| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.wss4j.stax.test; |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.ByteArrayOutputStream; |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.io.OutputStream; |
| import java.io.PrintWriter; |
| import java.io.StringWriter; |
| import java.nio.charset.StandardCharsets; |
| import java.util.ArrayList; |
| import java.util.EnumSet; |
| import java.util.Iterator; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Properties; |
| |
| import javax.xml.namespace.QName; |
| import javax.xml.stream.XMLStreamException; |
| import javax.xml.stream.XMLStreamReader; |
| import javax.xml.stream.XMLStreamWriter; |
| import javax.xml.transform.dom.DOMSource; |
| import javax.xml.transform.stream.StreamResult; |
| import javax.xml.xpath.XPathConstants; |
| import javax.xml.xpath.XPathExpression; |
| |
| import org.apache.wss4j.common.bsp.BSPRule; |
| import org.apache.wss4j.common.ext.WSSecurityException; |
| import org.apache.wss4j.dom.handler.WSHandlerConstants; |
| import org.apache.wss4j.stax.ext.WSSConstants; |
| import org.apache.wss4j.stax.ext.WSSSecurityProperties; |
| import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent; |
| import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent; |
| import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent; |
| import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants; |
| import org.apache.wss4j.stax.setup.InboundWSSec; |
| import org.apache.wss4j.stax.setup.OutboundWSSec; |
| import org.apache.wss4j.stax.setup.WSSec; |
| import org.apache.wss4j.stax.test.utils.StAX2DOM; |
| import org.apache.wss4j.stax.test.utils.XmlReaderToWriter; |
| import org.apache.xml.security.stax.ext.SecurePart; |
| import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent; |
| import org.apache.xml.security.stax.securityEvent.SecurityEvent; |
| import org.apache.xml.security.stax.securityEvent.SecurityEventListener; |
| import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent; |
| import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent; |
| import org.junit.Assert; |
| import org.junit.Test; |
| import org.w3c.dom.Attr; |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| import org.w3c.dom.NamedNodeMap; |
| import org.w3c.dom.Node; |
| import org.w3c.dom.NodeList; |
| |
| public class InteroperabilityTest extends AbstractTestBase { |
| |
| @Test |
| public void testInteroperabilityInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity(securityProperties, |
| xmlInputFactory.createXMLStreamReader( |
| new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| |
| EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART); |
| List<SignedElementSecurityEvent> signedElementSecurityEventList = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SignedElement); |
| List<SignedPartSecurityEvent> signedPartSecurityEventList = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SIGNED_PART); |
| SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue); |
| OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION); |
| String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID(); |
| String signedElementCorrelationID1 = signedElementSecurityEventList.get(0).getCorrelationID(); |
| String signedElementCorrelationID2 = signedPartSecurityEventList.get(0).getCorrelationID(); |
| String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID(); |
| String operationCorrelationID = operationSecurityEvent.getCorrelationID(); |
| |
| List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents1 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents2 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>(); |
| |
| List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents(); |
| for (int i = 0; i < securityEvents.size(); i++) { |
| SecurityEvent securityEvent = securityEvents.get(i); |
| if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) { |
| encryptedPartSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID1)) { |
| signedElementSecurityEvents1.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID2)) { |
| signedElementSecurityEvents2.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) { |
| signatureValueSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) { |
| operationSecurityEvents.add(securityEvent); |
| } |
| } |
| |
| Assert.assertEquals(4, encryptedPartSecurityEvents.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents1.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents2.size()); |
| Assert.assertEquals(4, signatureValueSecurityEvents.size()); |
| Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(), |
| operationSecurityEvents.size() + |
| encryptedPartSecurityEvents.size() + |
| signedElementSecurityEvents1.size() + |
| signedElementSecurityEvents2.size() + |
| signatureValueSecurityEvents.size() + |
| 1 //the timestamp |
| ); |
| } |
| |
| @Test |
| public void testInteroperabilityInboundSOAP12() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.2.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, |
| xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| } |
| |
| @Test |
| public void testInteroperabilityEncryptedSignatureInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| properties.setProperty(WSHandlerConstants.ENCRYPTION_PARTS, "{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.EncryptedElement, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, |
| xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| |
| securityEventListener.compare(); |
| |
| EncryptedElementSecurityEvent encryptedElementSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedElement); |
| EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART); |
