1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import javax.xml.namespace.QName;
22
23 import org.apache.wss4j.common.ext.WSSecurityException;
24 import org.apache.wss4j.policy.stax.PolicyViolationException;
25 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
26 import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
27 import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
28 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
29 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
30 import org.junit.jupiter.api.Test;
31
32 import static org.junit.jupiter.api.Assertions.assertEquals;
33 import static org.junit.jupiter.api.Assertions.assertTrue;
34 import static org.junit.jupiter.api.Assertions.fail;
35
36 public class HttpsTokenTest extends AbstractPolicyTestBase {
37
38 @Test
39 public void testPolicy() throws Exception {
40 String policyString =
41 "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
42 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
43 "<sp:TransportToken>\n" +
44 " <wsp:Policy>\n" +
45 " <sp:HttpsToken>\n" +
46 " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
47 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
48 " <sp:RequireClientCertificate/>\n" +
49 " </wsp:Policy>\n" +
50 " </sp:HttpsToken>" +
51 " </wsp:Policy>\n" +
52 "</sp:TransportToken>\n" +
53 " <sp:AlgorithmSuite>\n" +
54 " <wsp:Policy>\n" +
55 " <sp:Basic256/>\n" +
56 " </wsp:Policy>\n" +
57 " </sp:AlgorithmSuite>\n" +
58 "</wsp:Policy>\n" +
59 "</sp:TransportBinding>";
60
61 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
62 HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
63 HttpsSecurityTokenImpl securityToken = getHttpsSecurityToken(WSSecurityTokenConstants.X509V3Token);
64 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
65 httpsTokenSecurityEvent.setSecurityToken(securityToken);
66 httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
67 httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
68 policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
69
70 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
71 operationSecurityEvent.setOperation(new QName("definitions"));
72 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
73
74 policyEnforcer.doFinal();
75 }
76
77 @Test
78 public void testPolicyNegative() throws Exception {
79 String policyString =
80 "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
81 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
82 "<sp:TransportToken>\n" +
83 " <wsp:Policy>\n" +
84 " <sp:HttpsToken>\n" +
85 " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
86 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
87 " <sp:RequireClientCertificate/>\n" +
88 " </wsp:Policy>\n" +
89 " </sp:HttpsToken>" +
90 " </wsp:Policy>\n" +
91 "</sp:TransportToken>\n" +
92 " <sp:AlgorithmSuite>\n" +
93 " <wsp:Policy>\n" +
94 " <sp:Basic256/>\n" +
95 " </wsp:Policy>\n" +
96 " </sp:AlgorithmSuite>\n" +
97 "</wsp:Policy>\n" +
98 "</sp:TransportBinding>";
99
100 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
101 HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
102 HttpsSecurityTokenImpl securityToken = getHttpsSecurityToken(WSSecurityTokenConstants.X509V3Token);
103 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
104 httpsTokenSecurityEvent.setSecurityToken(securityToken);
105 httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
106 httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
107 policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
108
109 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
110 operationSecurityEvent.setOperation(new QName("definitions"));
111 try {
112 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
113 fail("Exception expected");
114 } catch (WSSecurityException e) {
115 assertTrue(e.getCause() instanceof PolicyViolationException);
116 assertEquals(e.getCause().getMessage(),
117 "Policy enforces HttpClientCertificateAuthentication but we got HttpBasicAuthentication");
118 assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);
119 }
120 }
121 }