Package org.apache.wss4j.dom.message

Class SignatureCertTest

  • public class SignatureCertTest
extends Object
    This is a test for WSS-40. Essentially it just tests that a message is signed using a keyEntry from one keystore, and verified at the other end with a keystore with just the CA cert in it. http://issues.apache.org/jira/browse/WSS-40 Generate the CA keys/certs + export the CA cert to a keystore openssl req -x509 -newkey rsa:2048 -keyout wss40CAKey.pem -out wss40CA.pem -config ca.config -days 3650 openssl x509 -outform DER -in wss40CA.pem -out wss40CA.crt keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40CA.jks Generate the client keypair, make a csr, sign it with the CA key keytool -genkey -validity 3650 -alias wss40 -keyalg RSA -keystore wss40.jks -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" keytool -certreq -alias wss40 -keystore wss40.jks -file wss40.cer openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40.pem -infiles wss40.cer openssl x509 -outform DER -in wss40.pem -out wss40.crt Import the CA cert into wss40.jks and import the new signed certificate keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40.jks keytool -import -file wss40.crt -alias wss40 -keystore wss40.jks

    • Constructor Detail

    • Method Detail

      • testSignatureDirectReference

        @Test
public void testSignatureDirectReference()
                                  throws Exception
        Test signing a SOAP message using a BST.
        Throws:
        Exception

      • testSignatureDirectReferenceCACert

        @Test
public void testSignatureDirectReferenceCACert()
                                        throws Exception
        Test signing a SOAP message using a BST, sending the CA cert as well in the message.
        Throws:
        Exception

      • testSignatureIssuerSerial

        @Test
public void testSignatureIssuerSerial()
                               throws Exception
        Test signing a SOAP message using Issuer Serial. Note that this should fail, as the trust-store does not contain the cert corresponding to wss40, only the CA cert wss40CA.
        Throws:
        Exception

      • testSignatureBadCACert

        @Test
public void testSignatureBadCACert()
                            throws Exception
        Test signing a SOAP message using a BST. The signature verification passes, but the trust verification will fail as the CA cert is out of date.
        Throws:
        Exception

      • testMultipleCertsWSHandler

        @Test
public void testMultipleCertsWSHandler()
                                throws Exception
        A test for "SignatureAction does not set DigestAlgorithm on WSSecSignature instance"
        Throws:
        Exception

      • testExpiredCert

        @Test
public void testExpiredCert()
                     throws Exception
        Throws:
        Exception

      • testExpiredCertInKeystore

        @Test
public void testExpiredCertInKeystore()
                               throws Exception
        Throws:
        Exception