org.apache.neethi.Policy Java Examples

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    InitiatorSignatureToken initiatorToken = new InitiatorSignatureToken(consts, builder);
    initiatorToken.setOptional(PolicyConstants.isOptional(element));
    initiatorToken.setIgnorable(PolicyConstants.isIgnorable(element));

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), initiatorToken);
        break; // TODO process all the token that must be set ..
    }

    return initiatorToken;
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    RecipientEncryptionToken recipientEncryptionToken = new RecipientEncryptionToken(consts, builder);
    recipientEncryptionToken.setOptional(PolicyConstants.isOptional(element));
    recipientEncryptionToken.setIgnorable(PolicyConstants.isIgnorable(element));

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), recipientEncryptionToken);
        break; // TODO process all the token that must be set ..
    }

    return recipientEncryptionToken;
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    
    AsymmetricBinding asymmetricBinding = new AsymmetricBinding(consts, builder);

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    Iterator<List<Assertion>> iterator = policy.getAlternatives();
    if (!iterator.hasNext()) {
        throw new IllegalArgumentException(
            "sp:AsymmetricBinding must specify at least one alternative"
        );
    }
    processAlternative(iterator.next(), asymmetricBinding, consts);

    return asymmetricBinding;
}
 

protected void runInInterceptorAndValidate(String document,
        String policyDocument, List<QName> assertedInAssertions,
        List<QName> notAssertedInAssertions,
        List<CoverageType> types) throws Exception {
    
    final Policy policy = this.policyBuilder.getPolicy(
            this.readDocument(policyDocument).getDocumentElement());
    
    final Document doc = this.readDocument(document);
    
    this.runInInterceptorAndValidate(
            doc, policy, 
            assertedInAssertions,
            notAssertedInAssertions,
            types);
}
 

protected void runInInterceptorAndValidate(String document,
        String policyDocument, List<QName> assertedInAssertions,
        List<QName> notAssertedInAssertions,
        List<CoverageType> types) throws Exception {
    
    final Policy policy = this.policyBuilder.getPolicy(
            this.readDocument(policyDocument).getDocumentElement());
    
    final Document doc = this.readDocument(document);
    
    this.runInInterceptorAndValidate(
            doc, policy, 
            assertedInAssertions,
            notAssertedInAssertions,
            types);
}
 

public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, Policy nestedPolicy) {
    AssertionBuilderRegistry reg = bus.getExtension(AssertionBuilderRegistry.class);
    if (reg != null) {
        String ns = "http://cxf.apache.org/custom/security-policy";
        final Map<QName, Assertion> assertions = new HashMap<>();
        QName qName = new QName(ns, "Basic256GCMMGFSHA256");
        assertions.put(qName, new PrimitiveAssertion(qName));

        reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) {
            public Assertion build(Element element, AssertionBuilderFactory fact) {
                if (XMLPrimitiveAssertionBuilder.isOptional(element)
                    || XMLPrimitiveAssertionBuilder.isIgnorable(element)) {
                    return super.build(element, fact);
                }
                QName q = new QName(element.getNamespaceURI(), element.getLocalName());
                return assertions.get(q);
            }
        });
    }
    return new GCMAlgorithmSuite(version, nestedPolicy);
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    
    
    ProtectionToken protectionToken = new ProtectionToken(consts, builder);

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), protectionToken);
        break; // since there should be only one alternative ..
    }

    return protectionToken;
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    
    AsymmetricBinding asymmetricBinding = new AsymmetricBinding(consts, builder);

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    Iterator<List<Assertion>> iterator = policy.getAlternatives();
    if (!iterator.hasNext()) {
        throw new IllegalArgumentException(
            "sp:AsymmetricBinding must specify at least one alternative"
        );
    }
    processAlternative(iterator.next(), asymmetricBinding, consts);

    return asymmetricBinding;
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;


    RecipientToken recipientToken = new RecipientToken(consts, builder);

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), recipientToken);

        /*
         * for the moment we will pick the first token specified in the policy
         */
        break;
    }

    return recipientToken;
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    InitiatorToken initiatorToken = new InitiatorToken(consts, builder);
    initiatorToken.setOptional(PolicyConstants.isOptional(element));
    initiatorToken.setIgnorable(PolicyConstants.isIgnorable(element));

