1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message;
21
22 import java.security.cert.X509Certificate;
23
24 import org.apache.wss4j.common.util.SOAPUtil;
25 import org.apache.wss4j.dom.WSConstants;
26
27 import org.apache.wss4j.dom.engine.WSSConfig;
28 import org.apache.wss4j.dom.engine.WSSecurityEngine;
29 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
30 import org.apache.wss4j.common.crypto.Crypto;
31 import org.apache.wss4j.common.crypto.CryptoFactory;
32 import org.apache.wss4j.common.ext.WSSecurityException;
33 import org.apache.wss4j.common.util.XMLUtils;
34 import org.apache.wss4j.dom.handler.RequestData;
35 import org.apache.wss4j.dom.handler.WSHandlerResult;
36 import org.apache.wss4j.dom.util.WSSecurityUtil;
37
38 import org.junit.jupiter.api.Test;
39 import org.w3c.dom.Document;
40 import org.w3c.dom.Element;
41
42 import static org.junit.jupiter.api.Assertions.assertNotNull;
43 import static org.junit.jupiter.api.Assertions.assertTrue;
44 import static org.junit.jupiter.api.Assertions.fail;
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72 public class SignatureCRLTest {
73 private static final org.slf4j.Logger LOG =
74 org.slf4j.LoggerFactory.getLogger(SignatureCRLTest.class);
75 private Crypto crypto;
76 private Crypto cryptoCA;
77
78 public SignatureCRLTest() throws Exception {
79 WSSConfig.init();
80 crypto = CryptoFactory.getInstance("wss40rev.properties");
81 cryptoCA = CryptoFactory.getInstance("wss40CA.properties");
82 }
83
84
85
86
87
88
89 @Test
90 @org.junit.jupiter.api.Disabled
91 public void testSignatureDirectReference() throws Exception {
92 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
93 WSSecHeader secHeader = new WSSecHeader(doc);
94 secHeader.insertSecurityHeader();
95
96 WSSecSignature sign = new WSSecSignature(secHeader);
97 sign.setUserInfo("wss40rev", "security");
98 sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
99
100 Document signedDoc = sign.build(crypto);
101
102 if (LOG.isDebugEnabled()) {
103 String outputString =
104 XMLUtils.prettyDocumentToString(signedDoc);
105 LOG.debug(outputString);
106 }
107
108
109
110 WSHandlerResult results = verify(signedDoc, cryptoCA, false);
111 WSSecurityEngineResult result =
112 results.getActionResults().get(WSConstants.SIGN).get(0);
113 X509Certificate cert =
114 (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
115 assertNotNull(cert);
116 }
117
118
119
120
121
122
123 @Test
124 @org.junit.jupiter.api.Disabled
125 public void testSignatureDirectReferenceRevocation() throws Exception {
126 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
127 WSSecHeader secHeader = new WSSecHeader(doc);
128 secHeader.insertSecurityHeader();
129
130 WSSecSignature sign = new WSSecSignature(secHeader);
131 sign.setUserInfo("wss40rev", "security");
132 sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
133
134 Document signedDoc = sign.build(crypto);
135
136 if (LOG.isDebugEnabled()) {
137 String outputString =
138 XMLUtils.prettyDocumentToString(signedDoc);
139 LOG.debug(outputString);
140 }
141
142
143
144 try {
145 verify(signedDoc, cryptoCA, true);
146 fail ("Failure expected on a revoked certificate");
147 } catch (WSSecurityException ex) {
148 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
149 }
150 }
151
152
153
154
155
156
157
158
159
160
161 @Test
162 @org.junit.jupiter.api.Disabled
163 public void testSignatureDirectReferenceRevocationKeyStore() throws Exception {
164 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
165 WSSecHeader secHeader = new WSSecHeader(doc);
166 secHeader.insertSecurityHeader();
167
168 WSSecSignature sign = new WSSecSignature(secHeader);
169 sign.setUserInfo("wss40rev", "security");
170 sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
171
172 Document signedDoc = sign.build(crypto);
173
174 if (LOG.isDebugEnabled()) {
175 String outputString =
176 XMLUtils.prettyDocumentToString(signedDoc);
177 LOG.debug(outputString);
178 }
179
180
181
182 try {
183 verify(signedDoc, crypto, true);
184 fail ("Failure expected on a revoked certificate");
185 } catch (WSSecurityException ex) {
186 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
187 }
188 }
189
190
191
192
193
194
195
196
197 private WSHandlerResult verify(Document doc, Crypto crypto, boolean revocationEnabled) throws Exception {
198 WSSecurityEngine secEngine = new WSSecurityEngine();
199 RequestData reqData = new RequestData();
200 reqData.setSigVerCrypto(crypto);
201 reqData.setEnableRevocation(revocationEnabled);
202 Element securityHeader = WSSecurityUtil.getSecurityHeader(doc, null);
203 WSHandlerResult results =
204 secEngine.processSecurityHeader(securityHeader, reqData);
205 if (LOG.isDebugEnabled()) {
206 LOG.debug("Verfied and decrypted message:");
207 String outputString =
208 XMLUtils.prettyDocumentToString(doc);
209 LOG.debug(outputString);
210 }
211 return results;
212 }
213
214
215 }