| List<SignedElementSecurityEvent> signedElementSecurityEventList = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SignedElement); |
| List<SignedPartSecurityEvent> signedPartSecurityEventList = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SIGNED_PART); |
| SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue); |
| OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION); |
| String encryptedElementCorrelationID = encryptedElementSecurityEvent.getCorrelationID(); |
| String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID(); |
| String signedElementCorrelationID1 = signedElementSecurityEventList.get(0).getCorrelationID(); |
| String signedElementCorrelationID2 = signedPartSecurityEventList.get(0).getCorrelationID(); |
| String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID(); |
| String operationCorrelationID = operationSecurityEvent.getCorrelationID(); |
| |
| List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedElementSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents1 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents2 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>(); |
| |
| List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents(); |
| for (int i = 0; i < securityEvents.size(); i++) { |
| SecurityEvent securityEvent = securityEvents.get(i); |
| if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) { |
| encryptedPartSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(encryptedElementCorrelationID)) { |
| encryptedElementSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID1)) { |
| signedElementSecurityEvents1.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID2)) { |
| signedElementSecurityEvents2.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) { |
| signatureValueSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) { |
| operationSecurityEvents.add(securityEvent); |
| } |
| } |
| |
| Assert.assertEquals(3, encryptedPartSecurityEvents.size()); |
| Assert.assertEquals(3, encryptedElementSecurityEvents.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents1.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents2.size()); |
| Assert.assertEquals(4, signatureValueSecurityEvents.size()); |
| Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(), |
| operationSecurityEvents.size() + |
| encryptedPartSecurityEvents.size() + |
| encryptedElementSecurityEvents.size() + |
| signedElementSecurityEvents1.size() + |
| signedElementSecurityEvents2.size() + |
| signatureValueSecurityEvents.size() + |
| 1 //the timestamp |
| ); |
| } |
| |
| //Not supported ATM: Timestamp encrypted and then Signed |
| /* |
| @Test(invocationCount = 1) |
| public void testInteroperabilitySignedEncryptedTimestampInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| properties.setProperty(WSHandlerConstants.ENCRYPTION_PARTS, "{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| //transformer.transform(new DOMSource(document), new StreamResult(System.out)); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| } |
| */ |
| |
| @Test |
| public void testInteroperabilityInboundReverseOrder() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP; |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties()); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, |
| xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| |
| EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART); |
| List<SignedPartSecurityEvent> signedPartSecurityEvents = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SIGNED_PART); |
| SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue); |
| OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION); |
| String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID(); |
| String signedElementCorrelationID1 = signedPartSecurityEvents.get(0).getCorrelationID(); |
| String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID(); |
| String operationCorrelationID = operationSecurityEvent.getCorrelationID(); |
| |
| List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents1 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>(); |
| |
| List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents(); |
| for (int i = 0; i < securityEvents.size(); i++) { |
| SecurityEvent securityEvent = securityEvents.get(i); |
| if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) { |
| encryptedPartSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID1)) { |
| signedElementSecurityEvents1.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) { |
| signatureValueSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) { |
| operationSecurityEvents.add(securityEvent); |
| } |
| } |
| |
| Assert.assertEquals(4, encryptedPartSecurityEvents.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents1.size()); |
| Assert.assertEquals(4, signatureValueSecurityEvents.size()); |
| Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(), |
| operationSecurityEvents.size() + |
| encryptedPartSecurityEvents.size() + |
| signedElementSecurityEvents1.size() + |
| signatureValueSecurityEvents.size() + |
| 1 //the timestamp |
| ); |
| } |
| |
| @Test |
| public void testInteroperabilityOutbound() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action); |
| } |
| |
| @Test |
| public void testInteroperabilityOutboundReverseOrder() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.ENCRYPT); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.TIMESTAMP); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP; |
| doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action); |
| } |
| |
| @Test |
| public void testInteroperabilityOutboundSignature() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.SIGNATURE); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.SIGNATURE; |
| doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action); |
| } |
| |
| @Test |
| public void testInteroperabilityInboundSecurityHeaderTimestampOrder() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| properties.setProperty(WSHandlerConstants.ENCRYPTION_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedData"); |
| Element timeStamp = (Element) xPathExpression.evaluate(securedDocument, XPathConstants.NODE); |
| Element securityHeaderNode = (Element) timeStamp.getParentNode(); |
| securityHeaderNode.removeChild(timeStamp); |
| |
| xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature"); |
| Element signature = (Element) xPathExpression.evaluate(securedDocument, XPathConstants.NODE); |
| |
| securityHeaderNode.insertBefore(timeStamp, signature); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.EncryptedElement, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| |
| EncryptedElementSecurityEvent encryptedElementSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedElement); |
| EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART); |
| List<SignedElementSecurityEvent> signedElementSecurityEvents = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SignedElement); |
| List<SignedPartSecurityEvent> signedPartSecurityEvents = securityEventListener.getSecurityEvents(WSSecurityEventConstants.SIGNED_PART); |
| SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue); |
| OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION); |
| String encryptedElementCorrelationID = encryptedElementSecurityEvent.getCorrelationID(); |
| String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID(); |
| String signedElementCorrelationID1 = signedElementSecurityEvents.get(0).getCorrelationID(); |
| String signedElementCorrelationID2 = signedPartSecurityEvents.get(0).getCorrelationID(); |
| String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID(); |
| String operationCorrelationID = operationSecurityEvent.getCorrelationID(); |
| |
| List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> encryptedElementSecurityEvents = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents1 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signedElementSecurityEvents2 = new ArrayList<SecurityEvent>(); |
| List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>(); |
| |
| List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents(); |
| for (int i = 0; i < securityEvents.size(); i++) { |
| SecurityEvent securityEvent = securityEvents.get(i); |
| if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) { |
| encryptedPartSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(encryptedElementCorrelationID)) { |
| encryptedElementSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID1)) { |
| signedElementSecurityEvents1.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID2)) { |
| signedElementSecurityEvents2.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) { |
| signatureValueSecurityEvents.add(securityEvent); |
| } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) { |
| operationSecurityEvents.add(securityEvent); |
| } |
| } |
| |
| Assert.assertEquals(3, encryptedPartSecurityEvents.size()); |
| Assert.assertEquals(3, encryptedElementSecurityEvents.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents1.size()); |
| Assert.assertEquals(3, signedElementSecurityEvents2.size()); |
| Assert.assertEquals(4, signatureValueSecurityEvents.size()); |
| Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(), |
| operationSecurityEvents.size() + |
| encryptedPartSecurityEvents.size() + |
| encryptedElementSecurityEvents.size() + |
| signedElementSecurityEvents1.size() + |
| signedElementSecurityEvents2.size() + |
| signatureValueSecurityEvents.size() + |
| 1 //the timestamp |
| ); |
| } |
| |
| @Test |
| public void testEncDecryptionUseReqSigCert() throws Exception { |
| |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| { |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties); |
| Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT); |
| |
| //some test that we can really sure we get what we want from WSS4J |
| NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| } |
| |
| final List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>(); |
| //done signature; now test sig-verification: |
| { |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.setCallbackHandler(new org.apache.wss4j.stax.test.CallbackHandlerImpl()); |
| InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); |
| |
| SecurityEventListener securityEventListener = new SecurityEventListener() { |
| @Override |
| public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException { |
| securityEventList.add(securityEvent); |
| } |
| }; |
| |
| XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), new ArrayList<SecurityEvent>(), securityEventListener); |
| |
| Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader); |
| |
| //header element must still be there |
| NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.getLength(), 1); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| } |
| |
| //so we have a request generated, now do the response: |
| baos = new ByteArrayOutputStream(); |
| { |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("receiver"); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setUseReqSigCertForEncryption(true); |
| |
| OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties); |
| XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), securityEventList); |
| XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")); |
| XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter); |
| xmlStreamWriter.close(); |
| |
| Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())); |
| NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| |
| nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart()); |
| Assert.assertEquals(nodeList.getLength(), 1); |
| |
| nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN); |
| Assert.assertEquals(nodeList.getLength(), 1); |
| String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart()); |
| Assert.assertNotNull(idAttrValue); |
| Assert.assertTrue(idAttrValue.length() > 0); |
| } |
| |
| //verify SigConf response: |
| { |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, true); |
| } |
| } |
| |
| @Test |
| public void testEncryptedSignatureC14NInclusivePartsOutbound() throws Exception { |
| |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| { |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element)); |
| securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| |
| OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties); |
| XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>()); |
| XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")); |
| XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter); |
| xmlStreamWriter.close(); |
| |
| Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())); |
| NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| |
| nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart()); |
| Assert.assertEquals(nodeList.getLength(), 25); |
| |
| nodeList = document.getElementsByTagNameNS("http://www.w3.org/1999/XMLSchema", "complexType"); |
| Assert.assertEquals(nodeList.getLength(), 0); |
| } |
| |
| //done signature; now test sig-verification: |
| { |
| String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| } |
| } |
| |
| /** |
| * Inclusive Canonicalization with Encryption is problematic because xenc namespace "leaks" |
| * WSS4J sets the xenc ns on the soap envelope which is not included in the signature on the sending |
| * side. swsssf sets the ns where it belongs and so we don't have this problem. But if we |
| * get an xenc ns on the envelope we will get a signature error. This case can't be handled correctly. |
| * This is also one of the reasons why a exclusive canonicalisation is preferred for SOAP |
| * |
| * @throws Exception |
| */ |
| @Test |
| public void testSignatureC14NInclusivePartsInbound() throws Exception { |
| //retest 100 times to make sure we don't have a threading issue |
| for (int i = 0; i < 100; i++) { |
| Document securedDocument; |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| { |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element)); |
| securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| |
| OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties); |
| XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>()); |
| XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")); |
| XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter); |
| xmlStreamWriter.close(); |
| |
| securedDocument = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())); |
| NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| } |
| |
| { |
| String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| } |
| |
| //done signature; now test sig-verification: |
| { |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.addIgnoreBSPRule(BSPRule.R5404); |
| securityProperties.addIgnoreBSPRule(BSPRule.R5423); |
| securityProperties.addIgnoreBSPRule(BSPRule.R5412); |
| InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.SignedElement, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| XMLStreamReader xmlStreamReader = wsSecIn.processInMessage( |
| xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener); |
| |
| Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader); |
| |
| //header element must still be there |
| NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()); |
| Assert.assertEquals(nodeList.getLength(), 1); |
| Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()); |
| |
| securityEventListener.compare(); |
| } |
| } |
| } |
| |
| @Test |
| public void testInteroperabilitySOAPActionInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| } |
| |
| @Test |
| public void testInteroperabilityInvalidSOAPActionInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("anotherTest"); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.NO_SECURITY, |
| WSSecurityEventConstants.OPERATION |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| } |
| |
| @Test |
| public void testInteroperabilitySOAPRoleInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.2.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{ |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.AlgorithmSuite, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.X509Token, |
| WSSecurityEventConstants.SignatureValue, |
| WSSecurityEventConstants.TIMESTAMP, |
| WSSecurityEventConstants.SignedElement, |
| WSSecurityEventConstants.SIGNED_PART, |
| WSSecurityEventConstants.ENCRYPTED_PART, |
| WSSecurityEventConstants.OPERATION, |
| }; |
| final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents); |
| Document document = doInboundSecurity( |
| securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| securityEventListener.compare(); |
| } |
| |
| @Test |
| public void testInteroperabilityTwoSecurityHeadersSOAPRoleInbound() throws Exception { |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.2.xml"); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body;"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| securedDocument = doOutboundSecurityWithWSS4J(new ByteArrayInputStream(baos.toByteArray()), action, properties); |
| |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| baos.reset(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| |
| Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| } |
