View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.handler;
21  
22  import java.io.IOException;
23  import java.util.ArrayList;
24  import java.util.List;
25  
26  import javax.security.auth.callback.Callback;
27  import javax.security.auth.callback.CallbackHandler;
28  import javax.security.auth.callback.UnsupportedCallbackException;
29  
30  import org.apache.wss4j.common.util.SOAPUtil;
31  import org.apache.wss4j.dom.WSConstants;
32  import org.apache.wss4j.dom.common.CustomHandler;
33  
34  import org.apache.wss4j.dom.engine.WSSConfig;
35  import org.apache.wss4j.dom.engine.WSSecurityEngine;
36  
37  import org.junit.jupiter.api.Test;
38  import org.apache.wss4j.common.crypto.CryptoFactory;
39  import org.apache.wss4j.common.ext.WSPasswordCallback;
40  import org.apache.wss4j.common.util.XMLUtils;
41  import org.w3c.dom.Document;
42  
43  
44  /**
45   * This is a test for WSS-194 - "Support overriding KeyStore alias for signature so that it can
46   * be different than user name used for UsernameToken".
47   */
48  public class SignatureUTAliasTest implements CallbackHandler {
49      private static final org.slf4j.Logger LOG =
50          org.slf4j.LoggerFactory.getLogger(SignatureUTAliasTest.class);
51      private WSSecurityEngine secEngine = new WSSecurityEngine();
52  
53      /**
54       * Test involving adding a Username Token to a SOAP message and signing it, where the
55       * private key for signature is extracted from the KeyStore using a different username/alias
56       * to the UsernameToken.
57       */
58      @Test
59      public void
60      testUsernameTokenSignatureHandler() throws Exception {
61          final WSSConfig cfg = WSSConfig.getNewInstance();
62          final RequestData reqData = new RequestData();
63          reqData.setWssConfig(cfg);
64          reqData.setUsername("alice");
65          reqData.setPwType(WSConstants.PASSWORD_TEXT);
66          java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
67          messageContext.put(
68              WSHandlerConstants.PW_CALLBACK_REF,
69              this
70          );
71          messageContext.put(WSHandlerConstants.SIGNATURE_USER, "wss40");
72          messageContext.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
73          messageContext.put(
74              WSHandlerConstants.SIGNATURE_PARTS,
75              "{}{" + WSConstants.WSSE_NS + "}" + "UsernameToken"
76          );
77          messageContext.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
78          reqData.setMsgContext(messageContext);
79  
80          final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
81          CustomHandler handler = new CustomHandler();
82          List<HandlerAction> actions = new ArrayList<>();
83          actions.add(new HandlerAction(WSConstants.UT));
84          actions.add(new HandlerAction(WSConstants.SIGN));
85          handler.send(
86              doc,
87              reqData,
88              actions,
89              true
90          );
91  
92          if (LOG.isDebugEnabled()) {
93              LOG.debug("After Signing....");
94              String outputString =
95                  XMLUtils.prettyDocumentToString(doc);
96              LOG.debug(outputString);
97          }
98  
99          verify(doc);
100 
101     }
102 
103 
104     /**
105      * Verifies the soap envelope
106      * <p/>
107      *
108      * @param doc
109      * @throws Exception Thrown when there is a problem in verification
110      */
111     private WSHandlerResult verify(Document doc) throws Exception {
112         WSHandlerResult results =
113             secEngine.processSecurityHeader(
114                 doc, null, this, CryptoFactory.getInstance("wss40CA.properties")
115             );
116         if (LOG.isDebugEnabled()) {
117             LOG.debug("Verfied and decrypted message:");
118             String outputString =
119                 XMLUtils.prettyDocumentToString(doc);
120             LOG.debug(outputString);
121         }
122         return results;
123     }
124 
125 
126     public void handle(Callback[] callbacks)
127         throws IOException, UnsupportedCallbackException {
128         for (Callback callback : callbacks) {
129             if (callback instanceof WSPasswordCallback) {
130                 WSPasswordCallback pc = (WSPasswordCallback) callback;
131                 if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
132                         && "alice".equals(pc.getIdentifier())) {
133                     pc.setPassword("verySecret");
134                 } else if (pc.getUsage() == WSPasswordCallback.SIGNATURE
135                         && "wss40".equals(pc.getIdentifier())) {
136                     pc.setPassword("security");
137                 } else {
138                     throw new IOException("Authentication failed");
139                 }
140             } else {
141                 throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
142             }
143         }
144     }
145 
146 
147 }