1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import java.time.ZoneOffset;
22 import java.time.ZonedDateTime;
23
24 import javax.xml.namespace.QName;
25
26 import org.apache.wss4j.common.WSSPolicyException;
27 import org.apache.wss4j.common.ext.WSSecurityException;
28 import org.apache.wss4j.common.saml.SAMLCallback;
29 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
30 import org.apache.wss4j.common.saml.bean.SubjectBean;
31 import org.apache.wss4j.common.saml.bean.Version;
32 import org.apache.wss4j.common.util.DateUtil;
33 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
34 import org.apache.wss4j.stax.ext.WSSConstants;
35 import org.apache.wss4j.stax.impl.securityToken.DsaKeyValueSecurityTokenImpl;
36 import org.apache.wss4j.stax.impl.securityToken.KerberosServiceSecurityTokenImpl;
37 import org.apache.wss4j.stax.impl.securityToken.RsaKeyValueSecurityTokenImpl;
38 import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
39 import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl;
40 import org.apache.wss4j.stax.impl.securityToken.X509SecurityTokenImpl;
41 import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
42 import org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent;
43 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
44 import org.apache.wss4j.stax.securityEvent.RelTokenSecurityEvent;
45 import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
46 import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
47 import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
48 import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
49 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
50 import org.apache.xml.security.stax.impl.util.IDGenerator;
51 import org.junit.jupiter.api.Test;
52
53 import static org.junit.jupiter.api.Assertions.assertEquals;
54 import static org.junit.jupiter.api.Assertions.assertTrue;
55 import static org.junit.jupiter.api.Assertions.fail;
56
57 public class SupportingTokensTest extends AbstractPolicyTestBase {
58
59 @Test
60 public void testSupportingTokenPolicy() throws Exception {
61 String policyString =
62 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
63 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
64 " <sp:X509Token>\n" +
65 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
66 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
67 " <sp:RequireThumbprintReference/>\n" +
68 " <sp:WssX509V3Token11/>\n" +
69 " </wsp:Policy>\n" +
70 " </sp:X509Token>\n" +
71 " </wsp:Policy>\n" +
72 "</sp:SupportingTokens>";
73
74 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
75 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
76 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
77 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
78 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
79 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
80
81 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
82 operationSecurityEvent.setOperation(new QName("definitions"));
83 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
84
85 policyEnforcer.doFinal();
86 }
87
88 @Test
89 public void testSupportingTokenPolicyNegative() throws Exception {
90 String policyString =
91 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
92 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
93 " <sp:X509Token>\n" +
94 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
95 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
96 " <sp:RequireThumbprintReference/>\n" +
97 " <sp:WssX509V3Token11/>\n" +
98 " </wsp:Policy>\n" +
99 " </sp:X509Token>\n" +
100 " </wsp:Policy>\n" +
101 "</sp:SupportingTokens>";
102
103 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
104 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
105 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V1Token);
106 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
107 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
108 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
109
110 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
111 operationSecurityEvent.setOperation(new QName("definitions"));
112 try {
113 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
114 fail("Exception expected");
115 } catch (WSSecurityException e) {
116 assertEquals(e.getMessage(),
117 "X509Certificate Version 3 mismatch; Policy enforces WssX509V3Token11");
118 assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);
119 }
120 }
121
122 @Test
123 public void testX509SupportingTokenPolicyAdditionalToken() throws Exception {
124 String policyString =
125 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
126 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
127 " <sp:X509Token>\n" +
128 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
129 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
130 " <sp:RequireThumbprintReference/>\n" +
131 " <sp:WssX509V3Token11/>\n" +
132 " </wsp:Policy>\n" +
133 " </sp:X509Token>\n" +
134 " </wsp:Policy>\n" +
135 "</sp:SupportingTokens>";
136
137 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
138
139 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
140 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
141 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
142 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
143 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
144
145 x509TokenSecurityEvent = new X509TokenSecurityEvent();
146 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
147 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
148 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
149 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
150
151 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
152 operationSecurityEvent.setOperation(new QName("definitions"));
153 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
154
155 policyEnforcer.doFinal();
156 }
157
158 @Test
159 public void testX509SupportingTokenPolicyAdditionalTokenNegative() throws Exception {
160 String policyString =
161 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
162 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
163 " <sp:X509Token>\n" +
164 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
165 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
166 " <sp:RequireThumbprintReference/>\n" +
167 " <sp:WssX509V3Token11/>\n" +
168 " </wsp:Policy>\n" +
169 " </sp:X509Token>\n" +
170 " </wsp:Policy>\n" +
171 "</sp:SupportingTokens>";
172
173 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
174
175 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
176 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V1Token);
177 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
178 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
179 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
180
181 x509TokenSecurityEvent = new X509TokenSecurityEvent();
182 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V1Token);
183 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
184 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
185 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
186
187 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
188 operationSecurityEvent.setOperation(new QName("definitions"));
189
190 try {
191 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
192 fail("Exception expected");
193 } catch (WSSecurityException e) {
194 assertTrue(e.getCause() instanceof WSSPolicyException);
195 }
196 }
197
198 @Test
199 public void testX509SupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
200 String policyString =
201 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
202 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
203 " <sp:X509Token>\n" +
204 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
205 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
206 " <sp:RequireThumbprintReference/>\n" +
207 " <sp:WssX509V3Token11/>\n" +
208 " </wsp:Policy>\n" +
209 " </sp:X509Token>\n" +
210 " </wsp:Policy>\n" +
211 "</sp:SupportingTokens>";
212
213 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
214
215 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
216 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
217 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
218 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
219 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
220
221 x509TokenSecurityEvent = new X509TokenSecurityEvent();
