1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.message.token;
21  
22  import org.apache.ws.security.WSConstants;
23  import org.apache.ws.security.WSSecurityException;
24  import org.apache.ws.security.common.SOAPUtil;
25  import org.apache.ws.security.util.DOM2Writer;
26  import org.w3c.dom.Document;
27  import org.w3c.dom.Element;
28  
29  /**
30   * Some tests for the SecurityTokenReference class.
31   */
32  public class SecurityTokenReferenceTest extends org.junit.Assert {
33      private static final org.apache.commons.logging.Log LOG = 
34          org.apache.commons.logging.LogFactory.getLog(SecurityTokenReferenceTest.class);
35      
36      /**
37       * Test for a Reference with no URI
38       */
39      @org.junit.Test
40      public void testReferenceNoURI() throws Exception {
41          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
42          
43          // Create the STR
44          SecurityTokenReference str = new SecurityTokenReference(doc);
45          str.addWSSENamespace();
46          Reference ref = new Reference(doc);
47          ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
48          ref.setURI(null);
49          str.setReference(ref);
50          
51          if (LOG.isDebugEnabled()) {
52              LOG.debug(str.toString());
53          }
54          
55          // Process the STR
56          Element strElement = str.getElement();
57          try {
58              new SecurityTokenReference(strElement);
59              fail("Failure expected on a reference with no URI");
60          } catch (WSSecurityException ex) {
61              assertTrue(ex.getMessage().contains("Reference URI is null"));
62          }
63      }
64  
65      /**
66       * Test for a SecurityTokenReference having multiple data references
67       */
68      @org.junit.Test
69      public void testMultipleChildren() throws Exception {
70          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
71          
72          // Create the STR
73          SecurityTokenReference str = new SecurityTokenReference(doc);
74          str.addWSSENamespace();
75          str.setKeyIdentifierEncKeySHA1("123456");
76          Element strElement = str.getElement();
77          
78          Reference ref = new Reference(doc);
79          ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
80          ref.setURI("#123");
81          strElement.appendChild(ref.getElement());
82          
83          if (LOG.isDebugEnabled()) {
84              LOG.debug(str.toString());
85          }
86          
87          // Process the STR
88          try {
89              new SecurityTokenReference(strElement);
90              fail("Failure expected on multiple data references");
91          } catch (WSSecurityException ex) {
92              assertTrue(ex.getMessage().contains("Cannot handle multiple data references"));
93          }
94          
95          new SecurityTokenReference(strElement, false);
96      }
97      
98      /**
99       * Test for a SecurityTokenReference having a Key Identifier with no ValueType
100      */
101     @org.junit.Test
102     public void testKeyIdentifierNoValueType() throws Exception {
103         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
104         
105         // Create the STR
106         SecurityTokenReference str = new SecurityTokenReference(doc);
107         str.addWSSENamespace();
108         str.setKeyIdentifier((String)null, "#123");
109         Element strElement = str.getElement();
110 
111         if (LOG.isDebugEnabled()) {
112             LOG.debug(str.toString());
113         }
114         
115         // Process the STR
116         try {
117             new SecurityTokenReference(strElement);
118             fail("Failure expected on a Key Identifier with no ValueType");
119         } catch (WSSecurityException ex) {
120             assertTrue(ex.getMessage().contains("Bad ValueType"));
121         }
122         
123         new SecurityTokenReference(strElement, false);
124     }
125     
126     /**
127      * Test for a SecurityTokenReference having a Key Identifier with a bad EncodingType
128      */
129     @org.junit.Test
130     public void testKeyIdentifierBadEncodingType() throws Exception {
131         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
132         
133         // Create the STR
134         SecurityTokenReference str = new SecurityTokenReference(doc);
135         str.addWSSENamespace();
136         Element strElement = str.getElement();
137         
138         Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
139         keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
140         keyId.setAttributeNS(null, "EncodingType", "http://bad_encoding");
141         keyId.appendChild(doc.createTextNode("#123"));
142         strElement.appendChild(keyId);
143         
144         if (LOG.isDebugEnabled()) {
145             LOG.debug(str.toString());
146         }
147         
148         // Process the STR
149         try {
150             new SecurityTokenReference(strElement);
151             fail("Failure expected on a Key Identifier with a Bad EncodingType");
152         } catch (WSSecurityException ex) {
153             assertTrue(ex.getMessage().contains("bad EncodingType"));
