Examples of org.apache.cxf.ws.policy.AssertionInfo

• org.apache.cxf.ws.policy.AssertionInfo

    // TODO: This method can be removed when runOutInterceptorAndValidateAsymmetricBinding
    // is cleaned up by adding server side enforcement of signature related algorithms.
    // See https://issues.apache.org/jira/browse/WSS-222
    protected void verifySignatureAlgorithms(Document signedDoc, AssertionInfoMap aim) throws Exception {
        final AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();
        assertNotNull(assertInfo);

        final AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();
        final String expectedSignatureMethod = binding.getAlgorithmSuite().getAsymmetricSignature();
        final String expectedDigestAlgorithm = binding.getAlgorithmSuite().getDigest();
        final String expectedCanonAlgorithm  = binding.getAlgorithmSuite().getInclusiveC14n();

        XPathFactory factory = XPathFactory.newInstance();

        final String rsaSha2SigMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        String policyName = "signed_elements_policy.xml";
        Policy policy = policyBuilder.getPolicy(this.getResourceAsStream(policyName));
        AssertionInfoMap aim = new AssertionInfoMap(policy);

        AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();

        AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();

        // set Signature Algorithm to RSA SHA-256
        binding.getAlgorithmSuite().setAsymmetricSignature(rsaSha2SigMethod);

        String sigMethod = binding.getAlgorithmSuite().getAsymmetricSignature();

        final String sha256 = "http://www.w3.org/2001/04/xmlenc#sha256";
        String policyName = "signed_elements_policy.xml";
        Policy policy = policyBuilder.getPolicy(this.getResourceAsStream(policyName));
        AssertionInfoMap aim = new AssertionInfoMap(policy);

        AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();

        AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();

        // set Digest Algorithm to SHA-256
        binding.getAlgorithmSuite().setDigest(sha256);

        String digestMethod = binding.getAlgorithmSuite().getDigest();

    @Test
    public void testGetBaseRetranmissionInterval() {
        Message message = control.createMock(Message.class);
        AssertionInfoMap aim = control.createMock(AssertionInfoMap.class);
        EasyMock.expect(message.get(AssertionInfoMap.class)).andReturn(aim);
        AssertionInfo ai1 = control.createMock(AssertionInfo.class);
        AssertionInfo ai2 =  control.createMock(AssertionInfo.class);
        AssertionInfo ai3 =  control.createMock(AssertionInfo.class);
        AssertionInfo ai4 =  control.createMock(AssertionInfo.class);
        Collection<AssertionInfo> ais = new ArrayList<AssertionInfo>();
        ais.add(ai1);
        ais.add(ai2);
        ais.add(ai3);
        ais.add(ai4);
        EasyMock.expect(aim.get(RMConstants.getRMAssertionQName())).andReturn(ais);
        JaxbAssertion ja1 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai1.getAssertion()).andReturn(ja1);
        RMAssertion rma1 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja1.getData()).andReturn(rma1);
        EasyMock.expect(rma1.getBaseRetransmissionInterval()).andReturn(null);
        JaxbAssertion ja2 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai2.getAssertion()).andReturn(ja2);
        RMAssertion rma2 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja2.getData()).andReturn(rma2);
        RMAssertion.BaseRetransmissionInterval bri2 =
            control.createMock(RMAssertion.BaseRetransmissionInterval.class);
        EasyMock.expect(rma2.getBaseRetransmissionInterval()).andReturn(bri2);
        EasyMock.expect(bri2.getMilliseconds()).andReturn(null);
        JaxbAssertion ja3 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai3.getAssertion()).andReturn(ja3);
        RMAssertion rma3 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja3.getData()).andReturn(rma3);
        RMAssertion.BaseRetransmissionInterval bri3 =
            control.createMock(RMAssertion.BaseRetransmissionInterval.class);
        EasyMock.expect(rma3.getBaseRetransmissionInterval()).andReturn(bri3);
        EasyMock.expect(bri3.getMilliseconds()).andReturn(new BigInteger("10000"));
        JaxbAssertion ja4 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai4.getAssertion()).andReturn(ja4);
        RMAssertion rma4 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja4.getData()).andReturn(rma4);
        RMAssertion.BaseRetransmissionInterval bri4 =
            control.createMock(RMAssertion.BaseRetransmissionInterval.class);
        EasyMock.expect(rma4.getBaseRetransmissionInterval()).andReturn(bri4);