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), initiatorToken);
        break; // TODO process all the token that must be set ..
    }

    return initiatorToken;
}
 

private Policy applyPolicyToBindings(AxisService axisService) throws ServerException {
    Parameter parameter = axisService.getParameter(APPLY_POLICY_TO_BINDINGS);
    if (parameter != null && "true".equalsIgnoreCase(parameter.getValue().toString()) &&
            axisService.getPolicySubject() != null && axisService.getPolicySubject().getAttachedPolicyComponents()
            != null) {
        Iterator iterator = axisService.getPolicySubject().
                getAttachedPolicyComponents().iterator();
        while (iterator.hasNext()) {
            PolicyComponent currentPolicyComponent = (PolicyComponent) iterator.next();
            if (currentPolicyComponent instanceof Policy) {
                Policy policy = ((Policy) currentPolicyComponent);
                String policyId = policy.getId();
                axisService.getPolicySubject().detachPolicyComponent(policyId);
                addPolicyToAllBindings(axisService, policy);
                return policy;
            }
        }
    }
    return null;
}
 

@Test
public void testAccessors() {
    EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
    assertNull(effectivePolicy.getPolicy());
    assertNull(effectivePolicy.getChosenAlternative());
    assertNull(effectivePolicy.getInterceptors());

    Policy p = control.createMock(Policy.class);
    Assertion a = control.createMock(Assertion.class);
    List<Assertion> la = Collections.singletonList(a);
    List<Interceptor<? extends Message>> li = createMockInterceptorList();
    control.replay();
    effectivePolicy.setPolicy(p);
    assertSame(p, effectivePolicy.getPolicy());
    effectivePolicy.setChosenAlternative(la);
    assertSame(la, effectivePolicy.getChosenAlternative());
    effectivePolicy.setInterceptors(li);
    assertSame(li, effectivePolicy.getInterceptors());
    control.verify();
}
 

public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, Policy nestedPolicy) {
    AssertionBuilderRegistry reg = bus.getExtension(AssertionBuilderRegistry.class);
    if (reg != null) {
        String ns = "http://cxf.apache.org/custom/security-policy";
        final Map<QName, Assertion> assertions = new HashMap<>();
        QName qName = new QName(ns, "Basic128RsaSha512");
        assertions.put(qName, new PrimitiveAssertion(qName));

        reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) {
            public Assertion build(Element element, AssertionBuilderFactory fact) {
                if (XMLPrimitiveAssertionBuilder.isOptional(element)
                    || XMLPrimitiveAssertionBuilder.isIgnorable(element)) {
                    return super.build(element, fact);
                }
                QName q = new QName(element.getNamespaceURI(), element.getLocalName());
                return assertions.get(q);
            }
        });
    }
    return new SHA512AlgorithmSuite(version, nestedPolicy);
}
 

@Test
public void testSHA256AsymSigAlgorithm() throws Exception {

    final String rsaSha2SigMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    String policyName = "signed_elements_policy.xml";
    Policy policy = policyBuilder.getPolicy(this.getResourceAsStream(policyName));
    AssertionInfoMap aim = new AssertionInfoMap(policy);

    AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();

    AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();

    // set Signature Algorithm to RSA SHA-256
    binding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(rsaSha2SigMethod);

    String sigMethod = binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature();

    assertNotNull(sigMethod);
    assertEquals(rsaSha2SigMethod, sigMethod);
}
 

/**
 * Check the policy to see whether the service should only be exposed in
 * HTTPS
 *
 * @param policy service policy
 * @return returns true if the service should only be exposed in HTTPS
 * @throws org.wso2.carbon.security.SecurityConfigException ex
 */
public boolean isHttpsTransportOnly(Policy policy) throws SecurityConfigException {

