath = new ArrayList<QName>();
- bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- bstPath.add(WSSConstants.TAG_wsse_BinarySecurityToken);
-
- List<QName> sigPath = new ArrayList<QName>();
- sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- sigPath.add(WSSConstants.TAG_dsig_Signature);
-
- for (SecurityToken.TokenUsage tokenUsage : EnumSet.allOf(SecurityToken.TokenUsage.class)) {
- X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
- X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
-
- securityToken.setElementPath(bstPath);
- securityToken.addTokenUsage(tokenUsage);
- x509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
-
- if (tokenUsage.name().contains("Signature") || tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(bstPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
-
- if (tokenUsage.name().contains("Endorsing")) {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
- signedElementSecurityEvent.setElementPath(sigPath);
- policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
- }
- }
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Main signature must sign the Signed*Supporting-Tokens.");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java
deleted file mode 100644
index 52c2d76..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java
+++ /dev/null
@@ -1,1418 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyInputProcessor;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.HttpsSecurityToken;
-import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
-import org.swssf.wss.test.CallbackHandlerImpl;
-import org.apache.xml.security.stax.ext.SecurePart;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import java.io.*;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class TransportBindingIntegrationTest extends AbstractPolicyTestBase {
-
- @Test
- public void testIncludeTimestampPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testIncludeTimestampPolicyNegativeTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present");
- }
- }
-
- @Test
- public void testIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testIncludeTimestampAndSignedUsernameSupportingTokenPolicyNegativeTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied");
- }
- }
-
- @Test
- public void testIncludeTimestampAndProtectionOrderEncryptBeforeSignAndSignedUsernameSupportingTokenPolicyTest() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <sp:NoPassword/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testHttpsClientAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:RequireClientCertificate/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Created" +
- " </sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
- " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" " +
- " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
- " /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp/wsu:Expires" +
- " </sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <!--<sp:HashPassword/>-->\n" +
- " <sp:NoPassword/>\n" +
- " <!--<sp:Created/>\n" +
- " <sp:Nonce/>-->\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "CN=transmitter,OU=swssf,C=CH", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testHttpsClientAuthenticationPolicyNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:RequireClientCertificate/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " <sp:SignedSupportingTokens>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <wsp:Policy>\n" +
- " <!--<sp:HashPassword/>-->\n" +
- " <sp:NoPassword/>\n" +
- " <!--<sp:Created/>\n" +
- " <sp:Nonce/>-->\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:SignedSupportingTokens>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("CN=example,OU=swssf,C=CH");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "CN=example,OU=swssf,C=CH", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "IssuerName in Policy (CN=transmitter,OU=swssf,C=CH) didn't match with the one in the HttpsToken (CN=example,OU=swssf,C=CH)");
- }
- }
-
- @Test
- public void testSignatureAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), WSSConstants.TAG_wsu_Timestamp.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Created.getNamespaceURI(), WSSConstants.TAG_wsu_Created.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Expires.getNamespaceURI(), WSSConstants.TAG_wsu_Expires.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Asymmetric algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 does not meet policy");
- }
- }
-
- @Test
- public void testC14NAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2006/12/xml-c14n11");
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), WSSConstants.TAG_wsu_Timestamp.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Created.getNamespaceURI(), WSSConstants.TAG_wsu_Created.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Expires.getNamespaceURI(), WSSConstants.TAG_wsu_Expires.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "C14N algorithm http://www.w3.org/2006/12/xml-c14n11 does not meet policy");
- }
- }
-
- @Test
- public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), WSSConstants.TAG_wsu_Timestamp.getLocalPart()), SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Created.getNamespaceURI(), WSSConstants.TAG_wsu_Created.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Expires.getNamespaceURI(), WSSConstants.TAG_wsu_Expires.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
- }
- }
-
- @Test
- public void testEncryptionAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), WSSConstants.TAG_wsu_Timestamp.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Created.getNamespaceURI(), WSSConstants.TAG_wsu_Created.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Expires.getNamespaceURI(), WSSConstants.TAG_wsu_Expires.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Encryption algorithm http://www.w3.org/2001/04/xmlenc#tripledes-cbc does not meet policy\n" +
- "Symmetric encryption algorithm key length 192 does not meet policy");
- }
- }
-
- /*@Test
- public void testLayoutLaxTimestampFirstNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:LaxTsFirst/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), WSSConstants.TAG_wsu_Timestamp.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Created.getNamespaceURI(), WSSConstants.TAG_wsu_Created.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_wsu_Expires.getNamespaceURI(), WSSConstants.TAG_wsu_Expires.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap12_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "transmitter", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- Assert.fail("Exception expected");
- } catch (XMLStreamException e) {
- Assert.assertTrue(e.getCause() instanceof WSSecurityException);
- Assert.assertEquals(e.getCause().getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Policy enforces LaxTsFirst but X509Token occured first");
- }
- }*/
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java