222 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V1Token);
223 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
224 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
225 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
226
227 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
228 operationSecurityEvent.setOperation(new QName("definitions"));
229 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
230
231 policyEnforcer.doFinal();
232 }
233
234 @Test
235 public void testX509SupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
236 String policyString =
237 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
238 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
239 " <sp:X509Token>\n" +
240 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
241 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
242 " <sp:RequireThumbprintReference/>\n" +
243 " <sp:WssX509V3Token11/>\n" +
244 " </wsp:Policy>\n" +
245 " </sp:X509Token>\n" +
246 " </wsp:Policy>\n" +
247 "</sp:SupportingTokens>";
248
249 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
250
251 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
252 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V1Token);
253 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
254 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
255 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
256
257 x509TokenSecurityEvent = new X509TokenSecurityEvent();
258 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
259 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
260 x509TokenSecurityEvent.setSecurityToken(x509SecurityToken);
261 policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
262
263 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
264 operationSecurityEvent.setOperation(new QName("definitions"));
265 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
266
267 policyEnforcer.doFinal();
268 }
269
270 @Test
271 public void testUsernameSupportingTokenPolicyAdditionalToken() throws Exception {
272 String policyString =
273 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
274 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
275 " <sp:UsernameToken>\n" +
276 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
277 " <sp:NoPassword/>\n" +
278 " </wsp:Policy>\n" +
279 " </sp:UsernameToken>\n" +
280 " </wsp:Policy>\n" +
281 "</sp:SupportingTokens>";
282
283 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
284
285 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
286 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
287 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
288 String created = DateUtil.getDateTimeFormatter(true).format(now);
289 UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
290 WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE,
291 "username", null, created, null, new byte[10], 10L,
292 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
293 usernameSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
294 usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
295 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
296
297 usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
298 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
299 usernameSecurityToken = new UsernameSecurityTokenImpl(
300 WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE,
301 "username", null, created, null, new byte[10], 10L,
302 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
303 usernameSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
304 usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
305 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
306
307 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
308 operationSecurityEvent.setOperation(new QName("definitions"));
309 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
310
311 policyEnforcer.doFinal();
312 }
313
314 @Test
315 public void testUsernameSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
316 String policyString =
317 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
318 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
319 " <sp:UsernameToken>\n" +
320 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
321 " <sp:NoPassword/>\n" +
322 " </wsp:Policy>\n" +
323 " </sp:UsernameToken>\n" +
324 " </wsp:Policy>\n" +
325 "</sp:SupportingTokens>";
326
327 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
328
329 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
330 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
331 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
332 String created = DateUtil.getDateTimeFormatter(true).format(now);
333 UsernameSecurityTokenImpl securityToken = new UsernameSecurityTokenImpl(
334 WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST,
335 "username", null, created, null, new byte[10], 10L,
336 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
337 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
338 usernameTokenSecurityEvent.setSecurityToken(securityToken);
339 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
340
341 usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
342 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
343 securityToken = new UsernameSecurityTokenImpl(
344 WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST,
345 "username", null, created, null, new byte[10], 10L,
346 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
347 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
348 usernameTokenSecurityEvent.setSecurityToken(securityToken);
349 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
350
351 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
352 operationSecurityEvent.setOperation(new QName("definitions"));
353
354 try {
355 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
356 fail("Exception expected");
357 } catch (WSSecurityException e) {
358 assertTrue(e.getCause() instanceof WSSPolicyException);
359 }
360 }
361
362 @Test
363 public void testUsernameSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
364 String policyString =
365 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
366 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
367 " <sp:UsernameToken>\n" +
368 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
369 " <sp:NoPassword/>\n" +
370 " </wsp:Policy>\n" +
371 " </sp:UsernameToken>\n" +
372 " </wsp:Policy>\n" +
373 "</sp:SupportingTokens>";
374
375 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
376
377 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
378 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
379 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
380 String created = DateUtil.getDateTimeFormatter(true).format(now);
381 UsernameSecurityTokenImpl securityToken = new UsernameSecurityTokenImpl(
382 WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE,
383 "username", null, created, null, new byte[10], 10L,
384 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
385 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
386 usernameTokenSecurityEvent.setSecurityToken(securityToken);
387 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
388
389 usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
390 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
391 securityToken = new UsernameSecurityTokenImpl(
392 WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST,
393 "username", "password", created, null, new byte[10], 10L,
394 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
395 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
396 usernameTokenSecurityEvent.setSecurityToken(securityToken);
397 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
398
399 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
400 operationSecurityEvent.setOperation(new QName("definitions"));
401 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
402
403 policyEnforcer.doFinal();
404 }
405
406 @Test
407 public void testUsernameSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
408 String policyString =
409 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
410 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
411 " <sp:UsernameToken>\n" +
412 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
413 " <sp:NoPassword/>\n" +
414 " </wsp:Policy>\n" +
415 " </sp:UsernameToken>\n" +
416 " </wsp:Policy>\n" +
417 "</sp:SupportingTokens>";
418
419 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
