View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import org.apache.wss4j.common.util.SOAPUtil;
23  import org.apache.wss4j.dom.WSConstants;
24  
25  import org.apache.wss4j.dom.engine.WSSConfig;
26  import org.apache.wss4j.dom.engine.WSSecurityEngine;
27  import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
28  import org.apache.wss4j.dom.handler.WSHandlerResult;
29  import org.apache.wss4j.common.crypto.Crypto;
30  import org.apache.wss4j.common.crypto.CryptoFactory;
31  import org.apache.wss4j.common.util.XMLUtils;
32  import org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE;
33  
34  import org.junit.jupiter.api.Test;
35  import org.w3c.dom.Document;
36  
37  import static org.junit.jupiter.api.Assertions.assertNotNull;
38  import static org.junit.jupiter.api.Assertions.assertTrue;
39  
40  /**
41   * WS-Security Test Case for SubjectKeyIdentifier.
42   */
43  public class SKISignatureTest {
44      private static final org.slf4j.Logger LOG =
45          org.slf4j.LoggerFactory.getLogger(SKISignatureTest.class);
46      private WSSecurityEngine secEngine = new WSSecurityEngine();
47      private Crypto crypto;
48  
49      public SKISignatureTest() throws Exception {
50          WSSConfig.init();
51          crypto = CryptoFactory.getInstance("wss40.properties");
52      }
53  
54      /**
55       * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
56       * This test uses the SubjectKeyIdentifier to identify the certificate. It
57       * uses the Direct version, that is it embeds the certificate in the message.
58       * <p/>
59       *
60       * @throws Exception Thrown when there is any problem in signing or verification
61       */
62      @Test
63      public void testX509SignatureDSA_SKI() throws Exception {
64          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
65          WSSecHeader secHeader = new WSSecHeader(doc);
66          secHeader.insertSecurityHeader();
67  
68          WSSecSignature builder = new WSSecSignature(secHeader);
69          builder.setUserInfo("wss40DSA", "security");
70          builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
71          builder.setSignatureAlgorithm(WSConstants.DSA);
72  
73          LOG.info("Before SigningDSA_SKIDirect....");
74  
75          Document signedDoc = builder.build(crypto);
76  
77          if (LOG.isDebugEnabled()) {
78              LOG.debug("Signed message with DSA_SKI key identifier:");
79              String outputString =
80                  XMLUtils.prettyDocumentToString(signedDoc);
81              LOG.debug(outputString);
82          }
83  
84          LOG.info("After SigningDSA_SKIDirect....");
85  
86          WSHandlerResult results = verify(signedDoc);
87  
88          WSSecurityEngineResult actionResult =
89              results.getActionResults().get(WSConstants.SIGN).get(0);
90          assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
91          assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
92          REFERENCE_TYPE referenceType =
93              (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
94          assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
95      }
96  
97      /**
98       * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
99       * This test uses the SubjectKeyIdentifier to identify the certificate.
100      * It gets a certificate with a DSA public key algo to sign, WSSignEnvelope shall
101      * detect the algo and set the signature algo accordingly.
102      * <p/>
103      *
104      * @throws Exception Thrown when there is any problem in signing or verification
105      */
106     @Test
107     public void testX509SignatureDSA_Autodetect() throws Exception {
108         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
109         WSSecHeader secHeader = new WSSecHeader(doc);
110         secHeader.insertSecurityHeader();
111 
112         WSSecSignature builder = new WSSecSignature(secHeader);
113         builder.setUserInfo("wss40DSA", "security");
114         builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
115 
116         LOG.info("Before SigningDSA_Autodetect....");
117 
118         Document signedDoc = builder.build(crypto);
119 
120         if (LOG.isDebugEnabled()) {
121             LOG.debug("Signed message with DSA_Autodetect:");
122             String outputString =
123                 XMLUtils.prettyDocumentToString(signedDoc);
124             LOG.debug(outputString);
125         }
126 
127         LOG.info("After SigningDSA_Autodetect....");
128         verify(signedDoc);
129     }
130 
131     /**
132      * Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
133      * This test uses the SubjectKeyIdentifier to identify the certificate.
134      * It gets a certificate with a RSA public key algo to sign, WSSignEnvelope shall
135      * detect the algo and set the signature algo accordingly.
136      * <p/>
137      *
138      * @throws Exception Thrown when there is any problem in signing or verification
139      */
140     @Test
141     public void testX509SignatureRSA_Autodetect() throws Exception {
142         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
143         WSSecHeader secHeader = new WSSecHeader(doc);
144         secHeader.insertSecurityHeader();
145 
146         WSSecSignature builder = new WSSecSignature(secHeader);
147         builder.setUserInfo("wss40", "security");
148         builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
149 
150         LOG.info("Before SigningRSA_Autodetect....");
151 
152         Document signedDoc = builder.build(crypto);
153 
154         if (LOG.isDebugEnabled()) {
155             LOG.debug("Signed message with RSA Autodetect:");
156             String outputString =
157                 XMLUtils.prettyDocumentToString(signedDoc);
158             LOG.debug(outputString);
159         }
160 
161         LOG.info("After SigningRSA_Autodetect....");
162         verify(signedDoc);
163     }
164 
165     /**
166      * Verifies the soap envelope
167      *
168      * @param doc soap document
169      * @throws Exception Thrown when there is a problem in verification
170      */
171     private WSHandlerResult verify(Document doc) throws Exception {
172         return secEngine.processSecurityHeader(doc, null, null, crypto);
173     }
174 }