deleted file mode 100644
index 4b9942c..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.HttpsSecurityToken;
-import org.swssf.wss.securityEvent.*;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class TransportBindingTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "username", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNotIncludeTimestamp() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "username", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "Timestamp must not be present");
- }
- }
-
- @Test
- public void testPolicySignatureNotEncrypted() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "username", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNotWholeBodySigned() throws Exception {
- String policyString =
- "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "<sp:IncludeTimestamp/>\n" +
- "</wsp:Policy>\n" +
- "</sp:TransportBinding>";
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
- policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
-
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- List<QName> headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsu_Timestamp);
- requiredElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- HttpsSecurityToken httpsSecurityToken = new HttpsSecurityToken(true, "username", null);
- httpsSecurityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_dsig_Signature);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
- headerPath = new ArrayList<QName>();
- headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
- headerPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
- encryptedElementSecurityEvent.setElementPath(headerPath);
- policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java
deleted file mode 100644
index 35084b8..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java
+++ /dev/null
@@ -1,200 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyViolationException;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityContext;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.impl.securityToken.UsernameSecurityToken;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.swssf.wss.securityEvent.UsernameTokenSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.Date;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class UsernameTokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:HashPassword/>\n" +
- " <sp:WssUsernameToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:HashPassword/>\n" +
- " <sp:WssUsernameToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- UsernameTokenSecurityEvent initiatorTokenSecurityEvent = new UsernameTokenSecurityEvent();
- initiatorTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- initiatorTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
-
- UsernameTokenSecurityEvent recipientTokenSecurityEvent = new UsernameTokenSecurityEvent();
- recipientTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
- recipientTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:EncryptionToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:HashPassword/>\n" +
- " <sp:WssUsernameToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:EncryptionToken>\n" +
- "<sp:SignatureToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:UsernameToken>\n" +
- " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:HashPassword/>\n" +
- " <sp:WssUsernameToken11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:UsernameToken>\n" +
- " </wsp:Policy>\n" +
- "</sp:SignatureToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:SymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
- usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
- usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- SecurityToken securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- usernameTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
-
- UsernameTokenSecurityEvent recipientTokenSecurityEvent = new UsernameTokenSecurityEvent();
- recipientTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
- recipientTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
- securityToken = new UsernameSecurityToken(
- "username", "password", new Date().toString(), new byte[10], new byte[10], Long.valueOf(10),
- (WSSecurityContext) null, null, null);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientTokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "\n" +
- "UsernameToken does not contain a hashed password");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java
deleted file mode 100644
index 904c664..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyEnforcerFactory;
-import org.swssf.policy.PolicyInputProcessor;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.test.AbstractTestBase;
-import org.swssf.wss.test.CallbackHandlerImpl;
-import org.apache.xml.security.stax.ext.SecurePart;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.util.Properties;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class VulnerabliltyVectorsTest extends AbstractTestBase {
-
- /**
- * Tests what happens when an soapAction from an other operation is provided.
- * Can the policy framework be bypassed?
- */
- @Test
- public void testSOAPActionSpoofing() throws Exception {
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("emptyPolicy");
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
- Assert.fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- Throwable throwable = e.getCause();
- Assert.assertNotNull(throwable);
- Assert.assertTrue(throwable instanceof WSSecurityException);
- Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.apache.ws.secpolicy.WSSPolicyException: SOAPAction (emptyPolicyOperation) does not match with the current Operation: {http://schemas.xmlsoap.org/wsdl/}definitions");
- }
- }
-
- @Test
- public void testSignedBodyRelocationToHeader() throws Exception {
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
- String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
- Properties properties = new Properties();
- properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
- properties.setProperty(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
- Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
-
- XPathExpression xPathExpression = getXPath("/env:Envelope/env:Body");
- Element bodyElement = (Element) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
- Element soapEnvElement = (Element) bodyElement.getParentNode();
- soapEnvElement.removeChild(bodyElement);
-
- Element newBody = securedDocument.createElementNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
- Element operationElement = securedDocument.createElementNS("http://schemas.xmlsoap.org/wsdl/", "definitions");
- newBody.appendChild(operationElement);
- soapEnvElement.appendChild(newBody);
-
- xPathExpression = getXPath("/env:Envelope/env:Header");
- Element headerElement = (Element) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
- headerElement.appendChild(bodyElement);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid!
