View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import java.io.InputStream;
23  import java.util.ArrayList;
24  import java.util.Arrays;
25  import java.util.List;
26  
27  import javax.xml.crypto.dsig.XMLSignature;
28  import javax.xml.crypto.dsig.XMLSignatureFactory;
29  import javax.xml.crypto.dsig.XMLValidateContext;
30  import javax.xml.crypto.dsig.dom.DOMValidateContext;
31  import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
32  import javax.xml.parsers.DocumentBuilder;
33  import javax.xml.parsers.DocumentBuilderFactory;
34  
35  import org.apache.wss4j.common.crypto.Crypto;
36  import org.apache.wss4j.common.crypto.CryptoFactory;
37  import org.apache.wss4j.common.crypto.CryptoType;
38  import org.apache.wss4j.common.util.Loader;
39  import org.apache.wss4j.common.util.XMLUtils;
40  import org.apache.wss4j.dom.WSConstants;
41  
42  import org.apache.wss4j.dom.engine.WSSConfig;
43  import org.apache.wss4j.dom.engine.WSSecurityEngine;
44  import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
45  import org.apache.wss4j.dom.handler.WSHandlerResult;
46  
47  import org.junit.jupiter.api.Test;
48  import org.w3c.dom.Document;
49  import org.w3c.dom.Element;
50  
51  import static org.junit.jupiter.api.Assertions.assertEquals;
52  import static org.junit.jupiter.api.Assertions.assertNotNull;
53  
54  
55  /**
56   * A test-case for WSS-626 - "Duplicates in the PrefixList".
57   */
58  public class SignaturePrefixListTest {
59      private static final org.slf4j.Logger LOG =
60          org.slf4j.LoggerFactory.getLogger(SignaturePrefixListTest.class);
61  
62      private WSSecurityEngine secEngine = new WSSecurityEngine();
63      private Crypto crypto;
64  
65      public SignaturePrefixListTest() throws Exception {
66          WSSConfig.init();
67          crypto = CryptoFactory.getInstance();
68      }
69  
70      @Test
71      public void testDuplicatePrefixListValues() throws Exception {
72          Document doc = null;
73          try (InputStream inputStream =
74              Loader.getResource("org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml").openStream()) {
75              DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
76              factory.setNamespaceAware(true);
77              DocumentBuilder builder = factory.newDocumentBuilder();
78              doc = builder.parse(inputStream);
79          }
80  
81          WSSecHeader secHeader = new WSSecHeader(doc);
82          secHeader.insertSecurityHeader();
83  
84          WSSecSignature builder = new WSSecSignature(secHeader);
85          builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
86          builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
87  
88          Document signedDoc = builder.build(crypto);
89  
90          if (LOG.isDebugEnabled()) {
91              String outputString =
92                  XMLUtils.prettyDocumentToString(signedDoc);
93              LOG.debug(outputString);
94              // System.out.println(outputString);
95          }
96          WSHandlerResult results = verify(signedDoc);
97  
98          WSSecurityEngineResult actionResult =
99              results.getActionResults().get(WSConstants.SIGN).get(0);
100         Element receivedSignature = (Element)actionResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
101         assertNotNull(receivedSignature);
102 
103         // Check PrefixList
104         CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
105         cryptoType.setAlias("16c73ab6-b892-458f-abf5-2f875f74882e");
106         XMLValidateContext context = new DOMValidateContext(crypto.getX509Certificates(cryptoType)[0].getPublicKey(), receivedSignature);
107         XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
108         XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
109 
110         ExcC14NParameterSpec spec = (ExcC14NParameterSpec)xmlSignature.getSignedInfo().getCanonicalizationMethod().getParameterSpec();
111         List<String> expectedPrefixes = new ArrayList<>(Arrays.asList("S12", "ds", "eb", "ebbp", "ns5"));
112         assertEquals(expectedPrefixes, spec.getPrefixList());
113     }
114 
115     private WSHandlerResult verify(Document doc) throws Exception {
116         return secEngine.processSecurityHeader(doc, null, null, crypto);
117     }
118 
119 }