Package org.apache.wss4j.dom.message

Class UsernameTokenTest

java.lang.Object

org.apache.wss4j.dom.message.UsernameTokenTest

All Implemented Interfaces:

CallbackHandler

public class UsernameTokenTest
extends Object
implements CallbackHandler

WS-Security Test Case for UsernameTokens.

Constructor Summary

Constructors

Constructor	Description
UsernameTokenTest()

Method Summary

Modifier and Type	Method	Description
void	handle(Callback[] callbacks)	A CallbackHandler for some (mostly insecure) scenarios.
void	testEmptyPasswordProcessing()	Test that processes a UserNameToken with an empty password
void	testFutureCreated()	This is a test for processing a UsernameToken where the "Created" element is in the future.
void	testMultipleCreated()	A test for sending multiple Created elements in the UsernameToken
void	testMultipleNonce()	A test for sending multiple nonces in the UsernameToken
void	testMultiplePassword()	A test for sending multiple passwords in the UsernameToken
void	testNearFutureCreated()	This is a test for processing a UsernameToken where the "Created" element is in the (near) future.
void	testNonceBadEncodingType()	A test for sending a nonce with a bad encoding type in the UsernameToken
void	testNullCreated()	A test for WSS-66 - the created string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."
void	testNullNonce()	A test for WSS-66 - the nonce string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."
void	testOldUsernameToken()	This is a test for processing an "old" UsernameToken, i.e.
void	testSpoofedUsernameToken()	This is a test to create a "Spoofed" UsernameToken (see WSS-441)
void	testUsernameTokenBadDigest()	Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope
void	testUsernameTokenBadText()	Test that adds a UserNameToken with (bad) password text to a WS-Security envelope
void	testUsernameTokenBadUsername()	Test that a bad username with password digest does not leak whether the username is valid or not - see WSS-141.
void	testUsernameTokenCustomFail()	Test with a non-standard token type.
void	testUsernameTokenCustomPass()	Test with a non-standard password type.
void	testUsernameTokenDigest()	Test that adds a UserNameToken with password Digest to a WS-Security envelope
void	testUsernameTokenDigestText()	Test that adds a UserNameToken with a digested password but with type of password test.
void	testUsernameTokenEmptyPassword()	Test that adds a UserNameToken with an empty password
void	testUsernameTokenNonceEncodingType()	Test that verifies an EncodingType is set for the nonce.
void	testUsernameTokenNoPassword()	Test that adds a UserNameToken with no password
void	testUsernameTokenNoPasswordType()	Test that adds a UserNameToken with no password type to a WS-Security envelope See WSS-152 - https://issues.apache.org/jira/browse/WSS-152 "Problem with processing Username Tokens with no password type" The 1.1 spec states that the password type is optional and defaults to password text, and so we should handle an incoming Username Token accordingly.
void	testUsernameTokenNoUser()	Test that adds a UserNameToken with no user (or password) to a WS-Security envelope See WSS-185 - https://issues.apache.org/jira/browse/WSS-185 "NullPointerException on empty UsernameToken"
void	testUsernameTokenText()	Test that adds a UserNameToken with password text to a WS-Security envelope
void	testUsernameTokenWithEncodedPassword()	Test that adds a UserNameToken with password Digest to a WS-Security envelope
void	testUsernameTokenWithEncodedPasswordBaseline()	Test for encoded passwords.
void	testUsernameTokenWSHandler()	Test that adds a UserNameToken via WSHandler
void	testUsernameTokenWSHandlerEmptyPassword()	Test that adds a UserNameToken with an empty password via WSHandler
void	testUsernameTokenWSHandlerNonceCreated()
void	testUsernameTokenWSHandlerNoPassword()	Test that adds a UserNameToken with no password via WSHandler
void	testUsernameTokenWSHandlerNoPassword2()	Test that adds a UserNameToken with no password via WSHandler

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UsernameTokenTest

public UsernameTokenTest()

Method Detail

testUsernameTokenDigest

@Test
public void testUsernameTokenDigest()
                             throws Exception

Test that adds a UserNameToken with password Digest to a WS-Security envelope

Throws:

Exception

testUsernameTokenWithEncodedPasswordBaseline

@Test
public void testUsernameTokenWithEncodedPasswordBaseline()
                                                  throws Exception

Test for encoded passwords.

Throws:

Exception

testUsernameTokenWithEncodedPassword

@Test
public void testUsernameTokenWithEncodedPassword()
                                          throws Exception

Test that adds a UserNameToken with password Digest to a WS-Security envelope

Throws:

Exception

testUsernameTokenBadUsername

@Test
public void testUsernameTokenBadUsername()
                                  throws Exception

Test that a bad username with password digest does not leak whether the username is valid or not - see WSS-141.

Throws:

Exception

testUsernameTokenBadDigest

@Test
public void testUsernameTokenBadDigest()
                                throws Exception

Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope

Throws:

Exception

testOldUsernameToken

@Test
public void testOldUsernameToken()
                          throws Exception

This is a test for processing an "old" UsernameToken, i.e. one with a "Created" element that is out of date

Throws:

Exception

testNearFutureCreated

@Test
public void testNearFutureCreated()
                           throws Exception

This is a test for processing a UsernameToken where the "Created" element is in the (near) future. It should be accepted by default when it is created 30 seconds in the future, and then rejected once we configure "0 seconds" for future-time-to-live.