    @Test
    public void testUseExponentialBackoff() {
        Message message = control.createMock(Message.class);
        AssertionInfoMap aim = control.createMock(AssertionInfoMap.class);
        EasyMock.expect(message.get(AssertionInfoMap.class)).andReturn(aim);
        AssertionInfo ai = control.createMock(AssertionInfo.class);
        Collection<AssertionInfo> ais = new ArrayList<AssertionInfo>();
        EasyMock.expect(aim.get(RMConstants.getRMAssertionQName())).andReturn(ais);
        ais.add(ai);
        JaxbAssertion ja = control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai.getAssertion()).andReturn(ja);
        RMAssertion rma =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja.getData()).andReturn(rma);
        EasyMock.expect(rma.getExponentialBackoff()).andReturn(null);
        control.replay();
        assertTrue("Should not use exponential backoff", !PolicyUtils.useExponentialBackoff(message));

    @Test
    public void testGetAcknowledgmentInterval() {
        Message message = control.createMock(Message.class);
        AssertionInfoMap aim = control.createMock(AssertionInfoMap.class);
        EasyMock.expect(message.get(AssertionInfoMap.class)).andReturn(aim);
        AssertionInfo ai1 = control.createMock(AssertionInfo.class);
        AssertionInfo ai2 =  control.createMock(AssertionInfo.class);
        AssertionInfo ai3 =  control.createMock(AssertionInfo.class);
        AssertionInfo ai4 =  control.createMock(AssertionInfo.class);
        Collection<AssertionInfo> ais = new ArrayList<AssertionInfo>();
        ais.add(ai1);
        ais.add(ai2);
        ais.add(ai3);
        ais.add(ai4);
        EasyMock.expect(aim.get(RMConstants.getRMAssertionQName())).andReturn(ais);
        JaxbAssertion ja1 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai1.getAssertion()).andReturn(ja1);
        RMAssertion rma1 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja1.getData()).andReturn(rma1);
        EasyMock.expect(rma1.getAcknowledgementInterval()).andReturn(null);
        JaxbAssertion ja2 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai2.getAssertion()).andReturn(ja2);
        RMAssertion rma2 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja2.getData()).andReturn(rma2);
        RMAssertion.AcknowledgementInterval aint2 =
            control.createMock(RMAssertion.AcknowledgementInterval.class);
        EasyMock.expect(rma2.getAcknowledgementInterval()).andReturn(aint2);
        EasyMock.expect(aint2.getMilliseconds()).andReturn(null);
        JaxbAssertion ja3 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai3.getAssertion()).andReturn(ja3);
        RMAssertion rma3 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja3.getData()).andReturn(rma3);
        RMAssertion.AcknowledgementInterval aint3 =
            control.createMock(RMAssertion.AcknowledgementInterval.class);
        EasyMock.expect(rma3.getAcknowledgementInterval()).andReturn(aint3);
        EasyMock.expect(aint3.getMilliseconds()).andReturn(new BigInteger("10000"));
        JaxbAssertion ja4 =  control.createMock(JaxbAssertion.class);
        EasyMock.expect(ai4.getAssertion()).andReturn(ja4);
        RMAssertion rma4 =  control.createMock(RMAssertion.class);
        EasyMock.expect(ja4.getData()).andReturn(rma4);
        RMAssertion.AcknowledgementInterval aint4 =
            control.createMock(RMAssertion.AcknowledgementInterval.class);
        EasyMock.expect(rma4.getAcknowledgementInterval()).andReturn(aint4);

