1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import org.apache.wss4j.common.ext.WSSecurityException;
22 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
23 import org.apache.wss4j.common.WSSPolicyException;
24 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
25 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
26 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
27 import org.apache.wss4j.stax.test.InboundWSSecurityContextImplTest;
28 import org.junit.jupiter.api.Test;
29
30 import java.nio.charset.StandardCharsets;
31 import java.util.List;
32
33 import static org.junit.jupiter.api.Assertions.assertEquals;
34 import static org.junit.jupiter.api.Assertions.assertTrue;
35 import static org.junit.jupiter.api.Assertions.fail;
36
37 public class WSP13SpecTest extends AbstractPolicyTestBase {
38
39 private InboundWSSecurityContextImplTest inboundWSSecurityContextImplTest = new InboundWSSecurityContextImplTest();
40
41 @Test
42 public void testTransportBindingC11a() throws Exception {
43 {
44 String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", StandardCharsets.UTF_8);
45
46 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
47
48 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
49 applyPolicy(null, null, null, policyEnforcer, securityEventList);
50 }
51 {
52 String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", StandardCharsets.UTF_8);
53
54 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
55
56 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
57 applyPolicy(WSSecurityEventConstants.HTTPS_TOKEN, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied", policyEnforcer, securityEventList);
58 }
59 {
60 String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", StandardCharsets.UTF_8);
61
62 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
63
64 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
65 applyPolicy(WSSecurityEventConstants.REQUIRED_ELEMENT, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present", policyEnforcer, securityEventList);
66 }
67 {
68 String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", StandardCharsets.UTF_8);
69
70 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
71
72 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
73 applyPolicy(WSSecurityEventConstants.USERNAME_TOKEN, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied", policyEnforcer, securityEventList);
74 }
75 {
76 String policyString = loadResourceAsString("testdata/policy/transportBindingPolicyC11.xml", StandardCharsets.UTF_8);
77
78 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
79
80 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateTransportBindingSecurityEvents();
81 applyPolicy(SecurityEventConstants.X509Token, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied", policyEnforcer, securityEventList);
82 }
83 }
84
85 @Test
86 public void testAsymmetricBindingC31a() throws Exception {
87 {
88 String policyString = loadResourceAsString("testdata/policy/asymmetricBindingPolicyC31.xml", StandardCharsets.UTF_8);
89
90 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
91
92 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateAsymmetricBindingSecurityEvents();
93 applyPolicy(null, null, null, policyEnforcer, securityEventList);
94 }
95 {
96 String policyString = loadResourceAsString("testdata/policy/asymmetricBindingPolicyC31.xml", StandardCharsets.UTF_8);
97
98 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
99
100 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateAsymmetricBindingSecurityEvents();
101 applyPolicy(WSSecurityEventConstants.REQUIRED_ELEMENT, 8, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present", policyEnforcer, securityEventList);
102 }
103 {
104 String policyString = loadResourceAsString("testdata/policy/asymmetricBindingPolicyC31.xml", StandardCharsets.UTF_8);
105
106 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
107
108 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateAsymmetricBindingSecurityEvents();
109 applyPolicy(SecurityEventConstants.X509Token, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied", policyEnforcer, securityEventList);
110 }
111 {
112 String policyString = loadResourceAsString("testdata/policy/asymmetricBindingPolicyC31.xml", StandardCharsets.UTF_8);
113
114 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
115
116 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateAsymmetricBindingSecurityEvents();
117 applyPolicy(WSSecurityEventConstants.USERNAME_TOKEN, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied", policyEnforcer, securityEventList);
118 }
119 }
120
121 @Test
122 public void testSymmetricBindingC21a() throws Exception {
123 {
124 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", StandardCharsets.UTF_8);
125
126 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
127
128 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
