[1/2] cxf git commit: [CXF-6334] - Add the ability to plug in custom security policy validators for various assertions

Wed, 08 Apr 2015 06:52:22 -0700 

Repository: cxf
Updated Branches:
  refs/heads/master 8de3bacf5 -> 0ab9416fd


[CXF-6334] - Add the ability to plug in custom security policy validators for 
various assertions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ab9416f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ab9416f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ab9416f

Branch: refs/heads/master
Commit: 0ab9416fda31298e485f2a6864c263447e4b32de
Parents: 449a10c
Author: Colm O hEigeartaigh <[email protected]>
Authored: Wed Apr 8 14:51:08 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Wed Apr 8 14:51:26 2015 +0100

----------------------------------------------------------------------
 .../wss4j/PluggablePolicyValidatorTest.java     | 168 +++++++++++++++++++
 1 file changed, 168 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0ab9416f/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java
 
b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java
new file mode 100644
index 0000000..26cd7c5
--- /dev/null
+++ 
b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java
@@ -0,0 +1,168 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import 
org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
+import 
org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
+import org.apache.neethi.Policy;
+import org.apache.wss4j.policy.SP12Constants;
+import org.junit.Test;
+
+/**
+ * A test for plugging in custom SecurityPolicy Validators
+ */
+public class PluggablePolicyValidatorTest extends AbstractPolicySecurityTest {
+
+    @Test
+    public void testEncryptedElementsPolicyValidator() throws Exception {
+        // This should work (body content is encrypted)
+        this.runInInterceptorAndValidate(
+            "encrypted_body_content.xml",
+            "content_encrypted_elements_policy.xml",
+            Arrays.asList(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS),
+            null,
+            Arrays.asList(CoverageType.ENCRYPTED),
+            null);
+        
+        // This should fail (body content is encrypted, not the element)
+        this.runInInterceptorAndValidate(
+            "encrypted_body_content.xml",
+            "encrypted_elements_policy2.xml",
+            null,
+            Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
+            Arrays.asList(CoverageType.ENCRYPTED),
+            null);
+        
+        // Now plug in a custom SecurityPolicyValidator to allow the 
EncryptedElements policy
+        // to pass
+        Map<QName, SecurityPolicyValidator> validators = new HashMap<>();
+        validators.put(SP12Constants.ENCRYPTED_ELEMENTS, new 
NOOpPolicyValidator());
+        this.runInInterceptorAndValidate(
+            "encrypted_body_content.xml",
+            "encrypted_elements_policy2.xml",
+            Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
+            null,
+            Arrays.asList(CoverageType.ENCRYPTED),
+            validators);
+    }
+  
+    private void runInInterceptorAndValidate(
+        String document, String policyDocument, List<QName> 
assertedInAssertions,
+        List<QName> notAssertedInAssertions, List<CoverageType> types,
+        Map<QName, SecurityPolicyValidator> validators
+    ) throws Exception {
+
+        final Policy policy = 
+            
this.policyBuilder.getPolicy(this.readDocument(policyDocument).getDocumentElement());
+
+        final Document doc = this.readDocument(document);
+
+        final AssertionInfoMap aim = new AssertionInfoMap(policy);
+
+        this.runInInterceptorAndValidateWss(doc, aim, types, validators);
+
+        try {
+            aim.checkEffectivePolicy(policy);
+        } catch (PolicyException e) {
+            // Expected but not relevant
+        } finally {
+            if (assertedInAssertions != null) {
+                for (QName assertionType : assertedInAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        checkAssertion(aim, assertionType, ai, true);
+                    }
+                }
+            }
+
+            if (notAssertedInAssertions != null) {
+                for (QName assertionType : notAssertedInAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        checkAssertion(aim, assertionType, ai, false);
+                    }
+                }
+            }
+        }
+    }
+                                       
+    private void runInInterceptorAndValidateWss(
+        Document document, AssertionInfoMap aim, List<CoverageType> types,
+        Map<QName, SecurityPolicyValidator> validators
+    ) throws Exception {
+                                              
+        PolicyBasedWSS4JInInterceptor inHandler = this.getInInterceptor(types);
+
+        SoapMessage inmsg = this.getSoapMessageForDom(document, aim);
+        
+        if (validators != null) {
+            inmsg.put(SecurityConstants.POLICY_VALIDATOR_MAP, validators);
+        }
+
+        inHandler.handleMessage(inmsg);
+
+        for (CoverageType type : types) {
+            switch(type) {
+            case SIGNED:
+                this.verifyWss4jSigResults(inmsg);
+                break;
+            case ENCRYPTED:
+                this.verifyWss4jEncResults(inmsg);
+                break;
+            default:
+                fail("Unsupported coverage type.");
+            }
+        }
+    }
+    
+    private static class NOOpPolicyValidator implements 
SecurityPolicyValidator {
+
+        @Override
+        public boolean canValidatePolicy(AssertionInfo assertionInfo) {
+            return true;
+        }
+
+        @Override
+        public void validatePolicies(PolicyValidatorParameters parameters, 
Collection<AssertionInfo> ais) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }
+        }
+        
+    };
+    
+}

Reply via email to