Examples with Policy org.apache.neethi.Policy used on opensource projects

Example 46 with Policy

use of org.apache.neethi.Policy in project cxf by apache.

the class PolicyEngineTest method testAddAssertions.

@Test
public void testAddAssertions() {
    engine = new PolicyEngineImpl();
    Collection<Assertion> assertions = new ArrayList<>();
    Assertion a = control.createMock(Assertion.class);
    EasyMock.expect(a.getType()).andReturn(Constants.TYPE_ASSERTION);
    EasyMock.expect(a.isOptional()).andReturn(true);
    control.replay();
    engine.addAssertions(a, false, assertions);
    assertTrue(assertions.isEmpty());
    control.verify();
    control.reset();
    EasyMock.expect(a.getType()).andReturn(Constants.TYPE_ASSERTION);
    control.replay();
    engine.addAssertions(a, true, assertions);
    assertEquals(1, assertions.size());
    assertSame(a, assertions.iterator().next());
    control.verify();
    assertions.clear();
    Policy p = new Policy();
    a = new PrimitiveAssertion(new QName("http://x.y.z", "a"));
    p.addAssertion(a);
    // id has no #
    engine.getRegistry().register("ab", p);
    // local reference is an id + #
    PolicyReference pr = new PolicyReference();
    pr.setURI("#ab");
    engine.addAssertions(pr, false, assertions);
    assertEquals(1, assertions.size());
    assertSame(a, assertions.iterator().next());
}

Example 47 with Policy

use of org.apache.neethi.Policy in project cxf by apache.

the class AbstractPolicySecurityTest method runOutInterceptorAndValidateSamlTokenAttached.

protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
    // create the request message
    final Document document = this.readDocument("wsse-request-clean.xml");
    final Element outPolicyElement = this.readDocument(policyDoc).getDocumentElement();
    final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
    AssertionInfoMap aim = new AssertionInfoMap(policy);
    SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
    // add an "issued" assertion into the message exchange
    Element issuedAssertion = this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
    Properties cryptoProps = new Properties();
    URL url = ClassLoader.getSystemResource("outsecurity.properties");
    cryptoProps.load(url.openStream());
    Crypto crypto = CryptoFactory.getInstance(cryptoProps);
    // Sign the "issued" assertion
    SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(issuedAssertion);
    assertionWrapper.signAssertion("myalias", "myAliasPassword", crypto, false);
    Document doc = DOMUtils.newDocument();
    issuedAssertion = OpenSAMLUtil.toDom(assertionWrapper.getSaml1(), doc);
    String assertionId = issuedAssertion.getAttributeNodeNS(null, "AssertionID").getNodeValue();
    SecurityToken issuedToken = new SecurityToken(assertionId, issuedAssertion, null);
    String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(alias);
    issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
    msg.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
    msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
    TokenStore tokenStore = new MemoryTokenStore();
    msg.getExchange().getEndpoint().getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
    tokenStore.add(issuedToken);
    // fire the interceptor and verify results
    final Document signedDoc = this.runOutInterceptorAndValidate(msg, policy, aim, null, null);
    this.runInInterceptorAndValidate(signedDoc, policy, Collections.singletonList(SP12Constants.ISSUED_TOKEN), null, Collections.singletonList(CoverageType.SIGNED));
}

Example 48 with Policy

use of org.apache.neethi.Policy in project cxf by apache.

the class AbstractPolicySecurityTest method runAndValidate.

protected void runAndValidate(String document, String outPolicyDocument, String inPolicyDocument, AssertionsHolder outAssertions, AssertionsHolder inAssertions, List<CoverageType> types) throws Exception {
    final Element outPolicyElement = this.readDocument(outPolicyDocument).getDocumentElement();
    final Element inPolicyElement;
    if (inPolicyDocument != null) {
        inPolicyElement = this.readDocument(inPolicyDocument).getDocumentElement();
    } else {
        inPolicyElement = outPolicyElement;
    }
    final Policy outPolicy = this.policyBuilder.getPolicy(outPolicyElement);
    final Policy inPolicy = this.policyBuilder.getPolicy(inPolicyElement);
    final Document originalDoc = this.readDocument(document);
    final Document inDoc = this.runOutInterceptorAndValidate(originalDoc, outPolicy, outAssertions.getAssertedAssertions(), outAssertions.getNotAssertedAssertions());
    // Can't use this method if you want output that is not mangled.
    // Such is the case when you want to capture output to use
    // as input to another test case.
    // DOMUtils.writeXml(inDoc, System.out);
    // Use this snippet if you need intermediate output for debugging.
    /*
         * dumpDocument(inDoc);
         */
    /* This verifies of the header elements have been
         * wrapped in an EncryptedHeader
         * See SOAP Message Security 1.1, chapter 9.3
         */
    verifyEncryptedHeader(originalDoc, inDoc);
    this.runInInterceptorAndValidate(inDoc, inPolicy, inAssertions.getAssertedAssertions(), inAssertions.getNotAssertedAssertions(), types);
}

Example 49 with Policy

use of org.apache.neethi.Policy in project cxf by apache.

the class SpnegoContextTokenInInterceptor method handleMessage.

public void handleMessage(SoapMessage message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
        if (ais.isEmpty()) {
            return;
        }
        if (isRequestor(message)) {
            // client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            return;
        }
        String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
        if (s == null) {
            s = SoapActionInInterceptor.getSoapAction(message);
        }
        AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
        if (inProps != null && s == null) {
            // MS/WCF doesn't put a soap action out for this, must check the headers
            s = inProps.getAction().getValue();
        }
        if (s != null && s.contains("/RST/Issue") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
            Policy p = new Policy();
            ExactlyOne ea = new ExactlyOne();
            p.addPolicyComponent(ea);
            All all = new All();
            Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
            all.addPolicyComponent(ass);
            ea.addPolicyComponent(all);
            // setup endpoint and forward to it.
            unmapSecurityProps(message);
            String ns = STSUtils.WST_NS_05_12;
            if (s.startsWith(STSUtils.WST_NS_05_02)) {
                ns = STSUtils.WST_NS_05_02;
            }
            NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
        } else {
            message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
        }
    }
}

Example 50 with Policy

use of org.apache.neethi.Policy in project cxf by apache.

the class SpnegoTokenInterceptorProvider method setupClient.

static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
    client.setTrust(NegotiationUtils.getTrust10(aim));
    client.setTrust(NegotiationUtils.getTrust13(aim));
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
    ea.addPolicyComponent(all);
    client.setPolicy(p);
    client.setSoap11(message.getVersion() == Soap11.getInstance());
    client.setSpnego(true);
    WSSConfig config = WSSConfig.getNewInstance();
    String context = config.getIdAllocator().createSecureId("_", null);
    client.setContext(context);
    String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
    client.setLocation(s);
    AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
    if (suite != null) {
        client.setAlgorithmSuite(suite);
        int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
        if (x < 256) {
            client.setKeySize(x);
        }
    }
    Map<String, Object> ctx = client.getRequestContext();
    mapSecurityProps(message, ctx);
    return s;
}