129 applyPolicy(null, null, null, policyEnforcer, securityEventList);
130 }
131 {
132 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", StandardCharsets.UTF_8);
133
134 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
135
136 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
137 applyPolicy(WSSecurityEventConstants.REQUIRED_ELEMENT, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present", policyEnforcer, securityEventList);
138 }
139 {
140 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", StandardCharsets.UTF_8);
141
142 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
143
144 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
145 applyPolicy(WSSecurityEventConstants.SAML_TOKEN, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied", policyEnforcer, securityEventList);
146 }
147 {
148 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", StandardCharsets.UTF_8);
149
150 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
151
152 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
153 applyPolicy(WSSecurityEventConstants.USERNAME_TOKEN, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied", policyEnforcer, securityEventList);
154 }
155 {
156 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21a.xml", StandardCharsets.UTF_8);
157
158 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
159
160 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
161 applyPolicy(SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied", policyEnforcer, securityEventList);
162 }
163 }
164
165 @Test
166 public void testSymmetricBindingC21b() throws Exception {
167 {
168 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", StandardCharsets.UTF_8);
169
170 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
171
172 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
173 applyPolicy(null, null, null, policyEnforcer, securityEventList);
174 }
175 {
176 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", StandardCharsets.UTF_8);
177
178 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
179
180 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
181 applyPolicy(WSSecurityEventConstants.REQUIRED_ELEMENT, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present", policyEnforcer, securityEventList);
182 }
183 {
184 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", StandardCharsets.UTF_8);
185
186 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
187
188 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
189 applyPolicy(WSSecurityEventConstants.SAML_TOKEN, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied", policyEnforcer, securityEventList);
190 }
191 {
192 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", StandardCharsets.UTF_8);
193
194 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
195
196 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
197 applyPolicy(WSSecurityEventConstants.USERNAME_TOKEN, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied", policyEnforcer, securityEventList);
198 }
199 {
200 String policyString = loadResourceAsString("testdata/policy/symmetricBindingPolicyC21b.xml", StandardCharsets.UTF_8);
201
202 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
203
204 List<SecurityEvent> securityEventList = inboundWSSecurityContextImplTest.generateSymmetricBindingSecurityEvents();
205 applyPolicy(SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied", policyEnforcer, securityEventList);
206 }
207 }
208
209 private void applyPolicy(SecurityEventConstants.Event ignoreEvent, Integer eventIndex, String expectedErrorMessage, PolicyEnforcer policyEnforcer, List<SecurityEvent> securityEventList) throws WSSecurityException {
210 try {
211 for (int i = 0; i < securityEventList.size(); i++) {
212 SecurityEvent securityEvent = securityEventList.get(i);
213 if (eventIndex != null && eventIndex == -1 && securityEvent.getSecurityEventType() == ignoreEvent) {
214 continue;
215 }
216 if (eventIndex != null && i == eventIndex && securityEvent.getSecurityEventType() != ignoreEvent) {
217 for (int j = 0; j < securityEventList.size(); j++) {
218 System.out.println(j + " " + securityEventList.get(j));
219 }
220 fail("Event at index " + eventIndex + " is not of type " + ignoreEvent);
221 }
222 if (ignoreEvent == null || i != eventIndex) {
223 policyEnforcer.registerSecurityEvent(securityEvent);
224 }
225 }
226
227 policyEnforcer.doFinal();
228 if (ignoreEvent != null) {
229 fail("Expected WSSPolicyException");
230 }
231 } catch (WSSPolicyException e) {
232
233 if (ignoreEvent == null) {
234 fail("Unexpected WSSPolicyException: " + e.getMessage());
235 }
236 assertEquals(e.getMessage(), expectedErrorMessage);
237 } catch (WSSecurityException e) {
238
239 if (ignoreEvent == null) {
240 fail("Unexpected WSSPolicyException: " + e.getMessage());
241 }
242 assertTrue(e.getCause() instanceof WSSPolicyException);
243 assertEquals(e.getCause().getMessage(), expectedErrorMessage);
244 }
245 }
246 }