View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.test;
20  
21  import javax.xml.namespace.QName;
22  
23  import org.apache.wss4j.common.ext.WSSecurityException;
24  import org.apache.wss4j.policy.stax.PolicyViolationException;
25  import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
26  import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
27  import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
28  import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
29  import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
30  import org.junit.jupiter.api.Test;
31  
32  import static org.junit.jupiter.api.Assertions.assertEquals;
33  import static org.junit.jupiter.api.Assertions.assertTrue;
34  import static org.junit.jupiter.api.Assertions.fail;
35  
36  public class HttpsTokenTest extends AbstractPolicyTestBase {
37  
38      @Test
39      public void testPolicy() throws Exception {
40          String policyString =
41                  "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
42                          "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
43                          "<sp:TransportToken>\n" +
44                          "   <wsp:Policy>\n" +
45                          "       <sp:HttpsToken>\n" +
46                          "       <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
47                          "       <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
48                          "           <sp:RequireClientCertificate/>\n" +
49                          "       </wsp:Policy>\n" +
50                          "       </sp:HttpsToken>" +
51                          "   </wsp:Policy>\n" +
52                          "</sp:TransportToken>\n" +
53                          "   <sp:AlgorithmSuite>\n" +
54                          "       <wsp:Policy>\n" +
55                          "           <sp:Basic256/>\n" +
56                          "       </wsp:Policy>\n" +
57                          "   </sp:AlgorithmSuite>\n" +
58                          "</wsp:Policy>\n" +
59                          "</sp:TransportBinding>";
60  
61          PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
62          HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
63          HttpsSecurityTokenImpl securityToken = getHttpsSecurityToken(WSSecurityTokenConstants.X509V3Token);
64          securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
65          httpsTokenSecurityEvent.setSecurityToken(securityToken);
66          httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
67          httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
68          policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
69  
70          OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
71          operationSecurityEvent.setOperation(new QName("definitions"));
72          policyEnforcer.registerSecurityEvent(operationSecurityEvent);
73  
74          policyEnforcer.doFinal();
75      }
76  
77      @Test
78      public void testPolicyNegative() throws Exception {
79          String policyString =
80                  "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
81                          "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
82                          "<sp:TransportToken>\n" +
83                          "   <wsp:Policy>\n" +
84                          "       <sp:HttpsToken>\n" +
85                          "       <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
86                          "       <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
87                          "           <sp:RequireClientCertificate/>\n" +
88                          "       </wsp:Policy>\n" +
89                          "       </sp:HttpsToken>" +
90                          "   </wsp:Policy>\n" +
91                          "</sp:TransportToken>\n" +
92                          "   <sp:AlgorithmSuite>\n" +
93                          "       <wsp:Policy>\n" +
94                          "           <sp:Basic256/>\n" +
95                          "       </wsp:Policy>\n" +
96                          "   </sp:AlgorithmSuite>\n" +
97                          "</wsp:Policy>\n" +
98                          "</sp:TransportBinding>";
99  
100         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
101         HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
102         HttpsSecurityTokenImpl securityToken = getHttpsSecurityToken(WSSecurityTokenConstants.X509V3Token);
103         securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
104         httpsTokenSecurityEvent.setSecurityToken(securityToken);
105         httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
106         httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
107         policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
108 
109         OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
110         operationSecurityEvent.setOperation(new QName("definitions"));
111         try {
112             policyEnforcer.registerSecurityEvent(operationSecurityEvent);
113             fail("Exception expected");
114         } catch (WSSecurityException e) {
115             assertTrue(e.getCause() instanceof PolicyViolationException);
116             assertEquals(e.getCause().getMessage(),
117                     "Policy enforces HttpClientCertificateAuthentication but we got HttpBasicAuthentication");
118             assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);
119         }
120     }
121 }