154         }
155         
156         new SecurityTokenReference(strElement, false);
157     }
158     
159     
160     /**
161      * Test for a SecurityTokenReference having a Key Identifier with no EncodingType
162      */
163     @org.junit.Test
164     public void testKeyIdentifierNoEncodingType() throws Exception {
165         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
166         
167         // Create the STR
168         SecurityTokenReference str = new SecurityTokenReference(doc);
169         str.addWSSENamespace();
170         Element strElement = str.getElement();
171         
172         Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
173         keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
174         keyId.appendChild(doc.createTextNode("#123"));
175         strElement.appendChild(keyId);
176         
177         if (LOG.isDebugEnabled()) {
178             LOG.debug(str.toString());
179         }
180         
181         // Process the STR
182         try {
183             new SecurityTokenReference(strElement);
184             fail("Failure expected on a Key Identifier with no EncodingType");
185         } catch (WSSecurityException ex) {
186             assertTrue(ex.getMessage().contains("No EncodingType"));
187         }
188         
189         new SecurityTokenReference(strElement, false);
190     }
191     
192     /**
193      * Test for a SecurityTokenReference having a Key Identifier with no EncodingType, but
194      * it should pass as the ValueType is for a SAML Assertion.
195      */
196     @org.junit.Test
197     public void testKeyIdentifierSAMLNoEncodingType() throws Exception {
198         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
199         
200         // Create the STR
201         SecurityTokenReference str = new SecurityTokenReference(doc);
202         str.addWSSENamespace();
203         Element strElement = str.getElement();
204         
205         Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
206         keyId.setAttributeNS(null, "ValueType", WSConstants.WSS_SAML_KI_VALUE_TYPE);
207         keyId.appendChild(doc.createTextNode("#123"));
208         strElement.appendChild(keyId);
209         
210         if (LOG.isDebugEnabled()) {
211             LOG.debug(str.toString());
212         }
213         
214         // Process the STR
215         new SecurityTokenReference(strElement);
216     }
217     
218     /**
219      * Test for a SecurityTokenReference having an Embedded Child, which in turn has a 
220      * SecurityTokenReference child.
221      */
222     @org.junit.Test
223     public void testEmbeddedSTRChild() throws Exception {
224         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
225         
226         // Create the STR
227         SecurityTokenReference str = new SecurityTokenReference(doc);
228         str.addWSSENamespace();
229         Element strElement = str.getElement();
230         
231         Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
232         str = new SecurityTokenReference(doc);
233         str.addWSSENamespace();
234         embedded.appendChild(str.getElement());
235         
236         strElement.appendChild(embedded);
237         
238         if (LOG.isDebugEnabled()) {
239             LOG.debug(DOM2Writer.nodeToString(strElement));
240         }
241         
242         // Process the STR
243         try {
244             new SecurityTokenReference(strElement);
245             fail("Failure expected on an Embedded Child with a SecurityTokenReference child");
246         } catch (WSSecurityException ex) {
247             assertTrue(ex.getMessage().contains("embedded Reference is invalid"));
248         }
249         
250         new SecurityTokenReference(strElement, false);
251     }
252     
253     /**
254      * Test for a SecurityTokenReference having an Embedded Child, which has multiple
255      * children.
256      */
257     @org.junit.Test
258     public void testMultipleEmbeddedChildren() throws Exception {
259         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
260         
261         // Create the STR
262         SecurityTokenReference str = new SecurityTokenReference(doc);
263         str.addWSSENamespace();
264         Element strElement = str.getElement();
265         
266         Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
267         Element embedded1 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
268         Element embedded2 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
269         embedded.appendChild(embedded1);
270         embedded.appendChild(embedded2);
271         
272         strElement.appendChild(embedded);
273         
274         if (LOG.isDebugEnabled()) {
275             LOG.debug(DOM2Writer.nodeToString(strElement));
276         }
277         
278         // Process the STR
279         try {
280             new SecurityTokenReference(strElement);
281             fail("Failure expected on an Embedded Child with multiple children");
282         } catch (WSSecurityException ex) {
283             assertTrue(ex.getMessage().contains("embedded Reference is invalid"));
284         }
285         
286         new SecurityTokenReference(strElement, false);
287     }
288     
289 }