use of org.apache.neethi.Policy in project cxf by apache.
the class AlgorithmSuiteBuilder method build.
@Override
public Assertion build(Element element, AssertionBuilderFactory factory) throws IllegalArgumentException {
final SPConstants.SPVersion spVersion = SPConstants.SPVersion.getSPVersion(element.getNamespaceURI());
final Element nestedPolicyElement = SPUtils.getFirstPolicyChildElement(element);
if (nestedPolicyElement == null) {
throw new IllegalArgumentException("sp:AlgorithmSuite must have an inner wsp:Policy element");
}
final Policy nestedPolicy = factory.getPolicyEngine().getPolicy(nestedPolicyElement);
AlgorithmSuiteLoader loader = bus.getExtension(AlgorithmSuiteLoader.class);
if (loader == null) {
loader = new DefaultAlgorithmSuiteLoader();
}
AlgorithmSuite algorithmSuite = loader.getAlgorithmSuite(bus, spVersion, nestedPolicy);
if (algorithmSuite == null || algorithmSuite.getAlgorithmSuiteType() == null) {
String algorithmSuiteName = null;
if (algorithmSuite != null) {
algorithmSuiteName = algorithmSuite.getFirstInvalidAlgorithmSuite();
}
if (algorithmSuiteName == null) {
algorithmSuiteName = DOMUtils.getFirstElement(nestedPolicyElement).getLocalName();
}
throw new IllegalArgumentException("Algorithm suite \"" + algorithmSuiteName + "\" is not registered");
}
algorithmSuite.setOptional(SPUtils.isOptional(element));
algorithmSuite.setIgnorable(SPUtils.isIgnorable(element));
return algorithmSuite;
}
use of org.apache.neethi.Policy in project cxf by apache.
the class SecureConversationInInterceptor method handleMessageForAction.
void handleMessageForAction(SoapMessage message, String s, AssertionInfoMap aim, Collection<AssertionInfo> ais) {
String addNs = null;
AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null) {
addNs = inProps.getNamespaceURI();
if (s == null) {
// MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
}
if (s != null && s.contains("/RST/SCT") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
SecureConversationToken tok = (SecureConversationToken) ais.iterator().next().getAssertion();
Policy pol = tok.getBootstrapPolicy().getPolicy();
if (s.endsWith("Cancel")) {
// Cancel just sign with the token
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
Policy sctPolicy = new Policy();
ExactlyOne sctPolicyEa = new ExactlyOne();
sctPolicy.addPolicyComponent(sctPolicyEa);
All sctPolicyAll = new All();
sctPolicyAll.addPolicyComponent(secureConversationToken);
sctPolicyEa.addPolicyComponent(sctPolicyAll);
Policy bindingPolicy = new Policy();
ExactlyOne bindingPolicyEa = new ExactlyOne();
bindingPolicy.addPolicyComponent(bindingPolicyEa);
All bindingPolicyAll = new All();
AbstractBinding origBinding = PolicyUtils.getSecurityBinding(aim);
bindingPolicyAll.addPolicyComponent(origBinding.getAlgorithmSuite());
bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, sctPolicy));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
all.addPolicyComponent(binding);
SignedParts signedParts = getSignedParts(aim, addNs);
all.addPolicyComponent(signedParts);
pol = p;
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
} else {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
pol = p.merge(pol);
}
// setup SCT endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, pol, new SecureConversationSTSInvoker(), true);
// recalc based on new endpoint
SoapActionInInterceptor.getAndSetOperation(message, s);
} else {
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
}
assertPolicies(aim);
}
use of org.apache.neethi.Policy in project cxf by apache.
the class SecureConversationTokenInterceptorProvider method setupClient.
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok, boolean endorse) {
if (itok.getBootstrapPolicy() == null || itok.getBootstrapPolicy().getPolicy() == null) {
throw new Fault("The SecureConversationToken does not define a BootstrapPolicy", LOG);
}
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy pol = itok.getBootstrapPolicy().getPolicy();
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
if (endorse) {
SupportingTokens st = new SupportingTokens(SPConstants.SPVersion.SP12, SP12Constants.ENDORSING_SUPPORTING_TOKENS, new Policy());
st.addToken(itok);
all.addPolicyComponent(st);
}
pol = p.merge(pol);
client.setPolicy(pol);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSecureConv(true);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
use of org.apache.neethi.Policy in project cxf by apache.
the class PolicyVerificationInFaultInterceptorTest method testHandleMessage.
@Test
public void testHandleMessage() throws NoSuchMethodException {
Method m = AbstractPolicyInterceptor.class.getDeclaredMethod("getTransportAssertions", new Class[] { Message.class });
PolicyVerificationInFaultInterceptor interceptor = EasyMock.createMockBuilder(PolicyVerificationInFaultInterceptor.class).addMockedMethod(m).createMock(control);
setupMessage(false, false, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, false, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, true, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, true, true);
interceptor.getTransportAssertions(message);
EasyMock.expectLastCall();
EffectivePolicyImpl effectivePolicy = control.createMock(EffectivePolicyImpl.class);
EasyMock.expect(engine.getEffectiveClientFaultPolicy(ei, boi, bfi, message)).andReturn(effectivePolicy);
Policy policy = control.createMock(Policy.class);
EasyMock.expect(effectivePolicy.getPolicy()).andReturn(policy);
aim.checkEffectivePolicy(policy);
EasyMock.expectLastCall().andReturn(null);
control.replay();
interceptor.handleMessage(message);
control.verify();
}
use of org.apache.neethi.Policy in project cxf by apache.
the class ExternalAttachmentProviderTest method testReadDocumentEPRDomainExpression.
@Test
public void testReadDocumentEPRDomainExpression() throws MalformedURLException {
Bus bus = control.createMock(Bus.class);
DomainExpressionBuilderRegistry debr = control.createMock(DomainExpressionBuilderRegistry.class);
EasyMock.expect(bus.getExtension(DomainExpressionBuilderRegistry.class)).andReturn(debr);
DomainExpression de = control.createMock(DomainExpression.class);
EasyMock.expect(debr.build(EasyMock.isA(Element.class))).andReturn(de);
PolicyBuilder pb = control.createMock(PolicyBuilder.class);
EasyMock.expect(bus.getExtension(PolicyBuilder.class)).andReturn(pb).anyTimes();
Policy p = control.createMock(Policy.class);
EasyMock.expect(pb.getPolicy(EasyMock.isA(Element.class))).andReturn(p);
control.replay();
ExternalAttachmentProvider eap = new ExternalAttachmentProvider(bus);
URL url = ExternalAttachmentProviderTest.class.getResource("resources/attachments4.xml");
String uri = url.toExternalForm();
eap.setLocation(new UrlResource(uri));
eap.readDocument();
assertEquals(1, eap.getAttachments().size());
PolicyAttachment pa = eap.getAttachments().iterator().next();
assertSame(p, pa.getPolicy());
assertEquals(1, pa.getDomainExpressions().size());
assertSame(de, pa.getDomainExpressions().iterator().next());
control.verify();
}
Aggregations