- inSecurityProperties.setDisableSchemaValidation(true);
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("goodPolicy");
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- doInboundSecurity(inSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), policyEnforcer);
- Assert.fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- Throwable throwable = e.getCause();
- Assert.assertNotNull(throwable);
- Assert.assertTrue(throwable instanceof WSSecurityException);
- Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Body must be signed");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/WSP13SpecTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/WSP13SpecTest.java
deleted file mode 100644
index c2d702d..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/WSP13SpecTest.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.WSSecurityEventConstants;
-import org.swssf.wss.test.InboundWSSecurityContextImplTest;
-import org.testng.Assert;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
-import java.util.List;
-
-/**
- * @author $Author: $
- * @version $Revision: $ $Date: $
- */
-public class WSP13SpecTest extends AbstractPolicyTestBase {
-
- private InboundWSSecurityContextImplTest inboundWSSecurityContextImplTest = new InboundWSSecurityContextImplTest();
-
- @DataProvider(name = "ignoreEventsTransportBindingC11a")
- public Object[][] ignoreEventsTransportBindingC11a() {
- return new Object[][]{
- {null, null, null},
- {WSSecurityEventConstants.HttpsToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied"},
- {WSSecurityEventConstants.RequiredElement, 2, "\nElement /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {WSSecurityEventConstants.UsernameToken, 3, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
- };
- }
-
- @Test(dataProvider = "ignoreEventsTransportBindingC11a")
- public void testTransportBindingC11a(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage) throws Exception {
- String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", "UTF-8");
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
- applyPolicy(ignoreEvent, eventIndex, expectedErrorMessage, policyEnforcer, securityEventList);
- }
-
- @DataProvider(name = "ignoreEventsAsymmetricBindingC31a")
- public Object[][] ignoreEventsAsymmetricBindingC31a() {
- return new Object[][]{
- {null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "\nElement /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 7, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- };
- }
-
- @Test(dataProvider = "ignoreEventsAsymmetricBindingC31a")
- public void testAsymmetricBindingC31a(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage) throws Exception {
- String policyString = loadResourceAsString("testdata/policy/asymmetricBindingPolicyC31.xml", "UTF-8");
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateAsymmetricBindingSecurityEvents();
- applyPolicy(ignoreEvent, eventIndex, expectedErrorMessage, policyEnforcer, securityEventList);
- }
-
- @DataProvider(name = "ignoreEventsSymmetricBindingC21a")
- public Object[][] ignoreEventsSymmetricBindingC21a() {
- return new Object[][]{
- {null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "\nElement /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
- };
- }
-
- @Test(dataProvider = "ignoreEventsSymmetricBindingC21a")
- public void testSymmetricBindingC21a(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage) throws Exception {
- String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", "UTF-8");
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
- applyPolicy(ignoreEvent, eventIndex, expectedErrorMessage, policyEnforcer, securityEventList);
- }
-
- @DataProvider(name = "ignoreEventsSymmetricBindingC21b")
- public Object[][] ignoreEventsSymmetricBindingC21b() {
- return new Object[][]{
- {null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "\nElement /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
- };
- }
-
- @Test(dataProvider = "ignoreEventsSymmetricBindingC21b")
- public void testSymmetricBindingC21b(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage) throws Exception {
- String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", "UTF-8");
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-
- List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
- applyPolicy(ignoreEvent, eventIndex, expectedErrorMessage, policyEnforcer, securityEventList);
- }
-
- private void applyPolicy(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage, PolicyEnforcer policyEnforcer, List<SecurityEvent> securityEventList) throws WSSecurityException {
- try {
- for (int i = 0; i < securityEventList.size(); i++) {
- SecurityEvent securityEvent = securityEventList.get(i);
- if (eventIndex != null && eventIndex == -1 && securityEvent.getSecurityEventType() == ignoreEvent) {
- continue;
- }
- if (eventIndex != null && i == eventIndex && securityEvent.getSecurityEventType() != ignoreEvent) {
- for (int j = 0; j < securityEventList.size(); j++) {
- System.out.println(j + " " + securityEventList.get(j));
- }
- Assert.fail("Event at index " + eventIndex + " is not of type " + ignoreEvent);
- }
- if (ignoreEvent == null || i != eventIndex) {
- policyEnforcer.registerSecurityEvent(securityEvent);
- }
- }
-
- policyEnforcer.doFinal();
- if (ignoreEvent != null) {
- Assert.fail("Expected WSSPolicyException");
- }
- } catch (WSSPolicyException e) {
- //Exception for policyEnforcer.doFinal();
- if (ignoreEvent == null) {
- Assert.fail("Unexpected WSSPolicyException");
- }
- Assert.assertEquals(e.getMessage(), expectedErrorMessage);
- } catch (WSSecurityException e) {
- //Exception for policyEnforcer.registerSecurityEvent(securityEvent);
- if (ignoreEvent == null) {
- Assert.fail("Unexpected WSSPolicyException");
- }
- Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
- Assert.assertEquals(e.getCause().getMessage(), expectedErrorMessage);
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java b/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java
deleted file mode 100644
index 34438fa..0000000
