Search in sources :

Example 11 with ExactlyOne

use of org.apache.neethi.ExactlyOne in project cxf by apache.

the class EndpointPolicyImplTest method testUpdatePolicy.

@Test
public void testUpdatePolicy() {
    EndpointPolicyImpl epi = new TestEndpointPolicy();
    Policy p1 = new Policy();
    QName aqn1 = new QName("http://x.y.z", "a");
    p1.addAssertion(mockAssertion(aqn1, 5, true));
    Policy p2 = new Policy();
    QName aqn2 = new QName("http://x.y.z", "b");
    p2.addAssertion(mockAssertion(aqn2, 5, true));
    control.replay();
    epi.setPolicy(p1.normalize(null, true));
    Policy ep = epi.updatePolicy(p2, createMessage()).getPolicy();
    List<ExactlyOne> pops = CastUtils.cast(ep.getPolicyComponents(), ExactlyOne.class);
    assertEquals("New policy must have 1 top level policy operator", 1, pops.size());
    List<All> alts = CastUtils.cast(pops.get(0).getPolicyComponents(), All.class);
    assertEquals("2 alternatives should be available", 2, alts.size());
    List<PolicyAssertion> assertions1 = CastUtils.cast(alts.get(0).getAssertions(), PolicyAssertion.class);
    assertEquals("1 assertion should be available", 1, assertions1.size());
    List<PolicyAssertion> assertions2 = CastUtils.cast(alts.get(1).getAssertions(), PolicyAssertion.class);
    assertEquals("1 assertion should be available", 1, assertions2.size());
    QName n1 = assertions1.get(0).getName();
    QName n2 = assertions2.get(0).getName();
    assertTrue("Policy was not merged", n1.equals(aqn1) && n2.equals(aqn2) || n1.equals(aqn2) && n2.equals(aqn1));
}
Also used : Policy(org.apache.neethi.Policy) All(org.apache.neethi.All) QName(javax.xml.namespace.QName) ExactlyOne(org.apache.neethi.ExactlyOne) Test(org.junit.Test)

Example 12 with ExactlyOne

use of org.apache.neethi.ExactlyOne in project cxf by apache.

the class EndpointPolicyImplTest method doTestUpdateWithEmptyPolicy.

private void doTestUpdateWithEmptyPolicy(Policy emptyPolicy) {
    Policy p1 = new Policy();
    QName aqn1 = new QName("http://x.y.z", "a");
    p1.addAssertion(mockAssertion(aqn1, 5, true));
    EndpointPolicyImpl epi = new TestEndpointPolicy();
    control.replay();
    epi.setPolicy(p1.normalize(true));
    Policy ep = epi.updatePolicy(emptyPolicy, createMessage()).getPolicy();
    List<ExactlyOne> pops = CastUtils.cast(ep.getPolicyComponents(), ExactlyOne.class);
    assertEquals("New policy must have 1 top level policy operator", 1, pops.size());
    List<All> alts = CastUtils.cast(pops.get(0).getPolicyComponents(), All.class);
    assertEquals("1 alternatives should be available", 1, alts.size());
    List<PolicyAssertion> assertions1 = CastUtils.cast(alts.get(0).getAssertions(), PolicyAssertion.class);
    assertEquals("1 assertion should be available", 1, assertions1.size());
    QName n1 = assertions1.get(0).getName();
    assertTrue("Policy was not merged", n1.equals(aqn1));
}
Also used : Policy(org.apache.neethi.Policy) All(org.apache.neethi.All) QName(javax.xml.namespace.QName) ExactlyOne(org.apache.neethi.ExactlyOne)

Example 13 with ExactlyOne

use of org.apache.neethi.ExactlyOne in project cxf by apache.

the class WSSCUnitTest method createSymmetricBindingPolicy.

