View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import org.apache.wss4j.common.util.SOAPUtil;
23  import org.apache.wss4j.dom.WSConstants;
24  
25  import org.apache.wss4j.dom.engine.WSSConfig;
26  
27  import org.junit.jupiter.api.Test;
28  import org.apache.wss4j.common.crypto.CryptoFactory;
29  import org.apache.wss4j.common.ext.WSSecurityException;
30  import org.apache.wss4j.common.util.KeyUtils;
31  import org.w3c.dom.Document;
32  
33  import static org.junit.jupiter.api.Assertions.assertTrue;
34  import static org.junit.jupiter.api.Assertions.fail;
35  
36  import javax.crypto.KeyGenerator;
37  import javax.crypto.SecretKey;
38  
39  
40  /**
41   * This class tests for error messages that apply to certificates, e.g. when a bad
42   * "username" is used for encryption or signature. See WSS-137.
43   */
44  public class CertErrorTest {
45  
46      public CertErrorTest() {
47          WSSConfig.init();
48      }
49  
50      /**
51       * Test for when a bad certificate is used for Signature
52       */
53      @Test
54      public void testX509Signature() throws Exception {
55          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
56          WSSecHeader secHeader = new WSSecHeader(doc);
57          secHeader.insertSecurityHeader();
58  
59          WSSecSignature builder = new WSSecSignature(secHeader);
60          builder.setUserInfo("bob", "security");
61          try {
62              builder.build(CryptoFactory.getInstance());
63              fail("Expected failure on a bad username");
64          } catch (WSSecurityException ex) {
65              String expectedError = "No certificates for user \"bob\" were found for signature";
66              assertTrue(ex.getMessage().contains(expectedError));
67          }
68      }
69  
70      /**
71       * Test for when a bad certificate is used for Encryption
72       */
73      @Test
74      public void testEncryption() throws Exception {
75          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
76          WSSecHeader secHeader = new WSSecHeader(doc);
77          secHeader.insertSecurityHeader();
78  
79          WSSecEncrypt builder = new WSSecEncrypt(secHeader);
80          builder.setUserInfo("alice");
81          try {
82              KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
83              SecretKey symmetricKey = keyGen.generateKey();
84  
85              builder.build(CryptoFactory.getInstance(), symmetricKey);
86              fail("Expected failure on a bad username");
87          } catch (WSSecurityException ex) {
88              String expectedError = "No certificates for user \"alice\" were found for encryption";
89              assertTrue(ex.getMessage().contains(expectedError));
90          }
91      }
92  
93  }