--- a/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.swssf.policy.test;
-
-import org.swssf.policy.PolicyEnforcer;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.OperationSecurityEvent;
-import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import javax.xml.namespace.QName;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author $Author$
- * @version $Revision$ $Date$
- */
-public class X509TokenTest extends AbstractPolicyTestBase {
-
- @Test
- public void testPolicy() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
-
- X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
- policyEnforcer.doFinal();
- }
-
- @Test
- public void testPolicyNegative() throws Exception {
- String policyString =
- "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
- "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- "<sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:InitiatorToken>\n" +
- "<sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token>\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
- " <sp:RequireThumbprintReference/>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- "</sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- "</wsp:Policy>\n" +
- "</sp:AsymmetricBinding>";
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
- SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
- initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
-
- X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
- securityToken = getX509Token(WSSConstants.X509V3Token);
- securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
- recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
- policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
-
- List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
- protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
- protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
- contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
-
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
-
- try {
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- Assert.fail("Exception expected");
- } catch (WSSecurityException e) {
- Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
- "\torg.swssf.policy.PolicyViolationException: \n" +
- "X509Certificate Version 3 mismatch; Policy enforces WssX509V3Token11");
- }
- }
-}
diff --git a/streaming-ws-policy/src/test/resources/log4j-wsp.xml b/streaming-ws-policy/src/test/resources/log4j-wsp.xml
deleted file mode 100755
index e314adc..0000000
--- a/streaming-ws-policy/src/test/resources/log4j-wsp.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-<log4j:configuration debug="false" xmlns:log4j="http://jakarta.apache.org/log4j/">
- <appender name="FILE" class="org.apache.log4j.FileAppender">
- <param name="File" value="target/logging.log"/>
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n"/>
- </layout>
- </appender>
- <appender name="STDOUT" class="org.apache.log4j.ConsoleAppender">
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n"/>
- </layout>
- </appender>
- <logger name="org.swssf.policy.PolicyEnforcer">
- <level value="INFO"/>
- </logger>
- <root>
- <level value="INFO"/>
- <appender-ref ref="FILE"/>
- <!--<appender-ref ref="STDOUT"/>-->
- </root>
-</log4j:configuration>
diff --git a/streaming-ws-policy/src/test/resources/testdata/policy/asymmetricBindingPolicyC31.xml b/streaming-ws-policy/src/test/resources/testdata/policy/asymmetricBindingPolicyC31.xml
deleted file mode 100644
index c51451a..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/policy/asymmetricBindingPolicyC31.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:AsymmetricBinding>
- <wsp:Policy>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
- <wsp:Policy>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
- <wsp:Policy>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp />
- <sp:EncryptBeforeSigning />
- <sp:EncryptSignature />
- <sp:ProtectTokens />
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedEncryptedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedEncryptedSupportingTokens>
- <sp:SignedEndorsingSupportingTokens>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- <sp:WssX509v3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:SignedEndorsingSupportingTokens>
- <sp:Wss11>
- <wsp:Policy>
- <sp:RequireSignatureConfirmation />
- </wsp:Policy>
- </sp:Wss11>
-</wsp:Policy>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/policy/policy1.xml b/streaming-ws-policy/src/test/resources/testdata/policy/policy1.xml
deleted file mode 100644
index dd0e8ec..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/policy/policy1.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21a.xml b/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21a.xml
deleted file mode 100644
index 599abc1..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21a.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once" >
- <sp:Issuer>...</sp:Issuer>
- <sp:RequestSecurityTokenTemplate>
- ...
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- </wsp:Policy>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp />
- <sp:EncryptBeforeSigning />
- <sp:EncryptSignature />
- <sp:ProtectTokens />
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SignedEncryptedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedEncryptedSupportingTokens>
- <sp:SignedEndorsingSupportingTokens>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- <sp:WssX509v3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:SignedEndorsingSupportingTokens>
- <sp:Wss11>
- <wsp:Policy>
- <sp:RequireSignatureConfirmation />
- </wsp:Policy>
- </sp:Wss11>
-</wsp:Policy>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21b.xml b/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21b.xml
deleted file mode 100644
index 9dbe9af..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/policy/symmetricBindingPolicyC21b.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:EncryptionToken>
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once" >
- <sp:Issuer>...</sp:Issuer>
- <sp:RequestSecurityTokenTemplate>
- ...
