/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.policy.stax.test;
import org.apache.neethi.builders.AssertionBuilder;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcerFactory;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.setup.WSSec;
import org.apache.wss4j.stax.impl.securityToken.*;
import org.apache.wss4j.stax.test.AbstractTestBase;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.binding.xmldsig11.NamedCurveType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
public class AbstractPolicyTestBase extends AbstractTestBase {
@BeforeClass
public static void setUp() throws Exception {
WSProviderConfig.init();
Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
}
@AfterClass
public static void cleanup() throws Exception {
SecurityTestUtil.cleanup();
}
protected PolicyEnforcer buildAndStartPolicyEngine(String policyString)
throws ParserConfigurationException, SAXException, IOException, WSSPolicyException {
return this.buildAndStartPolicyEngine(policyString, false);
}
protected PolicyEnforcer buildAndStartPolicyEngine(String policyString, boolean replacePolicyElement)
throws ParserConfigurationException, SAXException, IOException, WSSPolicyException {
return buildAndStartPolicyEngine(policyString, replacePolicyElement, null);
}
protected PolicyEnforcer buildAndStartPolicyEngine(
String policyString, boolean replacePolicyElement, List<AssertionBuilder<Element>> customAssertionBuilders)
throws ParserConfigurationException, SAXException, IOException, WSSPolicyException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setValidating(false);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
Document document = documentBuilder.parse(
this.getClass().getClassLoader().getResourceAsStream("testdata/wsdl/wsdl-template.wsdl"));
NodeList nodeList = document.getElementsByTagNameNS("*", SPConstants.P_LOCALNAME);
Document policyDocument = documentBuilder.parse(new ByteArrayInputStream(policyString.getBytes(StandardCharsets.UTF_8)));
Node policyNode = document.importNode(policyDocument.getDocumentElement(), true);
Element element = (Element) nodeList.item(0);
if (replacePolicyElement) {
element.getParentNode().replaceChild(element, policyNode);
} else {
element.appendChild(policyNode);
}
PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(document, customAssertionBuilders);
PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("", false, null, 0);
return policyEnforcer;
}
public X509SecurityTokenImpl getX509Token(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
return getX509Token(tokenType, "transmitter");
}
public X509SecurityTokenImpl getX509Token(WSSecurityTokenConstants.TokenType tokenType, final String keyAlias) throws Exception {
final KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
X509SecurityTokenImpl x509SecurityToken =
new X509SecurityTokenImpl(
tokenType, null, null, null, IDGenerator.generateID(null),
WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER, null, true) {
@Override
protected String getAlias() throws XMLSecurityException {
return keyAlias;
}
@Override
public List<QName> getElementPath() {
List<QName> elementPath = super.getElementPath();
if (elementPath != null) {
return elementPath;
}
return Collections.emptyList();
}
};
x509SecurityToken.setSecretKey("", keyStore.getKey(keyAlias, "default".toCharArray()));
x509SecurityToken.setPublicKey(keyStore.getCertificate(keyAlias).getPublicKey());
Certificate[] certificates;
try {
certificates = keyStore.getCertificateChain(keyAlias);
} catch (Exception e) {
throw new XMLSecurityException(e);
}
X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
for (int i = 0; i < certificates.length; i++) {
Certificate certificate = certificates[i];
x509Certificates[i] = (X509Certificate) certificate;
}
x509SecurityToken.setX509Certificates(x509Certificates);
return x509SecurityToken;
}
public KerberosServiceSecurityTokenImpl getKerberosServiceSecurityToken(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
return new KerberosServiceSecurityTokenImpl(
null, null, null, null, IDGenerator.generateID(null),
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
}
public HttpsSecurityTokenImpl getHttpsSecurityToken(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
return new HttpsSecurityTokenImpl(getX509Token(tokenType).getX509Certificates()[0]);
}
public RsaKeyValueSecurityTokenImpl getRsaKeyValueSecurityToken() throws Exception {
return new RsaKeyValueSecurityTokenImpl(null, null, null, null, null);
}
public DsaKeyValueSecurityTokenImpl getDsaKeyValueSecurityToken() throws Exception {
return new DsaKeyValueSecurityTokenImpl(null, null, null, null, null);
}
public ECKeyValueSecurityTokenImpl getECKeyValueSecurityToken() throws Exception {
ECKeyValueType ecKeyValueType = new ECKeyValueType();
ecKeyValueType.setNamedCurve(new NamedCurveType());
return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null, null, null, null);
}
protected String loadResourceAsString(String resource, Charset encoding) throws IOException {
InputStreamReader inputStreamReader = new InputStreamReader(this.getClass().getClassLoader().getResourceAsStream(resource), encoding);
StringBuilder stringBuilder = new StringBuilder();
int read = 0;
char[] buffer = new char[1024];
while ((read = inputStreamReader.read(buffer)) != -1) {
stringBuilder.append(buffer, 0, read);
}
return stringBuilder.toString();
}
public static SamlAssertionWrapper createSamlAssertionWrapper(SAMLCallback samlCallback) throws WSSecurityException {
return new SamlAssertionWrapper(samlCallback);
}
}