ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1305502 - in /webservices/wss4j/branches/swssf: streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ streaming-ws-policy/src/test/java/org/swssf/policy/test/ streaming-ws-security/src/main/java/org/swssf/wss/ext/ streaming-w...
Date Mon, 26 Mar 2012 19:24:44 GMT
Author: giger
Date: Mon Mar 26 19:24:43 2012
New Revision: 1305502

URL: http://svn.apache.org/viewvc?rev=1305502&view=rev
Log:
KeyValueToken policy verification WSS-381 WSS-378

Modified:
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/KeyValueTokenSecurityEvent.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
Mon Mar 26 19:24:43 2012
@@ -54,8 +54,8 @@ public class KeyValueTokenAssertionState
 
         KeyValueTokenSecurityEvent keyValueTokenSecurityEvent = (KeyValueTokenSecurityEvent)
tokenSecurityEvent;
         KeyValueToken keyValueToken = (KeyValueToken) abstractToken;
-        if (keyValueToken.isRsaKeyValue() && !keyValueTokenSecurityEvent.isRsaKeyValue())
{
-            setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken");
+        if (keyValueToken.isRsaKeyValue() && keyValueTokenSecurityEvent.getKeyValueTokenType()
!= KeyValueTokenSecurityEvent.KeyValueTokenType.RSA) {
+            setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken
but we got a " + keyValueTokenSecurityEvent.getKeyValueTokenType() + "KeyValue");
             return false;
         }
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
Mon Mar 26 19:24:43 2012
@@ -79,6 +79,10 @@ public class AbstractPolicyTestBase exte
     }
 
     public X509SecurityToken getX509Token(WSSConstants.TokenType tokenType) throws Exception
{
+        return getX509Token(tokenType, "transmitter");
+    }
+
+    public X509SecurityToken getX509Token(WSSConstants.TokenType tokenType, final String
keyAlias) throws Exception {
 
         final KeyStore keyStore = KeyStore.getInstance("jks");
         keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"),
"default".toCharArray());
@@ -86,13 +90,13 @@ public class AbstractPolicyTestBase exte
         return new X509SecurityToken(tokenType, null, null, null, "", WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER)
{
             @Override
             protected String getAlias() throws XMLSecurityException {
-                return "transmitter";
+                return keyAlias;
             }
 
             @Override
             public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage)
throws XMLSecurityException {
                 try {
-                    return keyStore.getKey("transmitter", "default".toCharArray());
+                    return keyStore.getKey(keyAlias, "default".toCharArray());
                 } catch (Exception e) {
                     throw new XMLSecurityException(e.getMessage(), e);
                 }
@@ -101,7 +105,7 @@ public class AbstractPolicyTestBase exte
             @Override
             public PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage
keyUsage) throws XMLSecurityException {
                 try {
-                    return keyStore.getCertificate("transmitter").getPublicKey();
+                    return keyStore.getCertificate(keyAlias).getPublicKey();
                 } catch (Exception e) {
                     throw new XMLSecurityException(e.getMessage(), e);
                 }
@@ -111,7 +115,7 @@ public class AbstractPolicyTestBase exte
             public X509Certificate[] getX509Certificates() throws XMLSecurityException {
                 Certificate[] certificates;
                 try {
-                    certificates = keyStore.getCertificateChain("transmitter");
+                    certificates = keyStore.getCertificateChain(keyAlias);
                 } catch (Exception e) {
                     throw new XMLSecurityException(e.getMessage(), e);
                 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
Mon Mar 26 19:24:43 2012
@@ -19,13 +19,16 @@
 package org.swssf.policy.test;
 
 import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
 import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.securityEvent.ContentEncryptedElementSecurityEvent;
 import org.swssf.wss.securityEvent.KeyValueTokenSecurityEvent;
 import org.swssf.wss.securityEvent.OperationSecurityEvent;
 import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
 import org.swssf.xmlsec.ext.SecurityToken;
 import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.testng.Assert;
 import org.testng.annotations.Test;
 
 import javax.xml.namespace.QName;
@@ -67,14 +70,12 @@ public class KeyValueTokenTest extends A
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         KeyValueTokenSecurityEvent initiatorTokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        initiatorTokenSecurityEvent.setRsaKeyValue(true);
         SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
         initiatorTokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
 
         KeyValueTokenSecurityEvent recipientTokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        recipientTokenSecurityEvent.setRsaKeyValue(true);
         securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
         recipientTokenSecurityEvent.setSecurityToken(securityToken);
@@ -98,5 +99,66 @@ public class KeyValueTokenTest extends A
         policyEnforcer.doFinal();
     }
 
