|
Apache CXF example source code file (PolicyBasedWss4JInOutTest.java)
The Apache CXF PolicyBasedWss4JInOutTest.java source code/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cxf.ws.security.wss4j; import java.net.URL; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.Vector; import java.util.concurrent.Executor; import javax.xml.namespace.NamespaceContext; import javax.xml.namespace.QName; import javax.xml.soap.Node; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPMessage; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathExpression; import javax.xml.xpath.XPathFactory; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.apache.cxf.Bus; import org.apache.cxf.BusException; import org.apache.cxf.binding.Binding; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.feature.AbstractFeature; import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider; import org.apache.cxf.message.Message; import org.apache.cxf.service.Service; import org.apache.cxf.service.model.BindingInfo; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.transport.MessageObserver; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyBuilder; import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.SP12Constants; import org.apache.cxf.ws.security.policy.model.AsymmetricBinding; import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal; import org.apache.neethi.Policy; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSDataRef; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.handler.WSHandlerResult; import org.apache.ws.security.util.WSSecurityUtil; import org.junit.Test; public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest { private PolicyBuilder policyBuilder; @Test public void testSignedElementsPolicyWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "signed_x509_issuer_serial_missing_signed_header.xml", "signed_elements_policy.xml", null, SP12Constants.SIGNED_ELEMENTS, CoverageType.SIGNED); } @Test public void testSignedElementsPolicyWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "signed_elements_policy.xml", SP12Constants.SIGNED_ELEMENTS, null, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "signed_elements_policy.xml", null, null, Arrays.asList(SP12Constants.SIGNED_ELEMENTS), null, Arrays.asList(CoverageType.SIGNED)); } @Test public void testTransportBinding() throws Exception { this.runInInterceptorAndValidate( "wsse-request-clean.xml", "transport_binding_policy.xml", Arrays.asList(SP12Constants.TRANSPORT_BINDING, SP12Constants.TRANSPORT_TOKEN), null, new ArrayList<CoverageType>()); // Note that outbound does not asset TRANSPORT_TOKEN as another handler // would assert that. this.runAndValidate( "wsse-request-clean.xml", "transport_binding_policy.xml", Arrays.asList(SP12Constants.TRANSPORT_BINDING), null, Arrays.asList(SP12Constants.TRANSPORT_BINDING, SP12Constants.TRANSPORT_TOKEN), null, new ArrayList<CoverageType>()); } // TODO this test does not follow the traditional pattern as no server-side enforcement // of algorithm suites yet exists. This support is blocked on WSS4J patches. In the interim // the outbound side is tested ONLY. @Test public void testAsymmetricBindingAlgorithmSuitePolicy() throws Exception { runOutInterceptorAndValidateAsymmetricBinding("signed_elements_policy.xml"); runOutInterceptorAndValidateAsymmetricBinding("signed_elements_Basic256Sha256_policy.xml"); } // TODO this test does not follow the traditional pattern as no server-side enforcement // of algorithm suites yet exists. This support is blocked on WSS4J patches. In the interim // the outbound side is tested ONLY. @Test public void testSignedElementsWithIssuedSAMLToken() throws Exception { this.runOutInterceptorAndValidateSamlTokenAttached( "signed_elements_with_sst_issued_token_policy.xml"); } @Test public void testSignedPartsPolicyWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "signed_x509_issuer_serial_missing_signed_body.xml", "signed_parts_policy_body.xml", null, SP12Constants.SIGNED_PARTS, CoverageType.SIGNED); this.runInInterceptorAndValidate( "signed_x509_issuer_serial_missing_signed_header.xml", "signed_parts_policy_header_namespace_only.xml", null, SP12Constants.SIGNED_PARTS, CoverageType.SIGNED); this.runInInterceptorAndValidate( "signed_x509_issuer_serial_missing_signed_header.xml", "signed_parts_policy_header.xml", null, SP12Constants.SIGNED_PARTS, CoverageType.SIGNED); } @Test public void testSignedPartsPolicyWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "signed_parts_policy_body.xml", SP12Constants.SIGNED_PARTS, null, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "signed_parts_policy_body.xml", null, null, Arrays.asList(SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.SIGNED)); this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "signed_parts_policy_header_namespace_only.xml", SP12Constants.SIGNED_PARTS, null, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "signed_parts_policy_header_namespace_only.xml", null, null, Arrays.asList(SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.SIGNED)); this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "signed_parts_policy_header.xml", SP12Constants.SIGNED_PARTS, null, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "signed_parts_policy_header.xml", null, null, Arrays.asList(SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.SIGNED)); this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "signed_parts_policy_header_and_body.xml", SP12Constants.SIGNED_PARTS, null, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "signed_parts_policy_header_and_body.xml", null, null, Arrays.asList(SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.SIGNED)); } @Test public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_missing_enc_header.xml", "encrypted_elements_policy.xml", null, SP12Constants.ENCRYPTED_ELEMENTS, CoverageType.ENCRYPTED); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_elements_policy2.xml", null, SP12Constants.ENCRYPTED_ELEMENTS, CoverageType.ENCRYPTED); } @Test public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_elements_policy.xml", SP12Constants.ENCRYPTED_ELEMENTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_elements_policy.xml", null, null, Arrays.asList(new QName[] {SP12Constants.ENCRYPTED_ELEMENTS}), null, Arrays.asList(CoverageType.ENCRYPTED)); this.runInInterceptorAndValidate( "encrypted_body_element.xml", "encrypted_elements_policy2.xml", SP12Constants.ENCRYPTED_ELEMENTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_elements_policy2.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS), null, Arrays.asList(CoverageType.ENCRYPTED)); } @Test public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_element.xml", "content_encrypted_elements_policy.xml", null, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, CoverageType.ENCRYPTED); } @Test public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_content.xml", "content_encrypted_elements_policy.xml", SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "content_encrypted_elements_policy.xml", null, null, Arrays.asList(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS), null, Arrays.asList(CoverageType.ENCRYPTED)); } @Test public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_missing_enc_body.xml", "encrypted_parts_policy_body.xml", null, SP12Constants.ENCRYPTED_PARTS, CoverageType.ENCRYPTED); this.runInInterceptorAndValidate( "encrypted_body_element.xml", "encrypted_parts_policy_body.xml", null, SP12Constants.ENCRYPTED_PARTS, CoverageType.ENCRYPTED); this.runInInterceptorAndValidate( "encrypted_missing_enc_header.xml", "encrypted_parts_policy_header_namespace_only.xml", null, SP12Constants.ENCRYPTED_PARTS, CoverageType.ENCRYPTED); this.runInInterceptorAndValidate( "encrypted_missing_enc_header.xml", "encrypted_parts_policy_header.xml", null, SP12Constants.ENCRYPTED_PARTS, CoverageType.ENCRYPTED); } @Test public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_parts_policy_body.xml", SP12Constants.ENCRYPTED_PARTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_parts_policy_body.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED)); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_parts_policy_header_namespace_only.xml", SP12Constants.ENCRYPTED_PARTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_parts_policy_header_namespace_only.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED)); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_parts_policy_header.xml", SP12Constants.ENCRYPTED_PARTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_parts_policy_header.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED)); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_parts_policy_header_and_body.xml", SP12Constants.ENCRYPTED_PARTS, null, CoverageType.ENCRYPTED); this.runAndValidate( "wsse-request-clean.xml", "encrypted_parts_policy_header_and_body.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED)); } @Test public void testSignedEncryptedPartsWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "signed_x509_issuer_serial_encrypted_missing_enc_header.xml", "signed_parts_policy_header_and_body_encrypted.xml", null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS), Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); } @Test public void testSignedEncryptedPartsWithCompleteCoverage() throws Exception { if (!checkUnrestrictedPoliciesInstalled()) { return; } this.runInInterceptorAndValidate( "signed_x509_issuer_serial_encrypted.xml", "signed_parts_policy_header_and_body_encrypted.xml", Arrays.asList(SP12Constants.ENCRYPTED_PARTS, SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); this.runAndValidate( "wsse-request-clean.xml", "signed_parts_policy_header_and_body_encrypted.