    // When there is a transport binding sec policy assertion,
    // the service should be exposed only via HTTPS
    boolean httpsRequired = false;

    try {
        Iterator alternatives = policy.getAlternatives();
        if (alternatives.hasNext()) {
            List it = (List) alternatives.next();
            RampartPolicyData rampartPolicyData = RampartPolicyBuilder.build(it);
            if (rampartPolicyData.isTransportBinding()) {
                httpsRequired = true;
            } else if (rampartPolicyData.isSymmetricBinding()) {
                Token encrToken = rampartPolicyData.getEncryptionToken();
                if (encrToken instanceof SecureConversationToken) {
                    Policy bsPol = ((SecureConversationToken) encrToken).getBootstrapPolicy();
                    Iterator alts = bsPol.getAlternatives();
                    List bsIt = (List) alts.next();
                    RampartPolicyData bsRampartPolicyData = RampartPolicyBuilder.build(bsIt);
                    httpsRequired = bsRampartPolicyData.isTransportBinding();
                }
            }
        }
    } catch (WSSPolicyException e) {
        log.error("Error in checking http transport only", e);
        throw new SecurityConfigException("Error in checking http transport only", e);
    }
    return httpsRequired;
}
 

@Test(expected = SynapseException.class)
public void testCreatingThrottleContextThrowsSynapseExceptionWhenCreatingThrottlingMediatorFails() throws
        UserStoreException, RegistryException, ThrottleException {
    Mockito.when(throttleDataHolder.getThrottleContext(applicationId)).thenReturn(null);
    PowerMockito.when(tenantManager.getTenantId(tenantDomain)).thenReturn(tenantID);
    PowerMockito.when(registryService.getGovernanceSystemRegistry(tenantID)).thenReturn(registry);
    PowerMockito.when(registry.resourceExists(RESOURCE_PATH)).thenReturn(true);
    PowerMockito.when(registry.get(RESOURCE_PATH)).thenReturn(throttlingPolicyResource);
    PowerMockito.when(throttlingPolicyResource.getContent()).thenReturn(THROTTLING_POLICY_DEFINITION);
    PowerMockito.mockStatic(ThrottleFactory.class);
    PowerMockito.when(ThrottleFactory.createMediatorThrottle((Policy) Mockito.anyObject())).thenThrow(new
            ThrottleException());
    ApplicationThrottleController.getApplicationThrottleContext(messageContext, throttleDataHolder,
            applicationId, THROTTLE_POLICY_KEY);
}
 

Policy getAggregatedFaultPolicy(BindingFaultInfo bfi, Message m) {
    Policy aggregated = null;
    for (PolicyProvider pp : getPolicyProviders()) {
        Policy p = pp.getEffectivePolicy(bfi, m);
        if (null == aggregated) {
            aggregated = p;
        } else if (p != null) {
            aggregated = aggregated.merge(p);
        }
    }
    return aggregated == null ? new Policy() : aggregated;
}
 

public Policy getPolicy() {
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    
    if (this.getProtectionToken() != null) {
        all.addPolicyComponent(this.getProtectionToken());
    }
    if (this.getSignatureToken() != null) {
        all.addPolicyComponent(this.getSignatureToken());
    }
    if (this.getEncryptionToken() != null) {
        all.addPolicyComponent(this.getEncryptionToken());
    }
    if (isIncludeTimestamp()) {
        all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
    }
    if (getLayout() != null) {
        all.addPolicyComponent(getLayout());
    }

    
    ea.addPolicyComponent(all);
    Policy pc = p.normalize(builder.getPolicyRegistry(), true);
    if (pc != null) {
        return pc;
    } else {
        return new Policy();
    }
}
 

public Policy getPolicy() {
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();

    for (Token token : getTokens()) {
        all.addPolicyComponent(token);
    }
    
    if (signedParts != null) {
        all.addPolicyComponent(signedParts);
    } else if (signedElements != null) {
        all.addPolicyComponent(signedElements);
    } else if (encryptedParts != null) {
        all.addPolicyComponent(encryptedParts);
    } else if (encryptedElements != null) {
        all.addPolicyComponent(encryptedElements);
    }        
    
    ea.addPolicyComponent(all);
    Policy pc = p.normalize(builder.getPolicyRegistry(), true);
    if (pc != null) {
        return pc;
    } else {
        return new Policy();
    }
}
 