// mock up a SymmetricBinding policy to talk to the STS
private Policy createSymmetricBindingPolicy() {
    // Add Addressing policy
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, false));
    ea.addPolicyComponent(all);
    // X509 Token
    final X509Token x509Token = new X509Token(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
    Policy x509Policy = new Policy();
    ExactlyOne x509PolicyEa = new ExactlyOne();
    x509Policy.addPolicyComponent(x509PolicyEa);
    All x509PolicyAll = new All();
    x509PolicyAll.addPolicyComponent(x509Token);
    x509PolicyEa.addPolicyComponent(x509PolicyAll);
    // AlgorithmSuite
    Policy algSuitePolicy = new Policy();
    ExactlyOne algSuitePolicyEa = new ExactlyOne();
    algSuitePolicy.addPolicyComponent(algSuitePolicyEa);
    All algSuitePolicyAll = new All();
    algSuitePolicyAll.addAssertion(new PrimitiveAssertion(new QName(SP12Constants.SP_NS, SPConstants.ALGO_SUITE_BASIC128)));
    algSuitePolicyEa.addPolicyComponent(algSuitePolicyAll);
    AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, algSuitePolicy);
    // Symmetric Binding
    Policy bindingPolicy = new Policy();
    ExactlyOne bindingPolicyEa = new ExactlyOne();
    bindingPolicy.addPolicyComponent(bindingPolicyEa);
    All bindingPolicyAll = new All();
    bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, x509Policy));
    bindingPolicyAll.addPolicyComponent(algorithmSuite);
    bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
    bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
    bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
    DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
    binding.setOnlySignEntireHeadersAndBody(true);
    binding.setProtectTokens(false);
    all.addPolicyComponent(binding);
    List<Header> headers = new ArrayList<>();
    SignedParts signedParts = new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
    all.addPolicyComponent(signedParts);
    return p;
}
Also used : Policy(org.apache.neethi.Policy) All(org.apache.neethi.All) PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) DefaultSymmetricBinding(org.apache.cxf.ws.security.trust.DefaultSymmetricBinding) ExactlyOne(org.apache.neethi.ExactlyOne) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) X509Token(org.apache.wss4j.policy.model.X509Token) Header(org.apache.wss4j.policy.model.Header) SignedParts(org.apache.wss4j.policy.model.SignedParts) ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)

Example 14 with ExactlyOne

use of org.apache.neethi.ExactlyOne in project cxf by apache.

the class SecureConversationInInterceptor method handleMessageForAction.

void handleMessageForAction(SoapMessage message, String s, AssertionInfoMap aim, Collection<AssertionInfo> ais) {
    String addNs = null;
    AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
    if (inProps != null) {
        addNs = inProps.getNamespaceURI();
        if (s == null) {
            // MS/WCF doesn't put a soap action out for this, must check the headers
            s = inProps.getAction().getValue();
        }
    }
    if (s != null && s.contains("/RST/SCT") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
        SecureConversationToken tok = (SecureConversationToken) ais.iterator().next().getAssertion();
        Policy pol = tok.getBootstrapPolicy().getPolicy();
        if (s.endsWith("Cancel")) {
            // Cancel just sign with the token
            Policy p = new Policy();
            ExactlyOne ea = new ExactlyOne();
            p.addPolicyComponent(ea);
            All all = new All();
            Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
            all.addPolicyComponent(ass);
            ea.addPolicyComponent(all);
            final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
            Policy sctPolicy = new Policy();
            ExactlyOne sctPolicyEa = new ExactlyOne();
            sctPolicy.addPolicyComponent(sctPolicyEa);
            All sctPolicyAll = new All();
            sctPolicyAll.addPolicyComponent(secureConversationToken);
            sctPolicyEa.addPolicyComponent(sctPolicyAll);
            Policy bindingPolicy = new Policy();
            ExactlyOne bindingPolicyEa = new ExactlyOne();
            bindingPolicy.addPolicyComponent(bindingPolicyEa);
            All bindingPolicyAll = new All();
            AbstractBinding origBinding = PolicyUtils.getSecurityBinding(aim);
            bindingPolicyAll.addPolicyComponent(origBinding.getAlgorithmSuite());
            bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, sctPolicy));
            bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
            bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
            bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
            DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
            binding.setOnlySignEntireHeadersAndBody(true);
            binding.setProtectTokens(false);
            all.addPolicyComponent(binding);
            SignedParts signedParts = getSignedParts(aim, addNs);
            all.addPolicyComponent(signedParts);
            pol = p;
            message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
        } else {
            Policy p = new Policy();
            ExactlyOne ea = new ExactlyOne();
            p.addPolicyComponent(ea);
            All all = new All();
            Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
            all.addPolicyComponent(ass);
            ea.addPolicyComponent(all);
            pol = p.merge(pol);
        }
        // setup SCT endpoint and forward to it.
        unmapSecurityProps(message);
        String ns = STSUtils.WST_NS_05_12;
        if (s.startsWith(STSUtils.WST_NS_05_02)) {
            ns = STSUtils.WST_NS_05_02;
        }
        NegotiationUtils.recalcEffectivePolicy(message, ns, pol, new SecureConversationSTSInvoker(), true);
        // recalc based on new endpoint
        SoapActionInInterceptor.getAndSetOperation(message, s);
    } else {
        message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
    }
    assertPolicies(aim);
}
Also used : Policy(org.apache.neethi.Policy) All(org.apache.neethi.All) PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion) Assertion(org.apache.neethi.Assertion) PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion) DefaultSymmetricBinding(org.apache.cxf.ws.security.trust.DefaultSymmetricBinding) AbstractBinding(org.apache.wss4j.policy.model.AbstractBinding) ExactlyOne(org.apache.neethi.ExactlyOne) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties) SignedParts(org.apache.wss4j.policy.model.SignedParts) ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)

