use of org.apache.neethi.All in project cxf by apache.
the class FirstAlternativeSelectorTest method testChooseAlternative.
@Test
public void testChooseAlternative() {
AlternativeSelector selector = new FirstAlternativeSelector();
PolicyEngine engine = control.createMock(PolicyEngine.class);
Assertor assertor = control.createMock(Assertor.class);
Policy policy = new Policy();
ExactlyOne ea = new ExactlyOne();
All all = new All();
PolicyAssertion a1 = new TestAssertion();
all.addAssertion(a1);
ea.addPolicyComponent(all);
Collection<PolicyAssertion> firstAlternative = CastUtils.cast(all.getPolicyComponents(), PolicyAssertion.class);
policy.addPolicyComponent(ea);
Message m = new MessageImpl();
EasyMock.expect(engine.supportsAlternative(firstAlternative, assertor, m)).andReturn(false);
control.replay();
assertNull(selector.selectAlternative(policy, engine, assertor, null, m));
control.verify();
control.reset();
EasyMock.expect(engine.supportsAlternative(firstAlternative, assertor, m)).andReturn(true);
control.replay();
Collection<Assertion> chosen = selector.selectAlternative(policy, engine, assertor, null, m);
assertSame(1, chosen.size());
assertSame(chosen.size(), firstAlternative.size());
assertSame(chosen.iterator().next(), firstAlternative.iterator().next());
control.verify();
control.reset();
All other = new All();
other.addAssertion(a1);
ea.addPolicyComponent(other);
Collection<PolicyAssertion> secondAlternative = CastUtils.cast(other.getPolicyComponents(), PolicyAssertion.class);
EasyMock.expect(engine.supportsAlternative(firstAlternative, assertor, m)).andReturn(false);
EasyMock.expect(engine.supportsAlternative(secondAlternative, assertor, m)).andReturn(true);
control.replay();
chosen = selector.selectAlternative(policy, engine, assertor, null, m);
assertSame(1, chosen.size());
assertSame(chosen.size(), secondAlternative.size());
assertSame(chosen.iterator().next(), secondAlternative.iterator().next());
control.verify();
}
use of org.apache.neethi.All in project cxf by apache.
the class MinimalMaximalAlternativeSelectorTest method testChooseMinAlternative.
@Test
public void testChooseMinAlternative() {
Message m = new MessageImpl();
AlternativeSelector selector = new MinimalAlternativeSelector();
PolicyEngine engine = control.createMock(PolicyEngine.class);
Assertor assertor = control.createMock(Assertor.class);
Policy policy = new Policy();
ExactlyOne ea = new ExactlyOne();
All all = new All();
PolicyAssertion a1 = new TestAssertion();
all.addAssertion(a1);
ea.addPolicyComponent(all);
Collection<PolicyAssertion> maxAlternative = CastUtils.cast(all.getPolicyComponents(), PolicyAssertion.class);
all = new All();
ea.addPolicyComponent(all);
Collection<PolicyAssertion> minAlternative = CastUtils.cast(all.getPolicyComponents(), PolicyAssertion.class);
policy.addPolicyComponent(ea);
EasyMock.expect(engine.supportsAlternative(maxAlternative, assertor, m)).andReturn(true);
EasyMock.expect(engine.supportsAlternative(minAlternative, assertor, m)).andReturn(true);
control.replay();
Collection<Assertion> choice = selector.selectAlternative(policy, engine, assertor, null, m);
assertEquals(0, choice.size());
control.verify();
}
use of org.apache.neethi.All in project cxf by apache.
the class AbstractSTSClient method validate.