420
421 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
422 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
423 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
424 String created = DateUtil.getDateTimeFormatter(true).format(now);
425 UsernameSecurityTokenImpl securityToken = new UsernameSecurityTokenImpl(
426 WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST,
427 "username", "password", created, null, new byte[10], 10L,
428 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
429 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
430 usernameTokenSecurityEvent.setSecurityToken(securityToken);
431 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
432
433 usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
434 usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
435 securityToken = new UsernameSecurityTokenImpl(
436 WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE,
437 "username", null, created, null, new byte[10], 10L,
438 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
439 securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
440 usernameTokenSecurityEvent.setSecurityToken(securityToken);
441 policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
442
443 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
444 operationSecurityEvent.setOperation(new QName("definitions"));
445 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
446
447 policyEnforcer.doFinal();
448 }
449
450 @Test
451 public void testIssuedSupportingTokenPolicyAdditionalToken() throws Exception {
452 String policyString =
453 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
454 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
455 " <sp:IssuedToken>\n" +
456 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
457 " <sp:RequestSecurityTokenTemplate/>\n" +
458 " <wsp:Policy/>\n" +
459 " </sp:IssuedToken>\n" +
460 " </wsp:Policy>\n" +
461 "</sp:SupportingTokens>";
462
463 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
464
465 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
466 securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
467 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
468 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
469 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
470 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
471
472 securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
473 securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
474 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
475 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
476 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
477 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
478
479 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
480 operationSecurityEvent.setOperation(new QName("definitions"));
481 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
482
483 policyEnforcer.doFinal();
484 }
485
486 @Test
487 public void testIssuedSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
488 String policyString =
489 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
490 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
491 " <sp:IssuedToken>\n" +
492 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
493 " <sp:RequestSecurityTokenTemplate/>\n" +
494 " <wsp:Policy/>\n" +
495 " </sp:IssuedToken>\n" +
496 " </wsp:Policy>\n" +
497 "</sp:SupportingTokens>";
498
499 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
500
501 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
502 securityContextTokenSecurityEvent.setIssuerName("test");
503 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
504 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
505 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
506 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
507
508 securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
509 securityContextTokenSecurityEvent.setIssuerName("test");
510 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
511 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
512 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
513 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
514
515 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
516 operationSecurityEvent.setOperation(new QName("definitions"));
517
518 try {
519 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
520 fail("Exception expected");
521 } catch (WSSecurityException e) {
522 assertTrue(e.getCause() instanceof WSSPolicyException);
523 }
524 }
525
526 @Test
527 public void testIssuedSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
528 String policyString =
529 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
530 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
531 " <sp:IssuedToken>\n" +
532 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
533 " <sp:RequestSecurityTokenTemplate/>\n" +
534 " <wsp:Policy/>\n" +
535 " </sp:IssuedToken>\n" +
536 " </wsp:Policy>\n" +
537 "</sp:SupportingTokens>";
538
539 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
540
541 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
542 securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
543 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
544 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
545 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
546 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
547
548 securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
549 securityContextTokenSecurityEvent.setIssuerName("test");
550 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
551 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
552 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
553 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
554
555 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
556 operationSecurityEvent.setOperation(new QName("definitions"));
557 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
558
559 policyEnforcer.doFinal();
560 }
561
562 @Test
563 public void testIssuedSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
564 String policyString =
565 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
566 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
567 " <sp:IssuedToken>\n" +
568 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
569 " <sp:RequestSecurityTokenTemplate/>\n" +
570 " <wsp:Policy/>\n" +
571 " </sp:IssuedToken>\n" +
572 " </wsp:Policy>\n" +
573 "</sp:SupportingTokens>";
574
575 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
576
577 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
578 securityContextTokenSecurityEvent.setIssuerName("test");
579 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
580 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
581 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
582 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
583
584 securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
585 securityContextTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
586 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
587 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
588 securityContextTokenSecurityEvent.setSecurityToken(x509SecurityToken);
589 policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
590
591 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
592 operationSecurityEvent.setOperation(new QName("definitions"));
593 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
594
595 policyEnforcer.doFinal();
596 }
597
598 @Test
599 public void testKerberosSupportingTokenPolicyAdditionalToken() throws Exception {
600 String policyString =
601 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
602 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
603 " <sp:KerberosToken>\n" +
604 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
605 " <wsp:Policy/>\n" +
606 " </sp:KerberosToken>\n" +
607 " </wsp:Policy>\n" +
608 "</sp:SupportingTokens>";
609
610 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
611
612 KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
613 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
614 KerberosServiceSecurityTokenImpl kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
615 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
616 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
617 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
618
