1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message;
21
22 import java.io.InputStream;
23 import java.security.KeyStore;
24
25 import org.apache.wss4j.common.crypto.Crypto;
26 import org.apache.wss4j.common.crypto.CryptoFactory;
27 import org.apache.wss4j.common.crypto.Merlin;
28 import org.apache.wss4j.common.crypto.MerlinAKI;
29 import org.apache.wss4j.common.util.Loader;
30 import org.apache.wss4j.common.util.SOAPUtil;
31 import org.apache.wss4j.common.util.XMLUtils;
32 import org.apache.wss4j.dom.WSConstants;
33
34 import org.apache.wss4j.dom.engine.WSSConfig;
35 import org.apache.wss4j.dom.engine.WSSecurityEngine;
36 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
37 import org.apache.wss4j.dom.handler.WSHandlerResult;
38
39 import org.junit.jupiter.api.Test;
40 import org.w3c.dom.Document;
41
42 import static org.junit.jupiter.api.Assertions.assertNotNull;
43
44
45
46
47
48 public class SignatureAKITest {
49 private static final org.slf4j.Logger LOG =
50 org.slf4j.LoggerFactory.getLogger(SignatureAKITest.class);
51
52 private WSSecurityEngine secEngine = new WSSecurityEngine();
53
54 public SignatureAKITest() throws Exception {
55 WSSConfig.init();
56 }
57
58 @Test
59 public void testSignatureAKI() throws Exception {
60 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
61 WSSecHeader secHeader = new WSSecHeader(doc);
62 secHeader.insertSecurityHeader();
63
64 WSSecSignature builder = new WSSecSignature(secHeader);
65 builder.setUserInfo("wss40", "security");
66 builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
67 Crypto signingCrypto = CryptoFactory.getInstance("wss40.properties");
68 Document signedDoc = builder.build(signingCrypto);
69
70 if (LOG.isDebugEnabled()) {
71 String outputString =
72 XMLUtils.prettyDocumentToString(signedDoc);
73 LOG.debug(outputString);
74 }
75 Crypto caCrypto = CryptoFactory.getInstance("wss40CAAKI.properties");
76 WSHandlerResult results = verify(signedDoc, caCrypto);
77
78 WSSecurityEngineResult actionResult =
79 results.getActionResults().get(WSConstants.SIGN).get(0);
80 assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
81 assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
82 }
83
84
85 @Test
86 public void testSignatureAKIDuplicate() throws Exception {
87 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
88 WSSecHeader secHeader = new WSSecHeader(doc);
89 secHeader.insertSecurityHeader();
90
91 WSSecSignature builder = new WSSecSignature(secHeader);
92 builder.setUserInfo("wss40", "security");
93 builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
94 Crypto signingCrypto = CryptoFactory.getInstance("wss40.properties");
95 Document signedDoc = builder.build(signingCrypto);
96
97 if (LOG.isDebugEnabled()) {
98 String outputString =
99 XMLUtils.prettyDocumentToString(signedDoc);
100 LOG.debug(outputString);
101 }
102 MerlinAKI caCrypto = new MerlinAKI();
103 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
104 ClassLoader loader = Loader.getClassLoader(SignatureAKITest.class);
105 InputStream input = Merlin.loadInputStream(loader, "keys/wss40CADupl.jks");
106 keyStore.load(input, "security".toCharArray());
107 input.close();
108 caCrypto.setKeyStore(keyStore);
109
110 WSHandlerResult results = verify(signedDoc, caCrypto);
111
112 WSSecurityEngineResult actionResult =
113 results.getActionResults().get(WSConstants.SIGN).get(0);
114 assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
115 assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
116 }
117
118
119
120
121
122
123
124
125 private WSHandlerResult verify(Document doc, Crypto crypto) throws Exception {
126 return secEngine.processSecurityHeader(doc, null, null, crypto);
127 }
128
129 }