ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java - ws-wss4j - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.wss4j.stax.test;

 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;

 import javax.xml.stream.XMLStreamReader;
 import javax.xml.stream.XMLStreamWriter;

 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.setup.OutboundWSSec;
 import org.apache.wss4j.stax.setup.WSSec;
 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.junit.Assert;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;

 /**
  * A test-case for WSS-626 - "Duplicates in the PrefixList".
  */
 public class SignaturePrefixListTest extends AbstractTestBase {

     @Test
     public void testDuplicatePrefixListValues() throws Exception {

         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
             actions.add(WSSConstants.SIGNATURE);
             securityProperties.setActions(actions);
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
             securityProperties.setSignatureUser("transmitter");
             securityProperties.setCallbackHandler(new CallbackHandlerImpl());

             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/SignaturePrefixListMessage.xml"));
             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
             xmlStreamWriter.close();

             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());

             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
             Assert.assertEquals(nodeList.getLength(), 1);

             nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP12, WSSConstants.TAG_SOAP_BODY_LN);
             Assert.assertEquals(nodeList.getLength(), 1);
             String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
             Assert.assertNotNull(idAttrValue);
             Assert.assertTrue(idAttrValue.length() > 0);

             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
             Assert.assertEquals(nodeList.getLength(), 2);

             String parsedPrefixes = ((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart());
             assertEquals(parsedPrefixes.split(" ").length, 5);
         }
         //done signature; now test sig-verification:
         {
             String action = WSHandlerConstants.SIGNATURE;
             doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
         }
     }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.wss4j.stax.test;

	import java.io.ByteArrayInputStream;
	import java.io.ByteArrayOutputStream;
	import java.nio.charset.StandardCharsets;
	import java.util.ArrayList;
	import java.util.List;

	import javax.xml.stream.XMLStreamReader;
	import javax.xml.stream.XMLStreamWriter;

	import org.apache.wss4j.dom.handler.WSHandlerConstants;
	import org.apache.wss4j.stax.ext.WSSConstants;
	import org.apache.wss4j.stax.ext.WSSSecurityProperties;
	import org.apache.wss4j.stax.setup.OutboundWSSec;
	import org.apache.wss4j.stax.setup.WSSec;
	import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
	import org.apache.xml.security.stax.securityEvent.SecurityEvent;
	import org.junit.Assert;
	import org.junit.Test;
	import org.w3c.dom.Document;
	import org.w3c.dom.Element;
	import org.w3c.dom.NodeList;

	/**
	* A test-case for WSS-626 - "Duplicates in the PrefixList".
	*/
	public class SignaturePrefixListTest extends AbstractTestBase {

	@Test
	public void testDuplicatePrefixListValues() throws Exception {

	ByteArrayOutputStream baos = new ByteArrayOutputStream();
	{
	WSSSecurityProperties securityProperties = new WSSSecurityProperties();
	List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
	actions.add(WSSConstants.SIGNATURE);
	securityProperties.setActions(actions);
	securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
	securityProperties.setSignatureUser("transmitter");
	securityProperties.setCallbackHandler(new CallbackHandlerImpl());

	OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
	XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
	XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/SignaturePrefixListMessage.xml"));
	XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
	xmlStreamWriter.close();

	Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
	NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
	Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());

	nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
	Assert.assertEquals(nodeList.getLength(), 1);

	nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP12, WSSConstants.TAG_SOAP_BODY_LN);
	Assert.assertEquals(nodeList.getLength(), 1);
	String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
	Assert.assertNotNull(idAttrValue);
	Assert.assertTrue(idAttrValue.length() > 0);

	nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
	Assert.assertEquals(nodeList.getLength(), 2);

	String parsedPrefixes = ((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart());
	assertEquals(parsedPrefixes.split(" ").length, 5);
	}
	//done signature; now test sig-verification:
	{
	String action = WSHandlerConstants.SIGNATURE;
	doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
	}
	}

	}