619 tokenSecurityEvent = new KerberosTokenSecurityEvent();
620 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
621 kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
622 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
623 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
624 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
625
626 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
627 operationSecurityEvent.setOperation(new QName("definitions"));
628 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
629
630 policyEnforcer.doFinal();
631 }
632
633 @Test
634 public void testKerberosSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
635 String policyString =
636 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
637 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
638 " <sp:KerberosToken>\n" +
639 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
640 " <wsp:Policy/>\n" +
641 " </sp:KerberosToken>\n" +
642 " </wsp:Policy>\n" +
643 "</sp:SupportingTokens>";
644
645 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
646
647 KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
648 tokenSecurityEvent.setIssuerName("test");
649 KerberosServiceSecurityTokenImpl kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
650 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
651 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
652 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
653
654 tokenSecurityEvent = new KerberosTokenSecurityEvent();
655 tokenSecurityEvent.setIssuerName("test");
656 kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
657 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
658 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
659 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
660
661 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
662 operationSecurityEvent.setOperation(new QName("definitions"));
663
664 try {
665 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
666 fail("Exception expected");
667 } catch (WSSecurityException e) {
668 assertTrue(e.getCause() instanceof WSSPolicyException);
669 }
670 }
671
672 @Test
673 public void testKerberosSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
674 String policyString =
675 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
676 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
677 " <sp:KerberosToken>\n" +
678 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
679 " <wsp:Policy/>\n" +
680 " </sp:KerberosToken>\n" +
681 " </wsp:Policy>\n" +
682 "</sp:SupportingTokens>";
683
684 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
685
686 KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
687 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
688 KerberosServiceSecurityTokenImpl kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
689 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
690 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
691 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
692
693 tokenSecurityEvent = new KerberosTokenSecurityEvent();
694 tokenSecurityEvent.setIssuerName("test");
695 kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
696 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
697 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
698 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
699
700 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
701 operationSecurityEvent.setOperation(new QName("definitions"));
702 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
703
704 policyEnforcer.doFinal();
705 }
706
707 @Test
708 public void testKerberosSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
709 String policyString =
710 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
711 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
712 " <sp:KerberosToken>\n" +
713 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
714 " <wsp:Policy/>\n" +
715 " </sp:KerberosToken>\n" +
716 " </wsp:Policy>\n" +
717 "</sp:SupportingTokens>";
718
719 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
720
721 KerberosTokenSecurityEvent tokenSecurityEvent = new KerberosTokenSecurityEvent();
722 tokenSecurityEvent.setIssuerName("test");
723 KerberosServiceSecurityTokenImpl kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
724 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
725 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
726 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
727
728 tokenSecurityEvent = new KerberosTokenSecurityEvent();
729 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
730 kerberosServiceSecurityToken = getKerberosServiceSecurityToken(WSSecurityTokenConstants.KERBEROS_TOKEN);
731 kerberosServiceSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
732 tokenSecurityEvent.setSecurityToken(kerberosServiceSecurityToken);
733 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
734
735 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
736 operationSecurityEvent.setOperation(new QName("definitions"));
737 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
738
739 policyEnforcer.doFinal();
740 }
741
742 @Test
743 public void testSpnegoSupportingTokenPolicyAdditionalToken() throws Exception {
744 String policyString =
745 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
746 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
747 " <sp:SpnegoContextToken>\n" +
748 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
749 " <wsp:Policy/>\n" +
750 " </sp:SpnegoContextToken>\n" +
751 " </wsp:Policy>\n" +
752 "</sp:SupportingTokens>";
753
754 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
755
756 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
757 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
758 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
759 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
760 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
761 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
762
763 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
764 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
765 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
766 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
767 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
768 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
769
770 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
771 operationSecurityEvent.setOperation(new QName("definitions"));
772 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
773
774 policyEnforcer.doFinal();
775 }
776
777 @Test
778 public void testSpnegoSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
779 String policyString =
780 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
781 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
782 " <sp:SpnegoContextToken>\n" +
783 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
784 " <wsp:Policy/>\n" +
785 " </sp:SpnegoContextToken>\n" +
786 " </wsp:Policy>\n" +
787 "</sp:SupportingTokens>";
788
789 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
790
791 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
792 tokenSecurityEvent.setIssuerName("test");
793 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
794 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
795 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
796 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
797
798 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
799 tokenSecurityEvent.setIssuerName("test");
800 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
801 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
802 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
803 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
804
805 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
806 operationSecurityEvent.setOperation(new QName("definitions"));
807
808 try {
809 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
810 fail("Exception expected");
811 } catch (WSSecurityException e) {
812 assertTrue(e.getCause() instanceof WSSPolicyException);
813 }
814 }
815
816 @Test
817 public void testSpnegoSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
818 String policyString =
819 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
820 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
821 " <sp:SpnegoContextToken>\n" +
822 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
823 " <wsp:Policy/>\n" +
824 " </sp:SpnegoContextToken>\n" +
