ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1305513 - in /webservices/wss4j/branches/swssf/streaming-ws-policy/src: main/java/org/swssf/policy/assertionStates/ test/java/org/swssf/policy/test/
Date Mon, 26 Mar 2012 19:36:10 GMT
Author: giger
Date: Mon Mar 26 19:36:09 2012
New Revision: 1305513

URL: http://svn.apache.org/viewvc?rev=1305513&view=rev
Log:
DerivedKeys assertion tests and fixes. WSS-376

Added:
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java   (with props)
Modified:
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -55,33 +55,32 @@ public class HttpsTokenAssertionState ex
         HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
         HttpsToken httpsToken = (HttpsToken) abstractToken;
 
-        setAsserted(true);
         if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
-            setAsserted(false);
             setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
+            return false;
         }
         if (httpsToken.getAuthenticationType() != null) {
             switch (httpsToken.getAuthenticationType()) {
                 case HttpBasicAuthentication:
                     if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
-                        setAsserted(false);
                         setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+                        return false;
                     }
                     break;
                 case HttpDigestAuthentication:
                     if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
-                        setAsserted(false);
                         setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+                        return false;
                     }
                     break;
                 case RequireClientCertificate:
                     if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
-                        setAsserted(false);
                         setErrorMessage("Policy enforces HttClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+                        return false;
                     }
                     break;
             }
         }
-        return isAsserted();
+        return true;
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -63,8 +63,6 @@ public class IssuedTokenAssertionState e
             }
         }
         //todo internal/external reference?
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -77,8 +77,6 @@ public class KerberosTokenAssertionState
             }
         }
         //todo
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -58,8 +58,6 @@ public class KeyValueTokenAssertionState
             setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a " + keyValueTokenSecurityEvent.getKeyValueTokenType() + "KeyValue");
             return false;
         }
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -62,8 +62,6 @@ public class RelTokenAssertionState exte
 
         //todo RequireKeyIdentifierReference
         //todo WssRelV*
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -92,7 +92,6 @@ public class SamlTokenAssertionState ext
                     return false;
             }
         }
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -64,7 +64,6 @@ public class SecureConversationTokenAsse
         }
         //todo sp:SC13SecurityContextToken:
         //todo MustNotSendCancel etc...
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -63,8 +63,6 @@ public class SecurityContextTokenAsserti
             return false;
         }
         //todo sp:SC13SecurityContextToken:
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -61,8 +61,6 @@ public class SpnegoContextTokenAssertion
             }
         }
         //todo MustNotSend*
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -117,15 +117,17 @@ public abstract class TokenAssertionStat
             return true;
         }
 
+        boolean asserted = true;
+
         //WSP1.3, 5.1 Token Inclusion
         //todo do we need a global token cache to fullfill ".../IncludeToken/Once" ?
         SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
         if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
-            setAsserted(false);
             setErrorMessage("Token must not be included");
-            return false;
+            asserted = false;
         }
 
+        //WSP1.3, 5.3 Token Properties
         boolean hasDerivedKeys = false;
         hasDerivedKeys = hasDerivedKeys(tokenSecurityEvent.getSecurityToken());
         if (abstractToken.getDerivedKeys() != null) {
@@ -135,18 +137,21 @@ public abstract class TokenAssertionStat
                 case RequireExplicitDerivedKeys:
                 case RequireImpliedDerivedKeys:
                     if (!hasDerivedKeys) {
-                        setAsserted(false);
                         setErrorMessage("Derived key must be used");
+                        asserted = false;
                     }
             }
         } else {
             if (hasDerivedKeys) {
-                setAsserted(false);
                 setErrorMessage("Derived key must not be used");
+                asserted = false;
             }
         }
 
-        boolean asserted = assertToken(tokenSecurityEvent, abstractToken);
+        asserted &= assertToken(tokenSecurityEvent, abstractToken);
+        if (asserted) {
+            setAsserted(true);
+        }
         if (!asserted && (tokenUsages.contains(SecurityToken.TokenUsage.MainSignature)
                 || tokenUsages.contains(SecurityToken.TokenUsage.MainEncryption))) {
             //return false if not asserted for the main signature and encryption tokens