| |
| @Test |
| public void testInteroperabilitySOAPActionOutbound() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| } |
| |
| @Test |
| public void testInteroperabilityInvalidSOAPActionOutbound() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.ACTOR, "anotherTest"); |
| try { |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| Assert.fail("Expected WSSecurityException"); |
| } catch (WSSecurityException e) { |
| Assert.assertEquals(e.getMessage(), "WSS4JHandler: Request does not contain required Security header"); |
| } |
| } |
| |
| @Test |
| public void testInteroperabilitySOAPRoleOutbound() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setActor("test"); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.2.xml"); |
| |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| } |
| |
| @Test |
| public void testInteroperabilityTwoSecurityHeadersSOAPRoleOutbound() throws Exception { |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.setEncryptionUser("receiver"); |
| securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| securityProperties.setSignatureUser("transmitter"); |
| securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray()); |
| List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>(); |
| actions.add(WSSConstants.TIMESTAMP); |
| actions.add(WSSConstants.SIGNATURE); |
| actions.add(WSSConstants.ENCRYPT); |
| securityProperties.setActions(actions); |
| |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.2.xml"); |
| |
| ByteArrayOutputStream baos = doOutboundSecurity(securityProperties, sourceDocument); |
| |
| securityProperties.setActor("test"); |
| baos = doOutboundSecurity(securityProperties, new ByteArrayInputStream(baos.toByteArray())); |
| |
| String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| properties.setProperty(WSHandlerConstants.ACTOR, "test"); |
| doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false); |
| } |
| |
| @Test |
| public void testInvalidXML() throws Exception { |
| |
| int i = 0; |
| int e = 10000; |
| |
| while (i < e) { |
| |
| String action = WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT; |
| Properties properties = new Properties(); |
| InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); |
| Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| |
| if (i == 0) { |
| i = indexOfNode(securedDocument.getDocumentElement(), new NodeIndex(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart()).index; |
| e = indexOfNode(securedDocument.getDocumentElement(), new NodeIndex(), "definitions").index; |
| } |
| i++; |
| Node nodeToRemove = nodeOnIndex(securedDocument.getDocumentElement(), new NodeIndex(), i).node; |
| if (nodeToRemove.getNodeType() == Node.ATTRIBUTE_NODE) { |
| ((Attr) nodeToRemove).getOwnerElement().removeAttributeNode((Attr) nodeToRemove); |
| } else { |
| Node parentNode = nodeToRemove.getParentNode(); |
| parentNode.removeChild(nodeToRemove); |
| } |
| |
| javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); |
| |
| WSSSecurityProperties securityProperties = new WSSSecurityProperties(); |
| securityProperties.setCallbackHandler(new CallbackHandlerImpl()); |
| securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); |
| Iterator<BSPRule> bspRules = EnumSet.allOf(BSPRule.class).iterator(); |
| while (bspRules.hasNext()) { |
| securityProperties.addIgnoreBSPRule(bspRules.next()); |
| } |
| |
| try { |
| Document document = doInboundSecurity(securityProperties, |
| xmlInputFactory.createXMLStreamReader( |
| new ByteArrayInputStream(baos.toByteArray()))); |
| |
| //read the whole stream: |
| transformer = TRANSFORMER_FACTORY.newTransformer(); |
| transformer.transform(new DOMSource(document), new StreamResult( |
| new OutputStream() { |
| @Override |
| public void write(int b) throws IOException { |
| // > /dev/null |
| } |
| } |
| )); |
| } catch (XMLStreamException ex) { |
| int k = 0; |
| Throwable t = ex.getCause(); |
| while (t != null && k < 100) { |
| StringWriter stringWriter = new StringWriter(); |
| PrintWriter pw = new PrintWriter(stringWriter); |
| ex.printStackTrace(pw); |
| Assert.assertFalse(stringWriter.toString(), t instanceof NullPointerException); |
| t = t.getCause(); |
| } |
| } |
| } |
| } |
| |
| private NodeIndex indexOfNode(Node node, NodeIndex index, String name) { |
| if (node.getLocalName() != null && node.getLocalName().equals(name)) { |
| return index; |
| } |
| index.index++; |
| if (node.getNodeType() == Node.ELEMENT_NODE) { |
| NamedNodeMap namedNodeMap = node.getAttributes(); |
| for (int i = 0; i < namedNodeMap.getLength(); i++) { |
| NodeIndex n = indexOfNode(namedNodeMap.item(i), index, name); |
| if (n != null) { |
| return n; |
| } |
| } |
| } |
| NodeList nodeList = node.getChildNodes(); |
| for (int i = 0; i < nodeList.getLength(); i++) { |
| NodeIndex n = indexOfNode(nodeList.item(i), index, name); |
| if (n != null) { |
| return n; |
| } |
| } |
| return null; |
| } |
| |
| private NodeIndex nodeOnIndex(Node node, NodeIndex index, int indexToFind) { |
| if (index.index == indexToFind) { |
| index.node = node; |
| return index; |
| } |
| index.index++; |
| if (node.getNodeType() == Node.ELEMENT_NODE) { |
| NamedNodeMap namedNodeMap = node.getAttributes(); |
| for (int i = 0; i < namedNodeMap.getLength(); i++) { |
| NodeIndex n = nodeOnIndex(namedNodeMap.item(i), index, indexToFind); |
| if (n != null) { |
| return n; |
| } |
| } |
| } |
| NodeList nodeList = node.getChildNodes(); |
| for (int i = 0; i < nodeList.getLength(); i++) { |
| NodeIndex n = nodeOnIndex(nodeList.item(i), index, indexToFind); |
| if (n != null) { |
| return n; |
| } |
| } |
| return null; |
| } |
| |
| class NodeIndex { |
| Node node; |
| int index; |
| } |
| } |