    @Test
    public void testUseExponentialBackoff() {
        Message message = createMock(Message.class);
        AssertionInfoMap aim = createMock(AssertionInfoMap.class);
        EasyMock.expect(message.get(AssertionInfoMap.class)).andReturn(aim);
        AssertionInfo ai = createMock(AssertionInfo.class);
        Collection<AssertionInfo> ais = new ArrayList<AssertionInfo>();
        EasyMock.expect(aim.get(RMConstants.getRMAssertionQName())).andReturn(ais);
        ais.add(ai);
        JaxbAssertion ja = createMock(JaxbAssertion.class);
        EasyMock.expect(ai.getAssertion()).andReturn(ja);
        EasyMock.expect(ja.getData()).andReturn(rma);
        EasyMock.expect(rma.getExponentialBackoff()).andReturn(null);
        control.replay();
        assertTrue("Should not use exponential backoff", !queue.useExponentialBackoff(message));
        control.verify();

        }
        return secRefSaml;
    }

    protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
        AssertionInfo info = null;
        Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == token) {
                info = ai;
                if (!isRequestor()) {
                    info.setAsserted(true);
                    return null;
                }
            }
        }

        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
        if (!StringUtils.isEmpty(userName)) {
            WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
            // If NoPassword property is set we don't need to set the password
            if (token.isNoPassword()) {
                utBuilder.setUserInfo(userName, null);
                utBuilder.setPasswordType(null);
            } else {
                String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
                if (StringUtils.isEmpty(password)) {
                    password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
                }

                if (!StringUtils.isEmpty(password)) {
                    // If the password is available then build the token
                    if (token.isHashPassword()) {
                        utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
                    } else {
                        utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
                    }
                    utBuilder.setUserInfo(userName, password);
                } else {
                    policyNotAsserted(token, "No password available");
                    return null;
                }
            }

            if (token.isRequireCreated() && !token.isHashPassword()) {
                utBuilder.addCreated();
            }
            if (token.isRequireNonce() && !token.isHashPassword()) {
                utBuilder.addNonce();
            }

            info.setAsserted(true);
            return utBuilder;
        } else {
            policyNotAsserted(token, "No username available");
            return null;
        }

            return null;
        }
    }

    protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) {
        AssertionInfo info = null;
        Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == token) {
                info = ai;
                if (!isRequestor()) {
                    info.setAsserted(true);
                    return null;
                }
            }
        }

        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
        if (!StringUtils.isEmpty(userName)) {
            WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);

            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
            if (StringUtils.isEmpty(password)) {
                password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
            }

            if (!StringUtils.isEmpty(password)) {
                // If the password is available then build the token
                utBuilder.setUserInfo(userName, password);
                utBuilder.addDerivedKey(useMac, null, 1000);
                utBuilder.prepare(saaj.getSOAPPart());
            } else {
                policyNotAsserted(token, "No password available");
                return null;
            }

            info.setAsserted(true);
            return utBuilder;
        } else {
            policyNotAsserted(token, "No username available");
            return null;
        }

            return null;
        }
    }

    protected AssertionWrapper addSamlToken(SamlToken token) throws WSSecurityException {
        AssertionInfo info = null;
        Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == token) {
                info = ai;
                if (!isRequestor()) {
                    info.setAsserted(true);
                    return null;
                }
            }
        }

        //
        // Get the SAML CallbackHandler
        //
        Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);

        CallbackHandler handler = null;
        if (o instanceof CallbackHandler) {
            handler = (CallbackHandler)o;
        } else if (o instanceof String) {
            try {
                handler = (CallbackHandler)ClassLoaderUtils
                    .loadClass((String)o, this.getClass()).newInstance();
            } catch (Exception e) {
                handler = null;
            }
        }
        if (handler == null) {
            policyNotAsserted(token, "No SAML CallbackHandler available");
            return null;
        }

        SAMLParms samlParms = new SAMLParms();
        samlParms.setCallbackHandler(handler);
        if (token.isUseSamlVersion11Profile10() || token.isUseSamlVersion11Profile11()) {
            samlParms.setSAMLVersion(SAMLVersion.VERSION_11);
        } else if (token.isUseSamlVersion20Profile11()) {
            samlParms.setSAMLVersion(SAMLVersion.VERSION_20);
        }
        info.setAsserted(true);
        AssertionWrapper assertion = new AssertionWrapper(samlParms);

        boolean selfSignAssertion =
            MessageUtils.getContextualBoolean(
                message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false