Making building the docker images optional in spring_boot_scan
[cxf.git] / rt / ws / security / src / test / java / org / apache / cxf / ws / security / wss4j / PluggablePolicyValidatorTest.java
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.cxf.ws.security.wss4j;
20
21 import java.util.Arrays;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26
27 import javax.xml.namespace.QName;
28
29 import org.w3c.dom.Document;
30
31 import org.apache.cxf.binding.soap.SoapMessage;
32 import org.apache.cxf.ws.policy.AssertionInfo;
33 import org.apache.cxf.ws.policy.AssertionInfoMap;
34 import org.apache.cxf.ws.policy.PolicyException;
35 import org.apache.cxf.ws.security.SecurityConstants;
36 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
37 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
38 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
39 import org.apache.neethi.Policy;
40 import org.apache.wss4j.policy.SP12Constants;
41 import org.junit.Test;
42
43 /**
44 * A test for plugging in custom SecurityPolicy Validators
45 */
46 public class PluggablePolicyValidatorTest extends AbstractPolicySecurityTest {
47
48 @Test
49 public void testEncryptedElementsPolicyValidator() throws Exception {
50 // This should work (body content is encrypted)
51 this.runInInterceptorAndValidate(
52 "encrypted_body_content.xml",
53 "content_encrypted_elements_policy.xml",
54 Arrays.asList(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS),
55 null,
56 Arrays.asList(CoverageType.ENCRYPTED),
57 null);
58
59 // This should fail (body content is encrypted, not the element)
60 this.runInInterceptorAndValidate(
61 "encrypted_body_content.xml",
62 "encrypted_elements_policy2.xml",
63 null,
64 Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
65 Arrays.asList(CoverageType.ENCRYPTED),
66 null);
67
68 // Now plug in a custom SecurityPolicyValidator to allow the EncryptedElements policy
69 // to pass
70 Map<QName, SecurityPolicyValidator> validators = new HashMap<>();
71 validators.put(SP12Constants.ENCRYPTED_ELEMENTS, new NOOpPolicyValidator());
72 this.runInInterceptorAndValidate(
73 "encrypted_body_content.xml",
74 "encrypted_elements_policy2.xml",
75 Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
76 null,
77 Arrays.asList(CoverageType.ENCRYPTED),
78 validators);
79 }
80
81 private void runInInterceptorAndValidate(
82 String document, String policyDocument, List<QName> assertedInAssertions,
83 List<QName> notAssertedInAssertions, List<CoverageType> types,
84 Map<QName, SecurityPolicyValidator> validators
85 ) throws Exception {
86
87 final Policy policy =
88 this.policyBuilder.getPolicy(this.readDocument(policyDocument).getDocumentElement());
89
90 final Document doc = this.readDocument(document);
91
92 final AssertionInfoMap aim = new AssertionInfoMap(policy);
93
94 this.runInInterceptorAndValidateWss(doc, aim, types, validators);
95
96 try {
97 aim.checkEffectivePolicy(policy);
98 } catch (PolicyException e) {
99 // Expected but not relevant
100 } finally {
101 if (assertedInAssertions != null) {
102 for (QName assertionType : assertedInAssertions) {
103 Collection<AssertionInfo> ais = aim.get(assertionType);
104 assertNotNull(ais);
105 for (AssertionInfo ai : ais) {
106 checkAssertion(aim, assertionType, ai, true);
107 }
108 }
109 }
110
111 if (notAssertedInAssertions != null) {
112 for (QName assertionType : notAssertedInAssertions) {
113 Collection<AssertionInfo> ais = aim.get(assertionType);
114 assertNotNull(ais);
115 for (AssertionInfo ai : ais) {
116 checkAssertion(aim, assertionType, ai, false);
117 }
118 }
119 }
120 }
121 }
122
123 private void runInInterceptorAndValidateWss(
124 Document document, AssertionInfoMap aim, List<CoverageType> types,
125 Map<QName, SecurityPolicyValidator> validators
126 ) throws Exception {
127
128 PolicyBasedWSS4JInInterceptor inHandler = this.getInInterceptor(types);
129
130 SoapMessage inmsg = this.getSoapMessageForDom(document, aim);
131
132 if (validators != null) {
133 inmsg.put(SecurityConstants.POLICY_VALIDATOR_MAP, validators);
134 }
135
136 inHandler.handleMessage(inmsg);
137
138 for (CoverageType type : types) {
139 switch(type) {
140 case SIGNED:
141 this.verifyWss4jSigResults(inmsg);
142 break;
143 case ENCRYPTED:
144 this.verifyWss4jEncResults(inmsg);
145 break;
146 default:
147 fail("Unsupported coverage type.");
148 }
149 }
150 }
151
152 private static class NOOpPolicyValidator implements SecurityPolicyValidator {
153
154 @Override
155 public boolean canValidatePolicy(AssertionInfo assertionInfo) {
156 return true;
157 }
158
159 @Override
160 public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
161 for (AssertionInfo ai : ais) {
162 ai.setAsserted(true);
163 }
164 }
165
166 };
167
168 }