@Test
public void testUpdatePolicyWithEmptyAll() {

    Policy emptyPolicy = new Policy();
    emptyPolicy.addPolicyComponent(new All());
    emptyPolicy.addPolicyComponent(new All());
    doTestUpdateWithEmptyPolicy(emptyPolicy);
}
 

public Policy getPolicy() {
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    
    if (this.getProtectionToken() != null) {
        all.addPolicyComponent(this.getProtectionToken());
    }
    if (this.getSignatureToken() != null) {
        all.addPolicyComponent(this.getSignatureToken());
    }
    if (this.getEncryptionToken() != null) {
        all.addPolicyComponent(this.getEncryptionToken());
    }
    if (isIncludeTimestamp()) {
        all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
    }
    if (getLayout() != null) {
        all.addPolicyComponent(getLayout());
    }

    
    ea.addPolicyComponent(all);
    Policy pc = p.normalize(builder.getPolicyRegistry(), true);
    if (pc != null) {
        return pc;
    } else {
        return new Policy();
    }
}
 

static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
    client.setTrust(NegotiationUtils.getTrust10(aim));
    client.setTrust(NegotiationUtils.getTrust13(aim));
    
    Policy p = new Policy();
    ExactlyOne ea = new ExactlyOne();
    p.addPolicyComponent(ea);
    All all = new All();
    all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
    ea.addPolicyComponent(all);
    
    client.setPolicy(p);
    client.setSoap11(message.getVersion() == Soap11.getInstance());
    client.setSpnego(true);
    
    WSSConfig config = WSSConfig.getNewInstance();
    String context = config.getIdAllocator().createSecureId("_", null);
    client.setContext(context);
    
    String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
    client.setLocation(s);
    AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
    if (suite != null) {
        client.setAlgorithmSuite(suite);
        int x = suite.getMaximumSymmetricKeyLength();
        if (x < 256) {
            client.setKeySize(x);
        }
    }
    
    Map<String, Object> ctx = client.getRequestContext();
    mapSecurityProps(message, ctx);
    
    return s;
}
 

private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException,
        XMLStreamException {

    InputStream in = resource.getContentStream();
    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    XMLStreamReader parser = xmlInputFactory.createXMLStreamReader(in);
    StAXOMBuilder builder = new StAXOMBuilder(parser);

    OMElement policyElement = builder.getDocumentElement();
    return PolicyEngine.getPolicy(policyElement);

}
 

@Test
public void testEffectiveMessagePolicies() {
    Policy ep;

    // binding operation message has no extensions
    // operation message has no extensions
    // message has no extensions
    ep = app.getEffectivePolicy(getBindingMessageInfo(endpoints[0], true), null);
    assertTrue(ep == null || ep.isEmpty());

    // binding operation message has one extension of type Policy
    // operation message has no extensions
    // message has no extensions
    ep = app.getEffectivePolicy(getBindingMessageInfo(endpoints[12], true), null);
    assertFalse(ep.isEmpty());
    verifyAssertionsOnly(ep, 1);

    // binding operation message has no extensions
    // operation message has one extension of type Policy
    // message has no extensions
    ep = app.getEffectivePolicy(getBindingMessageInfo(endpoints[13], true), null);
    assertFalse(ep.isEmpty());
    verifyAssertionsOnly(ep, 1);

    // binding operation message has no extensions
    // operation message has no extensions
    // message has one extension of type Policy
    ep = app.getEffectivePolicy(getBindingMessageInfo(endpoints[14], true), null);
    assertFalse(ep.isEmpty());
    verifyAssertionsOnly(ep, 1);

    // binding operation message has one extension of type Policy
    // operation message has one extension of type Policy
    // message has one extension of type Policy
    ep = app.getEffectivePolicy(getBindingMessageInfo(endpoints[15], true), null);
    assertFalse(ep.isEmpty());
    verifyAssertionsOnly(ep, 3);
}
 

@Test
public void testEqual() {
    JaxbAssertion<FooType> assertion = new JaxbAssertion<>();
    FooType data = new FooType();
    data.setName("CXF");
    data.setNumber(2);
    QName qn = new QName("http://cxf.apache.org/test/assertions/foo", "FooType");
    assertion.setName(qn);
    assertion.setData(data);

    PolicyComponent pc = new Policy();
    assertFalse(assertion.equal(pc));
    pc = new All();
    assertFalse(assertion.equal(pc));
    pc = new ExactlyOne();
    assertFalse(assertion.equal(pc));

    IMocksControl ctrl = EasyMock.createNiceControl();
    PrimitiveAssertion xpa = ctrl.createMock(PrimitiveAssertion.class);
    QName oqn = new QName("http://cxf.apache.org/test/assertions/blah", "OtherType");
    EasyMock.expect(xpa.getName()).andReturn(oqn);
    EasyMock.expect(xpa.getType()).andReturn(Constants.TYPE_ASSERTION);

    ctrl.replay();
    assertFalse(assertion.equal(xpa));
    ctrl.verify();