825 " </wsp:Policy>\n" +
826 "</sp:SupportingTokens>";
827
828 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
829
830 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
831 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
832 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
833 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
834 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
835 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
836
837 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
838 tokenSecurityEvent.setIssuerName("test");
839 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
840 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
841 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
842 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
843
844 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
845 operationSecurityEvent.setOperation(new QName("definitions"));
846 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
847
848 policyEnforcer.doFinal();
849 }
850
851 @Test
852 public void testSpnegoSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
853 String policyString =
854 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
855 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
856 " <sp:SpnegoContextToken>\n" +
857 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
858 " <wsp:Policy/>\n" +
859 " </sp:SpnegoContextToken>\n" +
860 " </wsp:Policy>\n" +
861 "</sp:SupportingTokens>";
862
863 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
864
865 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
866 tokenSecurityEvent.setIssuerName("test");
867 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
868 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
869 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
870 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
871
872 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
873 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
874 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
875 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
876 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
877 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
878
879 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
880 operationSecurityEvent.setOperation(new QName("definitions"));
881 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
882
883 policyEnforcer.doFinal();
884 }
885
886 @Test
887 public void testSecurityContextTokenSupportingTokenPolicyAdditionalToken() throws Exception {
888 String policyString =
889 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
890 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
891 " <sp:SecurityContextToken>\n" +
892 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
893 " <wsp:Policy/>\n" +
894 " </sp:SecurityContextToken>\n" +
895 " </wsp:Policy>\n" +
896 "</sp:SupportingTokens>";
897
898 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
899
900 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
901 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
902 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
903 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
904 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
905 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
906
907 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
908 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
909 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
910 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
911 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
912 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
913
914 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
915 operationSecurityEvent.setOperation(new QName("definitions"));
916 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
917
918 policyEnforcer.doFinal();
919 }
920
921 @Test
922 public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
923 String policyString =
924 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
925 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
926 " <sp:SecurityContextToken>\n" +
927 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
928 " <wsp:Policy/>\n" +
929 " </sp:SecurityContextToken>\n" +
930 " </wsp:Policy>\n" +
931 "</sp:SupportingTokens>";
932
933 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
934
935 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
936 tokenSecurityEvent.setIssuerName("test");
937 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
938 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
939 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
940 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
941
942 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
943 tokenSecurityEvent.setIssuerName("test");
944 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
945 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
946 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
947 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
948
949 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
950 operationSecurityEvent.setOperation(new QName("definitions"));
951
952 try {
953 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
954 fail("Exception expected");
955 } catch (WSSecurityException e) {
956 assertTrue(e.getCause() instanceof WSSPolicyException);
957 }
958 }
959
960 @Test
961 public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
962 String policyString =
963 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
964 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
965 " <sp:SecurityContextToken>\n" +
966 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
967 " <wsp:Policy/>\n" +
968 " </sp:SecurityContextToken>\n" +
969 " </wsp:Policy>\n" +
970 "</sp:SupportingTokens>";
971
972 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
973
974 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
975 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
976 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
977 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
978 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
979 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
980
981 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
982 tokenSecurityEvent.setIssuerName("test");
983 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
984 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
985 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
986 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
987
988 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
989 operationSecurityEvent.setOperation(new QName("definitions"));
990 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
991
992 policyEnforcer.doFinal();
993 }
994
995 @Test
996 public void testSecurityContextTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
997 String policyString =
998 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
999 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1000 " <sp:SecurityContextToken>\n" +
1001 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1002 " <wsp:Policy/>\n" +
1003 " </sp:SecurityContextToken>\n" +
1004 " </wsp:Policy>\n" +
1005 "</sp:SupportingTokens>";
1006
1007 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1008
1009 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1010 tokenSecurityEvent.setIssuerName("test");
1011 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1012 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1013 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1014 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1015
1016 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1017 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1018 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1019 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1020 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1021 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1022
1023 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1024 operationSecurityEvent.setOperation(new QName("definitions"));
1025 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1026
1027 policyEnforcer.doFinal();
1028 }
1029
1030 @Test
1031 public void testSecureConversationTokenSupportingTokenPolicyAdditionalToken() throws Exception {
1032 String policyString =
