1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import java.util.ArrayList;
22 import java.util.LinkedList;
23 import java.util.List;
24
25 import javax.xml.namespace.QName;
26
27 import org.apache.wss4j.common.ext.WSSecurityException;
28 import org.apache.wss4j.policy.stax.PolicyViolationException;
29 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
30 import org.apache.wss4j.stax.ext.WSSConstants;
31 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
32 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
33 import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
34 import org.junit.jupiter.api.Test;
35
36 import static org.junit.jupiter.api.Assertions.assertEquals;
37 import static org.junit.jupiter.api.Assertions.assertTrue;
38 import static org.junit.jupiter.api.Assertions.fail;
39
40 public class EncryptedElementsTest extends AbstractPolicyTestBase {
41
42 @Test
43 public void testPolicy() throws Exception {
44 String policyString =
45 "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
46 "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
47 "</sp:EncryptedElements>";
48 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
49
50 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
51 operationSecurityEvent.setOperation(new QName("definitions"));
52 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
53
54 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
55 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
56 protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
57 EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
58 encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
59 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
60 List<QName> headerPath = new ArrayList<>();
61 headerPath.add(new QName("http://example.org", "a"));
62 encryptedElementSecurityEvent.setElementPath(headerPath);
63 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
64
65 headerPath = new ArrayList<>();
66 headerPath.add(new QName("http://example.org", "b"));
67 encryptedElementSecurityEvent.setElementPath(headerPath);
68 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
69 policyEnforcer.doFinal();
70 }
71
72 @Test
73 public void testPolicyMultipleAssertionEventsNegative() throws Exception {
74 String policyString =
75 "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
76 "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
77 "</sp:EncryptedElements>";
78 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
79
80 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
81 operationSecurityEvent.setOperation(new QName("definitions"));
82 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
83
84 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
85 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
86 protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
87 EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
88 encryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
89 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
90 encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, null);
91 List<QName> headerPath = new ArrayList<>();
92 headerPath.add(new QName("http://example.org", "a"));
93 encryptedElementSecurityEvent.setElementPath(headerPath);
94 try {
95 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
96 fail("Exception expected");
97 } catch (WSSecurityException e) {
98 assertTrue(e.getCause() instanceof PolicyViolationException);
99 assertEquals(e.getCause().getMessage(),
100 "Element /{http://example.org}a must be encrypted");
101 assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);
102 }
103 }
104 }