    FooType odata = new FooType();
    odata.setName(data.getName());
    odata.setNumber(data.getNumber());
    JaxbAssertion<FooType> oassertion = new JaxbAssertion<>();
    oassertion.setData(odata);
    oassertion.setName(qn);
    assertFalse(assertion.equal(oassertion));
    oassertion.setData(data);
    assertTrue(assertion.equal(oassertion));
    assertTrue(assertion.equal(assertion));
}
 

private void addPolicyRef(Extensible ext, Policy p) {
    Document doc = DOMUtils.getEmptyDocument();
    Element el = doc.createElementNS(p.getNamespace(), Constants.ELEM_POLICY_REF);
    el.setPrefix(Constants.ATTR_WSP);
    el.setAttribute(Constants.ATTR_URI, "#" + p.getId());

    UnknownExtensibilityElement uee = new UnknownExtensibilityElement();
    uee.setElementType(new QName(p.getNamespace(), Constants.ELEM_POLICY_REF));
    uee.setElement(el);
    uee.setRequired(true);

    ext.addExtensor(uee);
}
 

Policy getAggregatedServicePolicy(ServiceInfo si, Message m) {
    if (si == null) {
        return new Policy();
    }
    Policy aggregated = busPolicy;
    for (PolicyProvider pp : getPolicyProviders()) {
        Policy p = pp.getEffectivePolicy(si, m);
        if (null == aggregated) {
            aggregated = p;
        } else if (p != null) {
            aggregated = aggregated.merge(p);
        }
    }
    return aggregated == null ? new Policy() : aggregated;
}
 

protected void setPolicyInternal(Policy newPolicy) {
    this.policy = newPolicy;
    if (algorithmSuite == null) {
        Iterator<?> i = policy.getAlternatives();
        while (i.hasNext() && algorithmSuite == null) {
            List<PolicyComponent> p = CastUtils.cast((List<?>)i.next());
            for (PolicyComponent p2 : p) {
                if (p2 instanceof Binding) {
                    algorithmSuite = ((Binding)p2).getAlgorithmSuite();
                }
            }
        }
    }
}
 

public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    QName name = DOMUtils.getElementQName(element);
    SupportingToken supportingToken = null;

    if (SP11Constants.SUPPORTING_TOKENS.equals(name)) {
        supportingToken = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_SUPPORTING,
                                              SP11Constants.INSTANCE,
                                              builder);
    } else if (SP11Constants.SIGNED_SUPPORTING_TOKENS.equals(name)) {
        supportingToken = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_SIGNED, 
                                              SP11Constants.INSTANCE,
                                              builder);
    } else if (SP11Constants.ENDORSING_SUPPORTING_TOKENS.equals(name)) {
        supportingToken = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_ENDORSING, 
                                              SP11Constants.INSTANCE,
                                              builder);
    } else if (SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(name)) {
        supportingToken = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING,
                                              SP11Constants.INSTANCE,
                                              builder);
    }

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), supportingToken);
        /*
         * for the moment we will say there should be only one alternative
         */
        break;
    }

    return supportingToken;
}
 

public static Policy getSecurityPolicy() {

        String policyString = "        <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
                "                    xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
                "          <wsp:ExactlyOne>\n" +
                "            <wsp:All>\n" +
                "              <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" +
                "                <wsp:Policy>\n" +
                "                  <sp:TransportToken>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:HttpsToken RequireClientCertificate=\"true\"/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:TransportToken>\n" +
                "                  <sp:AlgorithmSuite>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Basic256/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:AlgorithmSuite>\n" +
                "                  <sp:Layout>\n" +
                "                    <wsp:Policy>\n" +
                "                      <sp:Lax/>\n" +
                "                    </wsp:Policy>\n" +
                "                  </sp:Layout>\n" +
                "                  <sp:IncludeTimestamp/>\n" +
                "                </wsp:Policy>\n" +
                "              </sp:TransportBinding>\n" +
                "            </wsp:All>\n" +
                "          </wsp:ExactlyOne>\n" +
                "        </wsp:Policy>";

        return PolicyEngine.getPolicy(new ByteArrayInputStream(policyString.getBytes()));

    }