1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message;
21
22 import java.io.InputStream;
23 import java.util.ArrayList;
24 import java.util.Arrays;
25 import java.util.List;
26
27 import javax.xml.crypto.dsig.XMLSignature;
28 import javax.xml.crypto.dsig.XMLSignatureFactory;
29 import javax.xml.crypto.dsig.XMLValidateContext;
30 import javax.xml.crypto.dsig.dom.DOMValidateContext;
31 import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
32 import javax.xml.parsers.DocumentBuilder;
33 import javax.xml.parsers.DocumentBuilderFactory;
34
35 import org.apache.wss4j.common.crypto.Crypto;
36 import org.apache.wss4j.common.crypto.CryptoFactory;
37 import org.apache.wss4j.common.crypto.CryptoType;
38 import org.apache.wss4j.common.util.Loader;
39 import org.apache.wss4j.common.util.XMLUtils;
40 import org.apache.wss4j.dom.WSConstants;
41
42 import org.apache.wss4j.dom.engine.WSSConfig;
43 import org.apache.wss4j.dom.engine.WSSecurityEngine;
44 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
45 import org.apache.wss4j.dom.handler.WSHandlerResult;
46
47 import org.junit.jupiter.api.Test;
48 import org.w3c.dom.Document;
49 import org.w3c.dom.Element;
50
51 import static org.junit.jupiter.api.Assertions.assertEquals;
52 import static org.junit.jupiter.api.Assertions.assertNotNull;
53
54
55
56
57
58 public class SignaturePrefixListTest {
59 private static final org.slf4j.Logger LOG =
60 org.slf4j.LoggerFactory.getLogger(SignaturePrefixListTest.class);
61
62 private WSSecurityEngine secEngine = new WSSecurityEngine();
63 private Crypto crypto;
64
65 public SignaturePrefixListTest() throws Exception {
66 WSSConfig.init();
67 crypto = CryptoFactory.getInstance();
68 }
69
70 @Test
71 public void testDuplicatePrefixListValues() throws Exception {
72 Document doc = null;
73 try (InputStream inputStream =
74 Loader.getResource("org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml").openStream()) {
75 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
76 factory.setNamespaceAware(true);
77 DocumentBuilder builder = factory.newDocumentBuilder();
78 doc = builder.parse(inputStream);
79 }
80
81 WSSecHeader secHeader = new WSSecHeader(doc);
82 secHeader.insertSecurityHeader();
83
84 WSSecSignature builder = new WSSecSignature(secHeader);
85 builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
86 builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
87
88 Document signedDoc = builder.build(crypto);
89
90 if (LOG.isDebugEnabled()) {
91 String outputString =
92 XMLUtils.prettyDocumentToString(signedDoc);
93 LOG.debug(outputString);
94
95 }
96 WSHandlerResult results = verify(signedDoc);
97
98 WSSecurityEngineResult actionResult =
99 results.getActionResults().get(WSConstants.SIGN).get(0);
100 Element receivedSignature = (Element)actionResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
101 assertNotNull(receivedSignature);
102
103
104 CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
105 cryptoType.setAlias("16c73ab6-b892-458f-abf5-2f875f74882e");
106 XMLValidateContext context = new DOMValidateContext(crypto.getX509Certificates(cryptoType)[0].getPublicKey(), receivedSignature);
107 XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
108 XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
109
110 ExcC14NParameterSpec spec = (ExcC14NParameterSpec)xmlSignature.getSignedInfo().getCanonicalizationMethod().getParameterSpec();
111 List<String> expectedPrefixes = new ArrayList<>(Arrays.asList("S12", "ds", "eb", "ebbp", "ns5"));
112 assertEquals(expectedPrefixes, spec.getPrefixList());
113 }
114
115 private WSHandlerResult verify(Document doc) throws Exception {
116 return secEngine.processSecurityHeader(doc, null, null, crypto);
117 }
118
119 }