1033 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1034 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1035 " <sp:SecureConversationToken>\n" +
1036 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1037 " <wsp:Policy/>\n" +
1038 " </sp:SecureConversationToken>\n" +
1039 " </wsp:Policy>\n" +
1040 "</sp:SupportingTokens>";
1041
1042 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1043
1044 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1045 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1046 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1047 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1048 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1049 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1050
1051 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1052 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1053 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1054 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1055 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1056 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1057
1058 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1059 operationSecurityEvent.setOperation(new QName("definitions"));
1060 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1061
1062 policyEnforcer.doFinal();
1063 }
1064
1065 @Test
1066 public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
1067 String policyString =
1068 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1069 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1070 " <sp:SecureConversationToken>\n" +
1071 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1072 " <wsp:Policy/>\n" +
1073 " </sp:SecureConversationToken>\n" +
1074 " </wsp:Policy>\n" +
1075 "</sp:SupportingTokens>";
1076
1077 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1078
1079 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1080 tokenSecurityEvent.setIssuerName("test");
1081 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1082 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1083 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1084 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1085
1086 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1087 tokenSecurityEvent.setIssuerName("test");
1088 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1089 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1090 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1091 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1092
1093 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1094 operationSecurityEvent.setOperation(new QName("definitions"));
1095
1096 try {
1097 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1098 fail("Exception expected");
1099 } catch (WSSecurityException e) {
1100 assertTrue(e.getCause() instanceof WSSPolicyException);
1101 }
1102 }
1103
1104 @Test
1105 public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
1106 String policyString =
1107 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1108 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1109 " <sp:SecureConversationToken>\n" +
1110 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1111 " <wsp:Policy/>\n" +
1112 " </sp:SecureConversationToken>\n" +
1113 " </wsp:Policy>\n" +
1114 "</sp:SupportingTokens>";
1115
1116 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1117
1118 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1119 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1120 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1121 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1122 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1123 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1124
1125 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1126 tokenSecurityEvent.setIssuerName("test");
1127 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1128 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1129 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1130 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1131
1132 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1133 operationSecurityEvent.setOperation(new QName("definitions"));
1134 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1135
1136 policyEnforcer.doFinal();
1137 }
1138
1139 @Test
1140 public void testSecureConversationTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
1141 String policyString =
1142 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1143 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1144 " <sp:SecureConversationToken>\n" +
1145 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1146 " <wsp:Policy/>\n" +
1147 " </sp:SecureConversationToken>\n" +
1148 " </wsp:Policy>\n" +
1149 "</sp:SupportingTokens>";
1150
1151 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1152
1153 SecurityContextTokenSecurityEvent tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1154 tokenSecurityEvent.setIssuerName("test");
1155 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1156 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1157 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1158 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1159
1160 tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
1161 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1162 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1163 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1164 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1165 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1166
1167 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1168 operationSecurityEvent.setOperation(new QName("definitions"));
1169 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1170
1171 policyEnforcer.doFinal();
1172 }
1173
1174 @Test
1175 public void testSamlTokenSupportingTokenPolicyAdditionalToken() throws Exception {
1176 String policyString =
1177 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1178 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1179 " <sp:SamlToken>\n" +
1180 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1181 " <wsp:Policy/>\n" +
1182 " </sp:SamlToken>\n" +
1183 " </wsp:Policy>\n" +
1184 "</sp:SupportingTokens>";
1185
1186 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1187
1188 SAMLCallback samlCallback = new SAMLCallback();
1189 samlCallback.setSamlVersion(Version.SAML_20);
1190 samlCallback.setIssuer("CN=transmitter,OU=swssf,C=CH");
1191 SubjectBean subjectBean = new SubjectBean();
1192 samlCallback.setSubject(subjectBean);
1193 SamlAssertionWrapper samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1194
1195 SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
1196 SamlSecurityTokenImpl samlSecurityToken =
1197 new SamlSecurityTokenImpl(
1198 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1199 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1200 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1201 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1202 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1203
1204 tokenSecurityEvent = new SamlTokenSecurityEvent();
1205 samlSecurityToken =
1206 new SamlSecurityTokenImpl(
1207 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1208 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1209 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1210 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1211 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1212
1213 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1214 operationSecurityEvent.setOperation(new QName("definitions"));
1215 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1216
1217 policyEnforcer.doFinal();
1218 }
1219
1220 @Test
1221 public void testSamlTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
1222 String policyString =
1223 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1224 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1225 " <sp:SamlToken>\n" +
1226 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1227 " <wsp:Policy/>\n" +
1228 " </sp:SamlToken>\n" +
1229 " </wsp:Policy>\n" +
1230 "</sp:SupportingTokens>";
1231
1232 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1233
1234 SAMLCallback samlCallback = new SAMLCallback();
1235 samlCallback.setSamlVersion(Version.SAML_20);
1236 samlCallback.setIssuer("xs:anyURI");
1237 SubjectBean subjectBean = new SubjectBean();
1238 samlCallback.setSubject(subjectBean);
