use of org.apache.neethi.Policy in project cxf by apache.
the class PolicyEngineTest method testAddAssertions.
@Test
public void testAddAssertions() {
engine = new PolicyEngineImpl();
Collection<Assertion> assertions = new ArrayList<>();
Assertion a = control.createMock(Assertion.class);
EasyMock.expect(a.getType()).andReturn(Constants.TYPE_ASSERTION);
EasyMock.expect(a.isOptional()).andReturn(true);
control.replay();
engine.addAssertions(a, false, assertions);
assertTrue(assertions.isEmpty());
control.verify();
control.reset();
EasyMock.expect(a.getType()).andReturn(Constants.TYPE_ASSERTION);
control.replay();
engine.addAssertions(a, true, assertions);
assertEquals(1, assertions.size());
assertSame(a, assertions.iterator().next());
control.verify();
assertions.clear();
Policy p = new Policy();
a = new PrimitiveAssertion(new QName("http://x.y.z", "a"));
p.addAssertion(a);
// id has no #
engine.getRegistry().register("ab", p);
// local reference is an id + #
PolicyReference pr = new PolicyReference();
pr.setURI("#ab");
engine.addAssertions(pr, false, assertions);
assertEquals(1, assertions.size());
assertSame(a, assertions.iterator().next());
}
use of org.apache.neethi.Policy in project cxf by apache.
the class AbstractPolicySecurityTest method runOutInterceptorAndValidateSamlTokenAttached.
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement = this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion = this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
// Sign the "issued" assertion
SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(issuedAssertion);
assertionWrapper.signAssertion("myalias", "myAliasPassword", crypto, false);
Document doc = DOMUtils.newDocument();
issuedAssertion = OpenSAMLUtil.toDom(assertionWrapper.getSaml1(), doc);
String assertionId = issuedAssertion.getAttributeNodeNS(null, "AssertionID").getNodeValue();
SecurityToken issuedToken = new SecurityToken(assertionId, issuedAssertion, null);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().getEndpoint().getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(msg, policy, aim, null, null);
this.runInInterceptorAndValidate(signedDoc, policy, Collections.singletonList(SP12Constants.ISSUED_TOKEN), null, Collections.singletonList(CoverageType.SIGNED));
}
use of org.apache.neethi.Policy in project cxf by apache.
the class AbstractPolicySecurityTest method runAndValidate.
protected void runAndValidate(String document, String outPolicyDocument, String inPolicyDocument, AssertionsHolder outAssertions, AssertionsHolder inAssertions, List<CoverageType> types) throws Exception {
final Element outPolicyElement = this.readDocument(outPolicyDocument).getDocumentElement();
final Element inPolicyElement;
if (inPolicyDocument != null) {
inPolicyElement = this.readDocument(inPolicyDocument).getDocumentElement();
} else {
inPolicyElement = outPolicyElement;
}
final Policy outPolicy = this.policyBuilder.getPolicy(outPolicyElement);
final Policy inPolicy = this.policyBuilder.getPolicy(inPolicyElement);
final Document originalDoc = this.readDocument(document);
final Document inDoc = this.runOutInterceptorAndValidate(originalDoc, outPolicy, outAssertions.getAssertedAssertions(), outAssertions.getNotAssertedAssertions());
// Can't use this method if you want output that is not mangled.
// Such is the case when you want to capture output to use
// as input to another test case.
// DOMUtils.writeXml(inDoc, System.out);
// Use this snippet if you need intermediate output for debugging.
/*
* dumpDocument(inDoc);
*/
/* This verifies of the header elements have been
* wrapped in an EncryptedHeader
* See SOAP Message Security 1.1, chapter 9.3
*/
verifyEncryptedHeader(originalDoc, inDoc);
this.runInInterceptorAndValidate(inDoc, inPolicy, inAssertions.getAssertedAssertions(), inAssertions.getNotAssertedAssertions(), types);
}
use of org.apache.neethi.Policy in project cxf by apache.
the class SpnegoContextTokenInInterceptor method handleMessage.
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
if (ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
// client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return;
}
String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
if (s == null) {
s = SoapActionInInterceptor.getSoapAction(message);
}
AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null && s == null) {
// MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
if (s != null && s.contains("/RST/Issue") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
// setup endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
} else {
message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
}
}
}
use of org.apache.neethi.Policy in project cxf by apache.
the class SpnegoTokenInterceptorProvider method setupClient.
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
client.setPolicy(p);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSpnego(true);
WSSConfig config = WSSConfig.getNewInstance();
String context = config.getIdAllocator().createSecureId("_", null);
client.setContext(context);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Aggregations