SKISignatureTest xref


1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.message;
21  
22  import java.util.List;
23  
24  import org.apache.ws.security.WSSConfig;
25  import org.apache.ws.security.WSSecurityEngine;
26  import org.apache.ws.security.WSConstants;
27  import org.apache.ws.security.WSSecurityEngineResult;
28  import org.apache.ws.security.common.SOAPUtil;
29  import org.apache.ws.security.components.crypto.Crypto;
30  import org.apache.ws.security.components.crypto.CryptoFactory;
31  import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
32  import org.apache.ws.security.util.WSSecurityUtil;
33  import org.w3c.dom.Document;
34  
35  /**
36   * WS-Security Test Case for SubjectKeyIdentifier.
37   * 
38   * @author Davanum Srinivas (dims@yahoo.com)
39   * @author Werner Dittmann (Werner.Dittmann@siemens.com)
40   */
41  public class SKISignatureTest extends org.junit.Assert {
42      private static final org.apache.commons.logging.Log LOG = 
43          org.apache.commons.logging.LogFactory.getLog(SKISignatureTest.class);
44      private WSSecurityEngine secEngine = new WSSecurityEngine();
45      private Crypto crypto = null;
46      
47      public SKISignatureTest() throws Exception {
48          WSSConfig.init();
49          crypto = CryptoFactory.getInstance("wss40.properties");
50      }
51  
52      /**
53       * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
54       * This test uses the SubjectKeyIdentifier to identify the certificate. It
55       * uses the Direct version, that is it embeds the certificate in the message.
56       * <p/>
57       * 
58       * @throws java.lang.Exception Thrown when there is any problem in signing or verification
59       */
60      @org.junit.Test
61      public void testX509SignatureDSA_SKI() throws Exception {
62          WSSecSignature builder = new WSSecSignature();
63          builder.setUserInfo("wss40DSA", "security");
64          builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
65          builder.setSignatureAlgorithm(WSConstants.DSA);
66          
67          LOG.info("Before SigningDSA_SKIDirect....");
68          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
69          
70          WSSecHeader secHeader = new WSSecHeader();
71          secHeader.insertSecurityHeader(doc);
72  
73          Document signedDoc = builder.build(doc, crypto, secHeader);
74  
75          if (LOG.isDebugEnabled()) {
76              LOG.debug("Signed message with DSA_SKI key identifier:");
77              String outputString = 
78                  org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
79              LOG.debug(outputString);
80          }
81  
82          LOG.info("After SigningDSA_SKIDirect....");
83          
84          List<WSSecurityEngineResult> results = verify(signedDoc);
85          
86          WSSecurityEngineResult actionResult =
87                  WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
88          assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
89          assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
90          REFERENCE_TYPE referenceType = 
91              (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
92          assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
93      }
94  
95      /**
96       * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
97       * This test uses the SubjectKeyIdentifier to identify the certificate. 
98       * It gets a certificate with a DSA public key algo to sign, WSSignEnvelope shall
99       * detect the algo and set the signature algo accordingly.
100      * <p/>
101      * 
102      * @throws java.lang.Exception Thrown when there is any problem in signing or verification
103      */
104     @org.junit.Test
105     public void testX509SignatureDSA_Autodetect() throws Exception {
106         WSSecSignature builder = new WSSecSignature();
107         builder.setUserInfo("wss40DSA", "security");
108         builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
109         
110         LOG.info("Before SigningDSA_Autodetect....");
111         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
112         
113         WSSecHeader secHeader = new WSSecHeader();
114         secHeader.insertSecurityHeader(doc);
115 
116         Document signedDoc = builder.build(doc, crypto, secHeader);
117 
118         if (LOG.isDebugEnabled()) {
119             LOG.debug("Signed message with DSA_Autodetect:");
120             String outputString = 
121                 org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
122             LOG.debug(outputString);
123         }
124 
125         LOG.info("After SigningDSA_Autodetect....");
126         verify(signedDoc);
127     }
128 
129     /**
130      * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
131      * This test uses the SubjectKeyIdentifier to identify the certificate. 
132      * It gets a certificate with a RSA public key algo to sign, WSSignEnvelope shall
133      * detect the algo and set the signature algo accordingly.
134      * <p/>
135      * 
136      * @throws java.lang.Exception Thrown when there is any problem in signing or verification
137      */
138     @org.junit.Test
139     public void testX509SignatureRSA_Autodetect() throws Exception {
140         WSSecSignature builder = new WSSecSignature();
141         builder.setUserInfo("wss40", "security");
142         builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
143         
144         LOG.info("Before SigningRSA_Autodetect....");
145         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
146         
147         WSSecHeader secHeader = new WSSecHeader();
148         secHeader.insertSecurityHeader(doc);
149 
150         Document signedDoc = builder.build(doc, crypto, secHeader);
151 
152         if (LOG.isDebugEnabled()) {
153             LOG.debug("Signed message with RSA Autodetect:");
154             String outputString = 
155                 org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
156             LOG.debug(outputString);
157         }
158 
159         LOG.info("After SigningRSA_Autodetect....");
160         verify(signedDoc);
161     }
162     
163     /**
164      * Verifies the soap envelope
165      * 
166      * @param env soap envelope
167      * @throws java.lang.Exception Thrown when there is a problem in verification
168      */
169     private  List<WSSecurityEngineResult> verify(Document doc) throws Exception {
170         return secEngine.processSecurityHeader(doc, null, null, crypto);
171     }
172 }