1239 SamlAssertionWrapper samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1240
1241 SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
1242 SamlSecurityTokenImpl samlSecurityToken =
1243 new SamlSecurityTokenImpl(
1244 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1245 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1246 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1247 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1248 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1249
1250 tokenSecurityEvent = new SamlTokenSecurityEvent();
1251 samlSecurityToken =
1252 new SamlSecurityTokenImpl(
1253 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1254 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1255 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1256 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1257 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1258
1259 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1260 operationSecurityEvent.setOperation(new QName("definitions"));
1261
1262 try {
1263 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1264 fail("Exception expected");
1265 } catch (WSSecurityException e) {
1266 assertTrue(e.getCause() instanceof WSSPolicyException);
1267 }
1268 }
1269
1270 @Test
1271 public void testSamlTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
1272 String policyString =
1273 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1274 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1275 " <sp:SamlToken>\n" +
1276 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1277 " <wsp:Policy/>\n" +
1278 " </sp:SamlToken>\n" +
1279 " </wsp:Policy>\n" +
1280 "</sp:SupportingTokens>";
1281
1282 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1283
1284 SAMLCallback samlCallback = new SAMLCallback();
1285 samlCallback.setSamlVersion(Version.SAML_20);
1286 samlCallback.setIssuer("CN=transmitter,OU=swssf,C=CH");
1287 SubjectBean subjectBean = new SubjectBean();
1288 samlCallback.setSubject(subjectBean);
1289 SamlAssertionWrapper samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1290
1291 SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
1292 SamlSecurityTokenImpl samlSecurityToken =
1293 new SamlSecurityTokenImpl(
1294 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1295 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1296 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1297 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1298 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1299
1300 samlCallback.setIssuer("xs:anyURI");
1301 samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1302
1303 tokenSecurityEvent = new SamlTokenSecurityEvent();
1304 samlSecurityToken =
1305 new SamlSecurityTokenImpl(
1306 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1307 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1308 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1309 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1310 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1311
1312 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1313 operationSecurityEvent.setOperation(new QName("definitions"));
1314 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1315
1316 policyEnforcer.doFinal();
1317 }
1318
1319 @Test
1320 public void testSamlTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
1321 String policyString =
1322 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1323 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1324 " <sp:SamlToken>\n" +
1325 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1326 " <wsp:Policy/>\n" +
1327 " </sp:SamlToken>\n" +
1328 " </wsp:Policy>\n" +
1329 "</sp:SupportingTokens>";
1330
1331 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1332
1333 SAMLCallback samlCallback = new SAMLCallback();
1334 samlCallback.setSamlVersion(Version.SAML_20);
1335 samlCallback.setIssuer("xs:anyURI");
1336 SubjectBean subjectBean = new SubjectBean();
1337 samlCallback.setSubject(subjectBean);
1338 SamlAssertionWrapper samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1339
1340 SamlTokenSecurityEvent tokenSecurityEvent = new SamlTokenSecurityEvent();
1341 SamlSecurityTokenImpl samlSecurityToken =
1342 new SamlSecurityTokenImpl(
1343 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1344 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1345 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1346 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1347 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1348
1349 samlCallback.setIssuer("CN=transmitter,OU=swssf,C=CH");
1350 samlAssertionWrapper = createSamlAssertionWrapper(samlCallback);
1351
1352 tokenSecurityEvent = new SamlTokenSecurityEvent();
1353 samlSecurityToken =
1354 new SamlSecurityTokenImpl(
1355 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null,
1356 WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE, null);
1357 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1358 tokenSecurityEvent.setSecurityToken(samlSecurityToken);
1359 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1360
1361 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1362 operationSecurityEvent.setOperation(new QName("definitions"));
1363 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1364
1365 policyEnforcer.doFinal();
1366 }
1367
1368 @Test
1369 public void testRelTokenSupportingTokenPolicyAdditionalToken() throws Exception {
1370 String policyString =
1371 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1372 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1373 " <sp:RelToken>\n" +
1374 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1375 " </sp:RelToken>\n" +
1376 " </wsp:Policy>\n" +
1377 "</sp:SupportingTokens>";
1378
1379 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1380
1381 RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
1382 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1383 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1384 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1385 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1386 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1387
1388 tokenSecurityEvent = new RelTokenSecurityEvent();
1389 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1390 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1391 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1392 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1393 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1394
1395 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1396 operationSecurityEvent.setOperation(new QName("definitions"));
1397 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1398
1399 policyEnforcer.doFinal();
1400 }
1401
1402 @Test
1403 public void testRelTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
1404 String policyString =
1405 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1406 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1407 " <sp:RelToken>\n" +
1408 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1409 " </sp:RelToken>\n" +
1410 " </wsp:Policy>\n" +
1411 "</sp:SupportingTokens>";
1412
1413 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1414
1415 RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
1416 tokenSecurityEvent.setIssuerName("test");
1417 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1418 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1419 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1420 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1421
1422 tokenSecurityEvent = new RelTokenSecurityEvent();
1423 tokenSecurityEvent.setIssuerName("test");
1424 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1425 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1426 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1427 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1428
1429 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1430 operationSecurityEvent.setOperation(new QName("definitions"));
1431
1432 try {
1433 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1434 fail("Exception expected");
1435 } catch (WSSecurityException e) {
1436 assertTrue(e.getCause() instanceof WSSPolicyException);
1437 }
1438 }
1439
1440 @Test
1441 public void testRelTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
1442 String policyString =