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -98,7 +98,6 @@ public class UsernameTokenAssertionState
                     break;
             }
         }
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -127,8 +127,6 @@ public class X509TokenAssertionState ext
             setErrorMessage(e.getMessage());
             return false;
         }
-
-        setAsserted(true);
         //always return true to prevent false alarm in case additional tokens with the same usage
         //appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
         return true;

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java?rev=1305513&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java Mon Mar 26 19:36:09 2012
@@ -0,0 +1,478 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.X509SecurityToken;
+import org.swssf.wss.securityEvent.*;
+import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class DerivedKeyTests extends AbstractPolicyTestBase {
+
+    @Test
+    public void testDerivedKeyInitiatorTokenPolicy() throws Exception {
+        String policyString =
+                "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "<sp:InitiatorToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:InitiatorToken>\n" +
+                        "<sp:RecipientToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:RecipientToken>\n" +
+                        "</wsp:Policy>\n" +
+                        "</sp:AsymmetricBinding>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+        initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+        X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+        recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+        List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+        protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+        protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+        SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+
+        policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+        policyEnforcer.doFinal();
+    }
+
+    @Test
+    public void testDerivedKeyInitiatorTokenPolicyNegative() throws Exception {
+        String policyString =
+                "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "<sp:InitiatorToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:InitiatorToken>\n" +
+                        "<sp:RecipientToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:RecipientToken>\n" +
+                        "</wsp:Policy>\n" +
+                        "</sp:AsymmetricBinding>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+        initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+        X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+        recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+        List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+        protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+        protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+        SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        try {
+            policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            Assert.fail("Exception expected");
+        } catch (WSSecurityException e) {
+            Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+                    "\torg.swssf.policy.PolicyViolationException: \n" +
+                    "Derived key must be used");
+        }
+    }
+
+    @Test
+    public void testDerivedKeyRecipientTokenPolicyNegative() throws Exception {
+        String policyString =
+                "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "<sp:InitiatorToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:InitiatorToken>\n" +
+                        "<sp:RecipientToken>\n" +
+                        "   <wsp:Policy>\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:RecipientToken>\n" +
+                        "</wsp:Policy>\n" +
+                        "</sp:AsymmetricBinding>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+        initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+        X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+        recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+        List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+        protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+        protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+        SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+        contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+        policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        try {
+            policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            Assert.fail("Exception expected");
+        } catch (WSSecurityException e) {
+            Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+                    "\torg.swssf.policy.PolicyViolationException: \n" +
+                    "Derived key must be used");
+        }
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicy() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+        policyEnforcer.doFinal();
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicyNegative() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        try {
+            policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            Assert.fail("Exception expected");
+        } catch (WSSecurityException e) {
+            Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+                    "\torg.apache.ws.secpolicy.WSSPolicyException: \n" +
+                    "Derived key must be used");
+        }
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicyAdditionalToken() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+        policyEnforcer.doFinal();
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicyAdditionalTokenNegative() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V1Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+
+        try {
+            policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            Assert.fail("Exception expected");
+        } catch (WSSecurityException e) {
+            Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
+        }
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V1Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+        policyEnforcer.doFinal();
+    }
+
+    @Test
+    public void testDerivedKeySupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
+        String policyString =
+                "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+                        "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "       <sp:X509Token>\n" +
+                        "           <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+                        "           <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+                        "               <sp:RequireDerivedKeys/>\n" +
+                        "           </wsp:Policy>\n" +
+                        "       </sp:X509Token>\n" +
+                        "   </wsp:Policy>\n" +
+                        "</sp:SupportingTokens>";
+
+        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+        X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        X509SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        x509TokenSecurityEvent = new X509TokenSecurityEvent();
+        securityToken = getX509Token(WSSConstants.X509V3Token);
+        securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+        x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+        derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+        securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+        policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+        OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+        operationSecurityEvent.setOperation(new QName("definitions"));
+        policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+        policyEnforcer.doFinal();
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



Mime
View raw message