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS, SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); } @Test public void testEncryptedSignedPartsWithIncompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_content_signed_missing_signed_header.xml", "encrypted_parts_policy_header_and_body_signed.xml", null, Arrays.asList(SP12Constants.SIGNED_PARTS), Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); } @Test public void testEncryptedSignedPartsWithCompleteCoverage() throws Exception { this.runInInterceptorAndValidate( "encrypted_body_content_signed.xml", "encrypted_parts_policy_header_and_body_signed.xml", Arrays.asList(SP12Constants.ENCRYPTED_PARTS, SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); this.runAndValidate( "wsse-request-clean.xml", "encrypted_parts_policy_header_and_body_signed.xml", null, null, Arrays.asList(SP12Constants.ENCRYPTED_PARTS, SP12Constants.SIGNED_PARTS), null, Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED)); } @Test public void testProtectTokenAssertion() throws Exception { // //////////////////////////////////////////////////// // x509 Direct Ref Tests /* REVISIT No inbound validation is available for the PROTECT_TOKENS assertion. We cannot yet test inbound in the standard manner. Since we can't test inbound, we can't test reound trip either and thus must take a different approach for now. this.runInInterceptorAndValidate( "signed_x509_direct_ref_token_prot.xml", "protect_token_policy_asym_x509_direct_ref.xml", SP12Constants.PROTECT_TOKENS, null, CoverageType.SIGNED); this.runInInterceptorAndValidate( "signed_x509_direct_ref.xml", "protect_token_policy_asym_x509_direct_ref.xml", null, SP12Constants.PROTECT_TOKENS, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "protect_token_policy_asym_x509_direct_ref.xml", null, null, Arrays.asList(new QName[] {SP12Constants.PROTECT_TOKENS }), null, Arrays.asList(new CoverageType[] {CoverageType.SIGNED })); */ // REVISIT // We test using a policy with ProtectTokens enabled on // the outbound but with a policy using a SignedElements policy // on the inbound to validate that the correct thing got signed. this.runAndValidate( "wsse-request-clean.xml", "protect_token_policy_asym_x509_direct_ref.xml", "protect_token_policy_asym_x509_direct_ref_complement.xml", new AssertionsHolder( Arrays.asList(new QName[] {SP12Constants.ASYMMETRIC_BINDING}), null), new AssertionsHolder( Arrays.asList(new QName[] {SP12Constants.SIGNED_ELEMENTS}), null), Arrays.asList(new CoverageType[] {CoverageType.SIGNED })); // //////////////////////////////////////////////////// // x509 Issuer Serial Tests /* REVISIT No inbound validation is available for the PROTECT_TOKENS assertion. We cannot yet test inbound in the standard manner. Since we can't test inbound, we can't test reound trip either and thus must take a different approach for now. this.runInInterceptorAndValidate( "signed_x509_issuer_serial_token_prot.xml", "protect_token_policy_asym_x509_issuer_serial.xml", SP12Constants.PROTECT_TOKENS, null, CoverageType.SIGNED); this.runInInterceptorAndValidate( "signed_x509_issuer_serial.xml", "protect_token_policy_asym_x509_issuer_serial.xml", null, SP12Constants.PROTECT_TOKENS, CoverageType.SIGNED); this.runAndValidate( "wsse-request-clean.xml", "protect_token_policy_asym_x509_issuer_serial.xml", null, null, Arrays.asList(new QName[] { SP12Constants.PROTECT_TOKENS }), null, Arrays.asList(new CoverageType[] { CoverageType.SIGNED })); */ // REVISIT // We test using a policy with ProtectTokens enabled on // the outbound but with a policy using a SignedElements policy // on the inbound to validate that the correct thing got signed. this.runAndValidate( "wsse-request-clean.xml", "protect_token_policy_asym_x509_issuer_serial.xml", "protect_token_policy_asym_x509_issuer_serial_complement.xml", new AssertionsHolder( Arrays.asList(new QName[] {SP12Constants.ASYMMETRIC_BINDING}), null), new AssertionsHolder( Arrays.asList(new QName[] {SP12Constants.SIGNED_ELEMENTS}), null), Arrays.asList(new CoverageType[] {CoverageType.SIGNED })); // //////////////////////////////////////////////////// // x509 Key Identifier Tests // TODO: Tests for Key Identifier are needed but require that the // certificates used in the test cases be updated to version 3 // according to WSS4J. // TODO: Tests for derived keys. } protected Bus createBus() throws BusException { Bus b = super.createBus(); this.policyBuilder = b.getExtension(PolicyBuilder.class); return b; } private void runAndValidate(String document, String policyDocument, List<QName> assertedOutAssertions, List |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.