1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import java.util.LinkedList;
22 import java.util.List;
23
24 import javax.xml.namespace.QName;
25
26 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
27 import org.apache.wss4j.stax.ext.WSSConstants;
28 import org.apache.wss4j.stax.impl.securityToken.X509SecurityTokenImpl;
29 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
30 import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
31 import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
32 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
33 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
34 import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
35 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
36 import org.junit.jupiter.api.Test;
37
38 public class SpnegoContextTokenTest extends AbstractPolicyTestBase {
39
40 @Test
41 public void testPolicy() throws Exception {
42 String policyString =
43 "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
44 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
45 "<sp:InitiatorToken>\n" +
46 " <wsp:Policy>\n" +
47 " <sp:SpnegoContextToken>\n" +
48 " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
49 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
50 " <sp:MustNotSendCancel/>\n" +
51 " </wsp:Policy>\n" +
52 " </sp:SpnegoContextToken>\n" +
53 " </wsp:Policy>\n" +
54 "</sp:InitiatorToken>\n" +
55 "<sp:RecipientToken>\n" +
56 " <wsp:Policy>\n" +
57 " <sp:SpnegoContextToken>\n" +
58 " <sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
59 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
60 " <sp:MustNotSendCancel/>\n" +
61 " </wsp:Policy>\n" +
62 " </sp:SpnegoContextToken>\n" +
63 " </wsp:Policy>\n" +
64 "</sp:RecipientToken>\n" +
65 " <sp:AlgorithmSuite>\n" +
66 " <wsp:Policy>\n" +
67 " <sp:Basic256/>\n" +
68 " </wsp:Policy>\n" +
69 " </sp:AlgorithmSuite>\n" +
70 "</wsp:Policy>\n" +
71 "</sp:AsymmetricBinding>";
72
73 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
74 SecurityContextTokenSecurityEvent initiatorTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
75 initiatorTokenSecurityEvent.setIssuerName("xs:anyURI");
76 X509SecurityTokenImpl securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
77 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
78 initiatorTokenSecurityEvent.setSecurityToken(securityToken);
79 policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
80
81 SecurityContextTokenSecurityEvent recipientTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
82 recipientTokenSecurityEvent.setIssuerName("xs:anyURI");
83 securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
84 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
85 recipientTokenSecurityEvent.setSecurityToken(securityToken);
86 policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
87
88 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
89 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
90 protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
91 SignedPartSecurityEvent signedPartSecurityEvent =
92 new SignedPartSecurityEvent(
93 (InboundSecurityToken)recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
94 signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
95 policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
96
97 ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent =
98 new ContentEncryptedElementSecurityEvent(
99 (InboundSecurityToken)recipientTokenSecurityEvent.getSecurityToken(), true, protectionOrder);
100 contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
101 policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
102
103 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
104 operationSecurityEvent.setOperation(new QName("definitions"));
105 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
106
107 policyEnforcer.doFinal();
108 }
109
110
111 }