-    //todo more tests
+    @Test
+    public void testPolicyNegative() throws Exception {
+        String policyString =
+
+                "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\"
xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n"
+
+                        "<sp:InitiatorToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:KeyValueToken>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n"
+
+                        "               <sp:RsaKeyValue/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:KeyValueToken>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:InitiatorToken>\n" +
+                        "<sp:RecipientToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:KeyValueToken>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n"
+
+                        "               <sp:RsaKeyValue/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:KeyValueToken>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:RecipientToken>\n" +
+                        "</wsp:Policy>\n" +
+                        "</sp:AsymmetricBinding>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        KeyValueTokenSecurityEvent initiatorTokenSecurityEvent = new KeyValueTokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-ecdsa");
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+        initiatorTokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(initiatorTokenSecurityEvent);
+
+        KeyValueTokenSecurityEvent recipientTokenSecurityEvent = new KeyValueTokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+        recipientTokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(recipientTokenSecurityEvent);
+
+        List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+        protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+        protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+        SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(),
true, protectionOrder);
+        signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientTokenSecurityEvent.getSecurityToken(),
true, protectionOrder);
+        contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        try {
+            policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            Assert.fail("Exception expected");
+        } catch (WSSecurityException e) {
+            Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+            Assert.assertEquals(e.getCause().getMessage(), "\n" +
+                    "Policy enforces that a RsaKeyValue must be present in the KeyValueToken
but we got a ECKeyValue");
+        }
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SupportingTokensTest.java
Mon Mar 26 19:24:43 2012
@@ -1412,14 +1412,12 @@ public class SupportingTokensTest extend
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
 
         KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(true);
         SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
 
         tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(true);
         securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
@@ -1448,15 +1446,13 @@ public class SupportingTokensTest extend
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
 
         KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(false);
-        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-dsa");
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
 
         tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(false);
-        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken = getX509Token(WSSConstants.X509V3Token, "transmitter-dsa");
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
@@ -1488,14 +1484,12 @@ public class SupportingTokensTest extend
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
 
         KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(true);
         SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
 
         tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(false);
         securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
@@ -1524,14 +1518,12 @@ public class SupportingTokensTest extend
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
 
         KeyValueTokenSecurityEvent tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(false);
         SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);
         policyEnforcer.registerSecurityEvent(tokenSecurityEvent);
 
         tokenSecurityEvent = new KeyValueTokenSecurityEvent();
-        tokenSecurityEvent.setRsaKeyValue(true);
         securityToken = getX509Token(WSSConstants.X509V3Token);
         securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
         tokenSecurityEvent.setSecurityToken(securityToken);

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
Mon Mar 26 19:24:43 2012
@@ -428,7 +428,7 @@ public class WSSUtils extends XMLSecurit
         } else if (tokenType == WSSConstants.HttpsToken) {
             tokenSecurityEvent = new HttpsTokenSecurityEvent();
         } else if (tokenType == WSSConstants.KeyValueToken) {
-            tokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+            tokenSecurityEvent = new KeyValueTokenSecurityEvent();
         } else if (tokenType == WSSConstants.DerivedKeyToken) {
             tokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
         } else if (tokenType == WSSConstants.EncryptedKeyToken) {

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/KeyValueTokenSecurityEvent.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/KeyValueTokenSecurityEvent.java?rev=1305502&r1=1305501&r2=1305502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/KeyValueTokenSecurityEvent.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/KeyValueTokenSecurityEvent.java
Mon Mar 26 19:24:43 2012
@@ -18,23 +18,32 @@
  */
 package org.swssf.wss.securityEvent;
 
+import org.swssf.xmlsec.ext.XMLSecurityException;
+
 /**
  * @author $Author$
  * @version $Revision$ $Date$
  */
 public class KeyValueTokenSecurityEvent extends TokenSecurityEvent {
 
-    private boolean rsaKeyValue = false;
+    public enum KeyValueTokenType {
+        RSA,
+        DSA,
+        EC
+    }
 
     public KeyValueTokenSecurityEvent() {
         super(Event.KeyValueToken);
     }
 
-    public boolean isRsaKeyValue() {
-        return rsaKeyValue;
-    }
-
-    public void setRsaKeyValue(boolean rsaKeyValue) {
-        this.rsaKeyValue = rsaKeyValue;
+    public KeyValueTokenType getKeyValueTokenType() {
+        try {
+            String algo = getSecurityToken().getPublicKey(null, null).getAlgorithm();
+            return KeyValueTokenType.valueOf(algo);
+        } catch (IllegalArgumentException e) {
+            return null;
+        } catch (XMLSecurityException e) {
+            return null;
+        }
     }
 }



Mime
View raw message