1443 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1444 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1445 " <sp:RelToken>\n" +
1446 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1447 " </sp:RelToken>\n" +
1448 " </wsp:Policy>\n" +
1449 "</sp:SupportingTokens>";
1450
1451 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1452
1453 RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
1454 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1455 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1456 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1457 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1458 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1459
1460 tokenSecurityEvent = new RelTokenSecurityEvent();
1461 tokenSecurityEvent.setIssuerName("test");
1462 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1463 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1464 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1465 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1466
1467 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1468 operationSecurityEvent.setOperation(new QName("definitions"));
1469 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1470
1471 policyEnforcer.doFinal();
1472 }
1473
1474 @Test
1475 public void testRelTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
1476 String policyString =
1477 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1478 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1479 " <sp:RelTokenSecurityEvent>\n" +
1480 " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
1481 " </sp:RelTokenSecurityEvent>\n" +
1482 " </wsp:Policy>\n" +
1483 "</sp:SupportingTokens>";
1484
1485 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1486
1487 RelTokenSecurityEvent tokenSecurityEvent = new RelTokenSecurityEvent();
1488 tokenSecurityEvent.setIssuerName("test");
1489 X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1490 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1491 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1492 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1493
1494 tokenSecurityEvent = new RelTokenSecurityEvent();
1495 tokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
1496 x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
1497 x509SecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1498 tokenSecurityEvent.setSecurityToken(x509SecurityToken);
1499 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1500
1501 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1502 operationSecurityEvent.setOperation(new QName("definitions"));
1503 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1504
1505 policyEnforcer.doFinal();
1506 }
1507
1508 @Test
1509 public void testKeyValueTokenSupportingTokenPolicyAdditionalToken() throws Exception {
1510 String policyString =
1511 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1512 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1513 " <sp:KeyValueToken>\n" +
1514 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1515 " <sp:RsaKeyValue/>\n" +
1516 " </wsp:Policy>\n" +
1517 " </sp:KeyValueToken>\n" +
1518 " </wsp:Policy>\n" +
1519 "</sp:SupportingTokens>";
1520
1521 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1522
1523 KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1524 RsaKeyValueSecurityTokenImpl rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1525 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1526 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1527 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1528
1529 tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1530 rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1531 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1532 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1533 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1534
1535 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1536 operationSecurityEvent.setOperation(new QName("definitions"));
1537 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1538
1539 policyEnforcer.doFinal();
1540 }
1541
1542 @Test
1543 public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenNegative() throws Exception {
1544 String policyString =
1545 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1546 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1547 " <sp:KeyValueToken>\n" +
1548 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1549 " <sp:RsaKeyValue/>\n" +
1550 " </wsp:Policy>\n" +
1551 " </sp:KeyValueToken>\n" +
1552 " </wsp:Policy>\n" +
1553 "</sp:SupportingTokens>";
1554
1555 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1556
1557 KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1558 DsaKeyValueSecurityTokenImpl dsaKeyValueSecurityToken = getDsaKeyValueSecurityToken();
1559 dsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1560 tokenSecurityEvent.setSecurityToken(dsaKeyValueSecurityToken);
1561 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1562
1563 tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1564 dsaKeyValueSecurityToken = getDsaKeyValueSecurityToken();
1565 dsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1566 tokenSecurityEvent.setSecurityToken(dsaKeyValueSecurityToken);
1567 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1568
1569 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1570 operationSecurityEvent.setOperation(new QName("definitions"));
1571
1572 try {
1573 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1574 fail("Exception expected");
1575 } catch (WSSecurityException e) {
1576 assertTrue(e.getCause() instanceof WSSPolicyException);
1577 }
1578 }
1579
1580 @Test
1581 public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
1582 String policyString =
1583 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1584 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1585 " <sp:KeyValueToken>\n" +
1586 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1587 " <sp:RsaKeyValue/>\n" +
1588 " </wsp:Policy>\n" +
1589 " </sp:KeyValueToken>\n" +
1590 " </wsp:Policy>\n" +
1591 "</sp:SupportingTokens>";
1592
1593 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1594
1595 KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1596 RsaKeyValueSecurityTokenImpl rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1597 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1598 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1599 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1600
1601 tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1602 rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1603 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1604 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1605 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1606
1607 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1608 operationSecurityEvent.setOperation(new QName("definitions"));
1609 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1610
1611 policyEnforcer.doFinal();
1612 }
1613
1614 @Test
1615 public void testKeyValueTokenSupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
1616 String policyString =
1617 "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
1618 "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1619 " <sp:KeyValueToken>\n" +
1620 " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
1621 " <sp:RsaKeyValue/>\n" +
1622 " </wsp:Policy>\n" +
1623 " </sp:KeyValueToken>\n" +
1624 " </wsp:Policy>\n" +
1625 "</sp:SupportingTokens>";
1626
1627 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
1628
1629 KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1630 RsaKeyValueSecurityTokenImpl rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1631 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1632 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1633 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1634
1635 tokenSecurityEvent = new KeyValueTokenSecurityEvent();
1636 rsaKeyValueSecurityToken = getRsaKeyValueSecurityToken();
1637 rsaKeyValueSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
1638 tokenSecurityEvent.setSecurityToken(rsaKeyValueSecurityToken);
1639 policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
1640
1641 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
1642 operationSecurityEvent.setOperation(new QName("definitions"));
1643 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
1644
1645 policyEnforcer.doFinal();
1646 }
1647 }