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- </wsp:Policy>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:EncryptionToken>
- <sp:SignatureToken>
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once" >
- <sp:Issuer>...</sp:Issuer>
- <sp:RequestSecurityTokenTemplate>
- ...
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- </wsp:Policy>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SignatureToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp />
- <sp:EncryptBeforeSigning />
- <sp:EncryptSignature />
- <sp:ProtectTokens />
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SignedEncryptedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedEncryptedSupportingTokens>
- <sp:SignedEndorsingSupportingTokens>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- <sp:WssX509v3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:SignedEndorsingSupportingTokens>
- <sp:Wss11>
- <wsp:Policy>
- <sp:RequireSignatureConfirmation />
- </wsp:Policy>
- </sp:Wss11>
-</wsp:Policy>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/policy/transportBindingPolicyC11.xml b/streaming-ws-policy/src/test/resources/testdata/policy/transportBindingPolicyC11.xml
deleted file mode 100644
index a7db39f..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/policy/transportBindingPolicyC11.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:TransportBinding>
- <wsp:Policy>
- <sp:TransportToken>
- <wsp:Policy>
- <sp:HttpsToken>
- <wsp:Policy>
- </wsp:Policy>
- </sp:HttpsToken>
- </wsp:Policy>
- </sp:TransportToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp />
- </wsp:Policy>
- </sp:TransportBinding>
- <sp:SignedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
- <sp:SignedEndorsingSupportingTokens>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
- <wsp:Policy>
- <sp:WssX509v3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:SignedEndorsingSupportingTokens>
- <sp:Wss11>
- <sp:RequireSignatureConfirmation xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"/>
- </sp:Wss11>
-</wsp:Policy>
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/wsdl/StockQuote.wsdl b/streaming-ws-policy/src/test/resources/testdata/wsdl/StockQuote.wsdl
deleted file mode 100644
index 91fccfb..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/wsdl/StockQuote.wsdl
+++ /dev/null
@@ -1,54 +0,0 @@
-<wsdl11:definitions name="StockQuote"
- targetNamespace="http://www.example.com/stock/binding"
- xmlns:tns="http://www.example.com/stock/binding"
- xmlns:fab="http://www.example.com/stock"
- xmlns:rmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:wsdl11="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsoap12="http://schemas.xmlsoap.org/wsdl/soap12/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >
- <wsp:Policy wsu:Id="RmPolicy" >
- <rmp:RMAssertion>
- <wsp:Policy/>
- </rmp:RMAssertion>
- </wsp:Policy>
- <wsp:Policy wsu:Id="X509EndpointPolicy" >
- <sp:AsymmetricBinding>
- <wsp:Policy>
- <!-- Details omitted for readability -->
- <sp:IncludeTimestamp />
- <sp:OnlySignEntireHeadersAndBody />
- </wsp:Policy>
- </sp:AsymmetricBinding>
- </wsp:Policy>
- <wsp:Policy wsu:Id="SecureMessagePolicy" >
- <sp:SignedParts>
- <sp:Body />
- </sp:SignedParts>
- <sp:EncryptedParts>
- <sp:Body />
- </sp:EncryptedParts>
- </wsp:Policy>
-<!-- <wsdl11:import namespace="http://www.example.com/stock"
- location="http://www.example.com/stock/stock.wsdl" /> -->
- <wsdl11:binding name="StockQuoteSoapBinding" type="fab:Quote" >
- <wsoap12:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http" />
- <wsp:PolicyReference URI="#RmPolicy" wsdl11:required="true" />
- <wsp:PolicyReference URI="#X509EndpointPolicy" wsdl11:required="true" />
- <wsdl11:operation name="GetLastTradePrice" >
- <wsoap12:operation soapAction="http://www.example.com/stock/Quote/GetLastTradePriceRequest" />
- <wsdl11:input>
- <wsoap12:body use="literal" />
- <wsp:PolicyReference URI="#SecureMessagePolicy"
- wsdl11:required="true" />
- </wsdl11:input>
- <wsdl11:output>
- <wsoap12:body use="literal" />
- <wsp:PolicyReference URI="#SecureMessagePolicy"
- wsdl11:required="true" />
- </wsdl11:output>
- </wsdl11:operation>
- </wsdl11:binding>
- </wsdl11:definitions>
diff --git a/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl b/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl
deleted file mode 100644
index 545eaa9..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl
+++ /dev/null
@@ -1,147 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions
