" <sp:Basic256/>\n" +
" </wsp:Policy>\n" +
" </sp:AlgorithmSuite>\n" +
"</wsp:Policy>\n" +
"</sp:AsymmetricBinding>";
PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
List<QName> bstPath = new ArrayList<QName>();
bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
bstPath.add(WSSConstants.TAG_wsse_BinarySecurityToken);
List<QName> sigPath = new ArrayList<QName>();
sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
sigPath.add(WSSConstants.TAG_dsig_Signature);
List<SecurityToken> securityTokens = new LinkedList<SecurityToken>();
for (int i = 0; i < tokenUsages.size(); i++) {
WSSecurityTokenConstants.TokenUsage tokenUsage = tokenUsages.get(i);
X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
securityTokens.add(securityToken);
securityToken.setElementPath(bstPath);
securityToken.addTokenUsage(tokenUsage);
x509TokenSecurityEvent.setSecurityToken(securityToken);
policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
if (tokenUsage.getName().contains("Endorsing")) {
SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(securityToken, true, protectionOrder);
signedElementSecurityEvent.setElementPath(sigPath);
policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
}
}
SecurityToken mainSignatureToken = null;
Iterator<SecurityToken> securityTokenIterator = securityTokens.iterator();
while (securityTokenIterator.hasNext()) {
SecurityToken securityToken = securityTokenIterator.next();
if (securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature)) {
mainSignatureToken = securityToken;
break;
}
}
securityTokenIterator = securityTokens.iterator();
while (securityTokenIterator.hasNext()) {
SecurityToken securityToken = securityTokenIterator.next();
if (securityToken.getTokenUsages().get(0).getName().contains("Signed")) {
SignedElementSecurityEvent signedElementSecurityEvent =
new SignedElementSecurityEvent((InboundSecurityToken)mainSignatureToken, true, protectionOrder);
signedElementSecurityEvent.setElementPath(bstPath);
policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
}
}
OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
operationSecurityEvent.setOperation(new QName("definitions"));
try {
policyEnforcer.registerSecurityEvent(operationSecurityEvent);
} catch (WSSecurityException e) {
Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
Assert.assertEquals(e.getCause().getMessage(),
"Token /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken must not be signed by its signature.");
Assert.assertEquals(e.getFaultCode(), WSSecurityException.INVALID_SECURITY);