Throws:

Exception

testFutureCreated

@Test
public void testFutureCreated()
                       throws Exception

This is a test for processing a UsernameToken where the "Created" element is in the future. A UsernameToken that is 120 seconds in the future should be rejected by default.

Throws:

Exception

testUsernameTokenText

@Test
public void testUsernameTokenText()
                           throws Exception

Test that adds a UserNameToken with password text to a WS-Security envelope

Throws:

Exception

testUsernameTokenDigestText

@Test
public void testUsernameTokenDigestText()
                                 throws Exception

Test that adds a UserNameToken with a digested password but with type of password test.

Throws:

Exception

testUsernameTokenBadText

@Test
public void testUsernameTokenBadText()
                              throws Exception

Test that adds a UserNameToken with (bad) password text to a WS-Security envelope

Throws:

Exception

testUsernameTokenNoPasswordType

@Test
public void testUsernameTokenNoPasswordType()
                                     throws Exception

Test that adds a UserNameToken with no password type to a WS-Security envelope See WSS-152 - https://issues.apache.org/jira/browse/WSS-152 "Problem with processing Username Tokens with no password type" The 1.1 spec states that the password type is optional and defaults to password text, and so we should handle an incoming Username Token accordingly.

Throws:

Exception

testUsernameTokenNoUser

@Test
public void testUsernameTokenNoUser()
                             throws Exception

Test that adds a UserNameToken with no user (or password) to a WS-Security envelope See WSS-185 - https://issues.apache.org/jira/browse/WSS-185 "NullPointerException on empty UsernameToken"

Throws:

Exception

testUsernameTokenNoPassword

@Test
public void testUsernameTokenNoPassword()
                                 throws Exception

Test that adds a UserNameToken with no password

Throws:

Exception

testUsernameTokenEmptyPassword

@Test
public void testUsernameTokenEmptyPassword()
                                    throws Exception

Test that adds a UserNameToken with an empty password

Throws:

Exception

testEmptyPasswordProcessing

@Test
public void testEmptyPasswordProcessing()
                                 throws Exception

Test that processes a UserNameToken with an empty password

Throws:

Exception

testUsernameTokenCustomFail

@Test
public void testUsernameTokenCustomFail()
                                 throws Exception

Test with a non-standard token type. This will fail as the default is to reject custom token types.

Throws:

Exception

testUsernameTokenCustomPass

@Test
public void testUsernameTokenCustomPass()
                                 throws Exception

Test with a non-standard password type. This will pass as the WSSConfig is configured to handle custom token types.

Throws:

Exception

testNullNonce

@Test
public void testNullNonce()
                   throws Exception

A test for WSS-66 - the nonce string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."

Throws:

Exception

testNullCreated

@Test
public void testNullCreated()
                     throws Exception

A test for WSS-66 - the created string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."

Throws:

Exception

testUsernameTokenNonceEncodingType

@Test
public void testUsernameTokenNonceEncodingType()
                                        throws Exception

Test that verifies an EncodingType is set for the nonce. See WSS-169.

Throws:

Exception

testUsernameTokenWSHandler

@Test
public void testUsernameTokenWSHandler()
                                throws Exception

Test that adds a UserNameToken via WSHandler

Throws:

Exception

testUsernameTokenWSHandlerNoPassword

@Test
public void testUsernameTokenWSHandlerNoPassword()
                                          throws Exception

Test that adds a UserNameToken with no password via WSHandler

Throws:

Exception

testUsernameTokenWSHandlerNoPassword2

@Test
public void testUsernameTokenWSHandlerNoPassword2()
                                           throws Exception

Test that adds a UserNameToken with no password via WSHandler

Throws:

Exception

testUsernameTokenWSHandlerEmptyPassword

@Test
public void testUsernameTokenWSHandlerEmptyPassword()
                                             throws Exception

Test that adds a UserNameToken with an empty password via WSHandler

Throws:

Exception

testMultipleNonce

@Test
public void testMultipleNonce()
                       throws Exception

A test for sending multiple nonces in the UsernameToken

Throws:

Exception

testMultipleCreated

@Test
public void testMultipleCreated()
                         throws Exception

A test for sending multiple Created elements in the UsernameToken

Throws:

Exception

testMultiplePassword

@Test
public void testMultiplePassword()
                          throws Exception

A test for sending multiple passwords in the UsernameToken

Throws:

Exception

testNonceBadEncodingType

@Test
public void testNonceBadEncodingType()
                              throws Exception

A test for sending a nonce with a bad encoding type in the UsernameToken

Throws:

Exception

testUsernameTokenWSHandlerNonceCreated

@Test
public void testUsernameTokenWSHandlerNonceCreated()
                                            throws Exception

Throws:

Exception

testSpoofedUsernameToken

@Test
public void testSpoofedUsernameToken()
                              throws Exception

This is a test to create a "Spoofed" UsernameToken (see WSS-441)

Throws:

Exception

handle

public void handle(Callback[] callbacks)
            throws IOException,
                   UnsupportedCallbackException

A CallbackHandler for some (mostly insecure) scenarios.

Specified by:

handle in interface CallbackHandler

Throws:

IOException

UnsupportedCallbackException