- name="PlainService"
- targetNamespace="http://www.example.net/WSDLService"
- xmlns:tns="http://www.example.net/WSDLService"
- xmlns:wsp12="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- >
-
- <wsdl:types>
- <xs:schema>
- <xs:import namespace="http://schemas.xmlsoap.org/wsdl/"
- schemaLocation="wsdl.xsd"/>
- </xs:schema>
- </wsdl:types>
-
- <wsp12:Policy wsu:Id="MessagePolicy3">
- <wsp12:ExactlyOne>
- <wsp12:All>
- <sp:AsymmetricBinding>
- <wsp12:Policy>
- <sp:AlgorithmSuite>
- <wsp12:Policy>
- <sp:Basic256Rsa15/>
- </wsp12:Policy>
- </sp:AlgorithmSuite>
- <sp:IncludeTimestamp/>
- </wsp12:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedParts>
- <sp:Body/>
- </sp:SignedParts>
- <!--<sp:EncryptedParts>
- <sp:Body/>
- </sp:EncryptedParts>-->
- </wsp12:All>
- </wsp12:ExactlyOne>
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="MessagePolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="MessagePolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="PortTypePolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OperationPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="InputPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OutputPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="FaultPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="BindingPolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OperationPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="InputPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OutputPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="FaultPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="ServicePolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="PortPolicy">
- </wsp12:Policy>
-
- <wsdl:message name="WsdlRequestNoPolicy">
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
- <wsdl:message name="WsdlRequest">
- <wsp12:PolicyReference URI="#MessagePolicy3"/>
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
- <wsdl:message name="WsdlResponse">
- <wsp12:PolicyReference URI="#MessagePolicy2"/>
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
- <wsdl:message name="WsdlFault">
- <wsp12:PolicyReference URI="#MessagePolicy1"/>
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
-
- <wsdl:portType name="WsdlPort">
- <wsp12:PolicyReference URI="#PortTypePolicy"/>
- <wsdl:operation name="definitions">
- <wsp12:PolicyReference URI="#OperationPolicy2"/>
- <wsdl:input message="tns:WsdlRequest">
- <!-- attaching policies is per wsdl.xsd not allowed here. But the spec
- http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/#MessagePolicySubject
- states it's possible... hmmm -->
- <wsp12:PolicyReference URI="#InputPolicy2"/>
- </wsdl:input>
- <wsdl:output message="tns:WsdlResponse">
- <wsp12:PolicyReference URI="#OutputPolicy2"/>
- </wsdl:output>
- <wsdl:fault name="WsdlFault" message="tns:WsdlFault">
- <wsp12:PolicyReference URI="#FaultPolicy2"/>
- </wsdl:fault>
- </wsdl:operation>
- <wsdl:operation name="emptyPolicyOperation">
- <wsdl:input message="tns:WsdlRequestNoPolicy">
- </wsdl:input>
- </wsdl:operation>
- </wsdl:portType>
-
- <wsdl:binding name="WsdlSOAPBinding" type="tns:WsdlPort">
- <wsp12:PolicyReference URI="#BindingPolicy"/>
- <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
- <wsdl:operation name="definitions">
- <wsp12:PolicyReference URI="#OperationPolicy1"/>
- <soap:operation soapAction="goodPolicy" style="document"/>
- <wsdl:input>
- <wsp12:PolicyReference URI="#InputPolicy1"/>
- <soap:body use="literal"/>
- </wsdl:input>
- <wsdl:output>
- <wsp12:PolicyReference URI="#OutputPolicy1"/>
- <soap:body use="literal"/>
- </wsdl:output>
- <wsdl:fault name="WsdlFault">
- <wsp12:PolicyReference URI="#FaultPolicy1"/>
- <soap:fault name="WsdlFault" use="literal"/>
- </wsdl:fault>
- </wsdl:operation>
- <wsdl:operation name="emptyPolicyOperation">
- <soap:operation soapAction="emptyPolicy" style="document"/>
- <wsdl:input>
- <soap:body use="literal"/>
- </wsdl:input>
- </wsdl:operation>
- </wsdl:binding>
-
- <wsdl:service name="WsdlService">
- <wsp12:PolicyReference URI="#ServicePolicy"/>
- <wsdl:port name="Wsdl" binding="tns:WsdlSOAPBinding">
- <wsp12:PolicyReference URI="#PortPolicy"/>
- <soap:address
- location="http://localhost:8080/WsdlService"/>
- </wsdl:port>
- </wsdl:service>
-</wsdl:definitions>
-
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl b/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl
deleted file mode 100644
index 0113257..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl
+++ /dev/null
@@ -1,66 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions
- name="PlainService"
- targetNamespace="http://www.example.net/WSDLService"
- xmlns:tns="http://www.example.net/WSDLService"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- >
-
- <wsdl:types>
- <xs:schema>
- </xs:schema>
- </wsdl:types>
-
- <wsp:Policy wsu:Id="Policy1">
- </wsp:Policy>
-
- <wsdl:message name="WsdlRequest">
- <wsp:PolicyReference URI="#Policy1"/>
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
- <wsdl:message name="WsdlResponse">
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
- <wsdl:message name="WsdlFault">
- <wsdl:part name="parameters" element="wsdl:definitions"/>
- </wsdl:message>
-
- <wsdl:portType name="WsdlPort">
- <wsdl:operation name="definitions">
- <wsdl:input message="tns:WsdlRequest">
- </wsdl:input>
- <wsdl:output message="tns:WsdlResponse">
- </wsdl:output>
- <wsdl:fault name="WsdlFault" message="tns:WsdlFault">
- </wsdl:fault>
- </wsdl:operation>
- </wsdl:portType>
-
- <wsdl:binding name="WsdlSOAPBinding" type="tns:WsdlPort">
- <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
- <wsdl:operation name="definitions">
- <soap:operation soapAction="" style="document"/>
- <wsdl:input>
- <soap:body use="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:body use="literal"/>
- </wsdl:output>
- <wsdl:fault name="WsdlFault">
- <soap:fault name="WsdlFault" use="literal"/>
- </wsdl:fault>
- </wsdl:operation>
- </wsdl:binding>
-
- <wsdl:service name="WsdlService">
- <wsdl:port name="Wsdl" binding="tns:WsdlSOAPBinding">
- <soap:address
- location="http://localhost:8080/WsdlService"/>
- </wsdl:port>
- </wsdl:service>
-</wsdl:definitions>
-
\ No newline at end of file
diff --git a/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl.xsd b/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl.xsd
deleted file mode 100644
index b69c377..0000000
--- a/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl.xsd
+++ /dev/null
@@ -1,310 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
-
-Copyright 2001 - 2005, International Business Machines Corporation and Microsoft Corporation
-All Rights Reserved
-
-License for WSDL Schema Files
-
-The Authors grant permission to copy and distribute the WSDL Schema
-Files in any medium without fee or royalty as long as this notice and
-license are distributed with them. The originals of these files can
-be located at:
-
-http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd
-
-THESE SCHEMA FILES ARE PROVIDED "AS IS," AND THE AUTHORS MAKE NO REPRESENTATIONS
-OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THESE FILES, INCLUDING, BUT NOT
-LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
-NON-INFRINGEMENT OR TITLE. THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT,
-INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR
-RELATING TO ANY USE OR DISTRIBUTION OF THESE FILES.
-
-The name and trademarks of the Authors may NOT be used in any manner,
-including advertising or publicity pertaining to these files or any program
-or service that uses these files, written prior permission. Title to copyright
-in these files will at all times remain with the Authors.
-
-No other rights are granted by implication, estoppel or otherwise.
-
-
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- targetNamespace="http://schemas.xmlsoap.org/wsdl/"
- elementFormDefault="qualified" >
-
- <xs:complexType mixed="true" name="tDocumentation" >
- <xs:sequence>
- <xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="tDocumented" >
- <xs:annotation>
- <xs:documentation>
- This type is extended by component types to allow them to be documented
- </xs:documentation>
- </xs:annotation>
- <xs:sequence>
- <xs:element name="documentation" type="wsdl:tDocumentation" minOccurs="0" />
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="tExtensibleAttributesDocumented" abstract="true" >
- <xs:complexContent>
- <xs:extension base="wsdl:tDocumented" >
- <xs:annotation>
- <xs:documentation>
- This type is extended by component types to allow attributes from other namespaces to be added.
- </xs:documentation>
- </xs:annotation>
- <xs:anyAttribute namespace="##other" processContents="lax" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tExtensibleDocumented" abstract="true" >
- <xs:complexContent>
- <xs:extension base="wsdl:tDocumented" >
- <xs:annotation>
- <xs:documentation>
- This type is extended by component types to allow elements from other namespaces to be added.