Example 15 with ExactlyOne

use of org.apache.neethi.ExactlyOne in project cxf by apache.

the class SecureConversationTokenInterceptorProvider method setupClient.

static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok, boolean endorse) {
    if (itok.getBootstrapPolicy() == null || itok.getBootstrapPolicy().getPolicy() == null) {
        throw new Fault("The SecureConversationToken does not define a BootstrapPolicy", LOG);
    }
    client.setTrust(NegotiationUtils.getTrust10(aim));
    client.setTrust(NegotiationUtils.getTrust13(aim));
    Policy pol = itok.getBootstrapPolicy().getPolicy();
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
    ea.addPolicyComponent(all);
    if (endorse) {
        SupportingTokens st = new SupportingTokens(SPConstants.SPVersion.SP12, SP12Constants.ENDORSING_SUPPORTING_TOKENS, new Policy());
        st.addToken(itok);
        all.addPolicyComponent(st);
    }
    pol = p.merge(pol);
    client.setPolicy(pol);
    client.setSoap11(message.getVersion() == Soap11.getInstance());
    client.setSecureConv(true);
    String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
    client.setLocation(s);
    AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
    if (suite != null) {
        client.setAlgorithmSuite(suite);
        int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
        if (x < 256) {
            client.setKeySize(x);
        }
    }
    Map<String, Object> ctx = client.getRequestContext();
    mapSecurityProps(message, ctx);
    return s;
}
Also used : Policy(org.apache.neethi.Policy) All(org.apache.neethi.All) SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) Fault(org.apache.cxf.interceptor.Fault) ExactlyOne(org.apache.neethi.ExactlyOne)

Aggregations

ExactlyOne (org.apache.neethi.ExactlyOne)19 All (org.apache.neethi.All)18 Policy (org.apache.neethi.Policy)18 Test (org.junit.Test)9 Assertion (org.apache.neethi.Assertion)7 QName (javax.xml.namespace.QName)6 PrimitiveAssertion (org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)6 Message (org.apache.cxf.message.Message)3 MessageImpl (org.apache.cxf.message.MessageImpl)3 AlternativeSelector (org.apache.cxf.ws.policy.AlternativeSelector)3 Assertor (org.apache.cxf.ws.policy.Assertor)3 PolicyAssertion (org.apache.cxf.ws.policy.PolicyAssertion)3 PolicyEngine (org.apache.cxf.ws.policy.PolicyEngine)3 TestAssertion (org.apache.cxf.ws.policy.TestAssertion)3 AlgorithmSuite (org.apache.wss4j.policy.model.AlgorithmSuite)3 ProtectionToken (org.apache.wss4j.policy.model.ProtectionToken)3 SignedParts (org.apache.wss4j.policy.model.SignedParts)3 ArrayList (java.util.ArrayList)2 ExtensibilityElement (javax.wsdl.extensions.ExtensibilityElement)2 DOMSource (javax.xml.transform.dom.DOMSource)2