/**
* Make an "Validate" invocation and return the response as a STSResponse Object
*/
protected STSResponse validate(SecurityToken tok, String tokentype) throws Exception {
createClient();
if (tokentype == null) {
tokentype = tokenType;
}
if (tokentype == null) {
tokentype = namespace + "/RSTR/Status";
}
Policy validatePolicy = new Policy();
ExactlyOne one = new ExactlyOne();
validatePolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, tok);
BindingOperationInfo boi = findOperation("/RST/Validate");
if (boi == null) {
boi = findOperation("/RST/Issue");
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
}
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Validate");
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(tokentype);
writer.writeEndElement();
if (tokentype.endsWith("/RSTR/Status")) {
addClaims(writer);
writer.writeStartElement("wst", "ValidateTarget", namespace);
Element el = tok.getToken();
if (el != null) {
StaxUtils.copy(el, writer);
}
writer.writeEndElement();
writer.writeEndElement();
Object[] o = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource) o[0], null);
}
if (enableLifetime) {
addLifetime(writer);
}
// Default to Bearer KeyType
String keyTypeTemplate = keyType;
if (keyTypeTemplate == null) {
keyTypeTemplate = namespace + "/Bearer";
}
keyTypeTemplate = writeKeyType(writer, keyTypeTemplate);
byte[] requestorEntropy = null;
X509Certificate cert = null;
Crypto crypto = null;
if (keySize <= 0) {
keySize = 256;
}
if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) {
requestorEntropy = writeElementsForRSTSymmetricKey(writer, false);
} else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey")) {
// Use the given cert, or else get it from a Crypto instance
if (useKeyCertificate != null) {
cert = useKeyCertificate;
} else {
crypto = createCrypto(false);
cert = getCert(crypto);
}
writeElementsForRSTPublicKey(writer, cert);
}
writeRenewalSemantics(writer);
addClaims(writer);
writer.writeStartElement("wst", "ValidateTarget", namespace);
Element el = tok.getToken();
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] o = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource) o[0], requestorEntropy, cert, crypto);
}
use of org.apache.neethi.All in project cxf by apache.
the class AbstractSTSClient method cancel.
/**
* Make an "Cancel" invocation and return the response as a STSResponse Object
*/
protected STSResponse cancel(SecurityToken token) throws Exception {
createClient();
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
BindingOperationInfo boi = findOperation("/RST/Cancel");
boolean attachTokenDirectly = true;
if (boi == null) {
attachTokenDirectly = false;
boi = findOperation("/RST/Issue");
Policy cancelPolicy = new Policy();
ExactlyOne one = new ExactlyOne();
cancelPolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT, null, null, null, null);
secureConversationToken.setOptional(true);
class InternalProtectionToken extends ProtectionToken {
InternalProtectionToken(SPVersion version, Policy nestedPolicy) {
super(version, nestedPolicy);
super.setToken(secureConversationToken);
}
}
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, new Policy());
all.addAssertion(binding);
all.addAssertion(getAddressingAssertion());
binding.setProtectionToken(new InternalProtectionToken(SPConstants.SPVersion.SP12, new Policy()));
binding.setIncludeTimestamp(true);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
String addrNamespace = addressingNamespace;
if (addrNamespace == null) {
addrNamespace = "http://www.w3.org/2005/08/addressing";
}
List<Header> headers = new ArrayList<>();
headers.add(new Header("To", addrNamespace));
headers.add(new Header("From", addrNamespace));
headers.add(new Header("FaultTo", addrNamespace));
headers.add(new Header("ReplyTo", addrNamespace));
headers.add(new Header("Action", addrNamespace));
headers.add(new Header("MessageID", addrNamespace));
headers.add(new Header("RelatesTo", addrNamespace));
SignedParts parts = new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
parts.setOptional(true);
all.addPolicyComponent(parts);
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
}
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Cancel");
} else {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Cancel");
}
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Cancel");
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
Element el = null;
if (attachTokenDirectly) {
el = token.getToken();
} else {
el = token.getUnattachedReference();
if (el == null) {
el = token.getAttachedReference();
}
}
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource) obj[0], null);
}
use of org.apache.neethi.All in project cxf by apache.
the class EndpointPolicyImplTest method testUpdatePolicyWithEmptyExactlyOneAndAll.
@Test
public void testUpdatePolicyWithEmptyExactlyOneAndAll() {
Policy emptyPolicy = new Policy();
PolicyOperator exactlyOne = new ExactlyOne();
exactlyOne.addPolicyComponent(new All());
exactlyOne.addPolicyComponent(new All());
emptyPolicy.addPolicyComponent(exactlyOne);
emptyPolicy.addPolicyComponent(new All());
emptyPolicy.addPolicyComponent(new All());
doTestUpdateWithEmptyPolicy(emptyPolicy);
}
Aggregations