- </xs:documentation>
- </xs:annotation>
- <xs:sequence>
- <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:element name="definitions" type="wsdl:tDefinitions" >
- <xs:key name="message" >
- <xs:selector xpath="wsdl:message" />
- <xs:field xpath="@name" />
- </xs:key>
- <xs:key name="portType" >
- <xs:selector xpath="wsdl:portType" />
- <xs:field xpath="@name" />
- </xs:key>
- <xs:key name="binding" >
- <xs:selector xpath="wsdl:binding" />
- <xs:field xpath="@name" />
- </xs:key>
- <xs:key name="service" >
- <xs:selector xpath="wsdl:service" />
- <xs:field xpath="@name" />
- </xs:key>
- <xs:key name="import" >
- <xs:selector xpath="wsdl:import" />
- <xs:field xpath="@namespace" />
- </xs:key>
- </xs:element>
-
- <xs:group name="anyTopLevelOptionalElement" >
- <xs:annotation>
- <xs:documentation>
- Any top level optional element allowed to appear more then once - any child of definitions element except wsdl:types. Any extensibility element is allowed in any place.
- </xs:documentation>
- </xs:annotation>
- <xs:choice>
- <xs:element name="import" type="wsdl:tImport" />
- <xs:element name="types" type="wsdl:tTypes" />
- <xs:element name="message" type="wsdl:tMessage" >
- <xs:unique name="part" >
- <xs:selector xpath="wsdl:part" />
- <xs:field xpath="@name" />
- </xs:unique>
- </xs:element>
- <xs:element name="portType" type="wsdl:tPortType" />
- <xs:element name="binding" type="wsdl:tBinding" />
- <xs:element name="service" type="wsdl:tService" >
- <xs:unique name="port" >
- <xs:selector xpath="wsdl:port" />
- <xs:field xpath="@name" />
- </xs:unique>
- </xs:element>
- </xs:choice>
- </xs:group>
-
- <xs:complexType name="tDefinitions" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:group ref="wsdl:anyTopLevelOptionalElement" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="targetNamespace" type="xs:anyURI" use="optional" />
- <xs:attribute name="name" type="xs:NCName" use="optional" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tImport" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleAttributesDocumented" >
- <xs:attribute name="namespace" type="xs:anyURI" use="required" />
- <xs:attribute name="location" type="xs:anyURI" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tTypes" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" />
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tMessage" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:element name="part" type="wsdl:tPart" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tPart" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleAttributesDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="required" />
- <xs:attribute name="element" type="xs:QName" use="optional" />
- <xs:attribute name="type" type="xs:QName" use="optional" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tPortType" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleAttributesDocumented" >
- <xs:sequence>
- <xs:element name="operation" type="wsdl:tOperation" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tOperation" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:choice>
- <xs:group ref="wsdl:request-response-or-one-way-operation" />
- <xs:group ref="wsdl:solicit-response-or-notification-operation" />
- </xs:choice>
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- <xs:attribute name="parameterOrder" type="xs:NMTOKENS" use="optional" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:group name="request-response-or-one-way-operation" >
- <xs:sequence>
- <xs:element name="input" type="wsdl:tParam" />
- <xs:sequence minOccurs='0' >
- <xs:element name="output" type="wsdl:tParam" />
- <xs:element name="fault" type="wsdl:tFault" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- </xs:sequence>
- </xs:group>
-
- <xs:group name="solicit-response-or-notification-operation" >
- <xs:sequence>
- <xs:element name="output" type="wsdl:tParam" />
- <xs:sequence minOccurs='0' >
- <xs:element name="input" type="wsdl:tParam" />
- <xs:element name="fault" type="wsdl:tFault" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- </xs:sequence>
- </xs:group>
-
- <xs:complexType name="tParam" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleAttributesDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="optional" />
- <xs:attribute name="message" type="xs:QName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tFault" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleAttributesDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="required" />
- <xs:attribute name="message" type="xs:QName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tBinding" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:element name="operation" type="wsdl:tBindingOperation" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- <xs:attribute name="type" type="xs:QName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tBindingOperationMessage" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="optional" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tBindingOperationFault" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tBindingOperation" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:element name="input" type="wsdl:tBindingOperationMessage" minOccurs="0" />
- <xs:element name="output" type="wsdl:tBindingOperationMessage" minOccurs="0" />
- <xs:element name="fault" type="wsdl:tBindingOperationFault" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tService" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:sequence>
- <xs:element name="port" type="wsdl:tPort" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:NCName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="tPort" >
- <xs:complexContent>
- <xs:extension base="wsdl:tExtensibleDocumented" >
- <xs:attribute name="name" type="xs:NCName" use="required" />
- <xs:attribute name="binding" type="xs:QName" use="required" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:attribute name="arrayType" type="xs:string" />
- <xs:attribute name="required" type="xs:boolean" />
- <xs:complexType name="tExtensibilityElement" abstract="true" >
- <xs:attribute ref="wsdl:required" use="optional" />
- </xs:complexType>
-
-</xs:schema>
\ No newline at end of file
