View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.test;
20  
21  import java.util.ArrayList;
22  import java.util.LinkedList;
23  import java.util.List;
24  
25  import javax.xml.namespace.QName;
26  
27  import org.apache.wss4j.common.ext.WSSecurityException;
28  import org.apache.wss4j.policy.stax.PolicyViolationException;
29  import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
30  import org.apache.wss4j.stax.ext.WSSConstants;
31  import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
32  import org.apache.xml.security.stax.ext.XMLSecurityConstants;
33  import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
34  import org.junit.jupiter.api.Test;
35  
36  import static org.junit.jupiter.api.Assertions.assertEquals;
37  import static org.junit.jupiter.api.Assertions.assertTrue;
38  import static org.junit.jupiter.api.Assertions.fail;
39  
40  public class EncryptedElementsTest extends AbstractPolicyTestBase {
41  
42      @Test
43      public void testPolicy() throws Exception {
44          String policyString =
45                  "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
46                          "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
47                          "</sp:EncryptedElements>";
48          PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
49  
50          OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
51          operationSecurityEvent.setOperation(new QName("definitions"));
52          policyEnforcer.registerSecurityEvent(operationSecurityEvent);
53  
54          List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
55          protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
56          protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
57          EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
58          encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
59          policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
60          List<QName> headerPath = new ArrayList<>();
61          headerPath.add(new QName("http://example.org", "a"));
62          encryptedElementSecurityEvent.setElementPath(headerPath);
63          policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
64          //additional EncryptedElements are also allowed!
65          headerPath = new ArrayList<>();
66          headerPath.add(new QName("http://example.org", "b"));
67          encryptedElementSecurityEvent.setElementPath(headerPath);
68          policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
69          policyEnforcer.doFinal();
70      }
71  
72      @Test
73      public void testPolicyMultipleAssertionEventsNegative() throws Exception {
74          String policyString =
75                  "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
76                          "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
77                          "</sp:EncryptedElements>";
78          PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
79  
80          OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
81          operationSecurityEvent.setOperation(new QName("definitions"));
82          policyEnforcer.registerSecurityEvent(operationSecurityEvent);
83  
84          List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
85          protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
86          protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
87          EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
88          encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
89          policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
90          encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, null);
91          List<QName> headerPath = new ArrayList<>();
92          headerPath.add(new QName("http://example.org", "a"));
93          encryptedElementSecurityEvent.setElementPath(headerPath);
94          try {
95              policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
96              fail("Exception expected");
97          } catch (WSSecurityException e) {
98              assertTrue(e.getCause() instanceof PolicyViolationException);
99              assertEquals(e.getCause().getMessage(),
100                     "Element /{http://example.org}a must be encrypted");
101             assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);
102         }
103     }
104 }