1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.misc;
21
22 import org.apache.wss4j.common.util.SOAPUtil;
23 import org.apache.wss4j.dom.engine.WSSecurityEngine;
24
25 import org.junit.jupiter.api.Test;
26 import org.apache.wss4j.common.ext.WSSecurityException;
27 import org.w3c.dom.Document;
28
29 import static org.junit.jupiter.api.Assertions.assertTrue;
30 import static org.junit.jupiter.api.Assertions.fail;
31
32
33
34
35 public class SecurityHeaderTest {
36 private static final String DUPLICATE_NULL_ACTOR_MSG =
37 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
38 + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
39 + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
40 + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
41 + "<SOAP-ENV:Header>"
42 + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
43 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
44 + "</wsse:Security>"
45 + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
46 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
47 + "</wsse:Security>"
48 + "</SOAP-ENV:Header>"
49 + "<SOAP-ENV:Body>"
50 + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
51 + "<value xmlns=\"\">15</value>" + "</add>"
52 + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
53 private static final String DUPLICATE_ACTOR_MSG =
54 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
55 + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
56 + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
57 + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
58 + "<SOAP-ENV:Header>"
59 + "<wsse:Security SOAP-ENV:actor=\"user\" SOAP-ENV:mustUnderstand=\"1\" "
60 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
61 + "</wsse:Security>"
62 + "<wsse:Security SOAP-ENV:actor=\"user\" SOAP-ENV:mustUnderstand=\"1\" "
63 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
64 + "</wsse:Security>"
65 + "</SOAP-ENV:Header>"
66 + "<SOAP-ENV:Body>"
67 + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
68 + "<value xmlns=\"\">15</value>" + "</add>"
69 + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
70 private static final String TWO_ACTOR_MSG =
71 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
72 + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
73 + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
74 + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
75 + "<SOAP-ENV:Header>"
76 + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
77 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
78 + "</wsse:Security>"
79 + "<wsse:Security SOAP-ENV:actor=\"user\" SOAP-ENV:mustUnderstand=\"1\" "
80 + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
81 + "</wsse:Security>"
82 + "</SOAP-ENV:Header>"
83 + "<SOAP-ENV:Body>"
84 + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
85 + "<value xmlns=\"\">15</value>" + "</add>"
86 + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
87
88 private WSSecurityEngine secEngine = new WSSecurityEngine();
89
90
91
92
93 @Test
94 public void testDuplicateNullActor() throws Exception {
95 Document doc = SOAPUtil.toSOAPPart(DUPLICATE_NULL_ACTOR_MSG);
96 try {
97 secEngine.processSecurityHeader(doc, null, null, null);
98 fail("Failure expected on a null actor");
99 } catch (WSSecurityException ex) {
100 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
101 }
102 }
103
104
105
106
107 @Test
108 public void testDuplicateActor() throws Exception {
109 Document doc = SOAPUtil.toSOAPPart(DUPLICATE_ACTOR_MSG);
110 try {
111 secEngine.processSecurityHeader(doc, "user", null, null);
112 fail("Failure expected on a duplicate actor");
113 } catch (WSSecurityException ex) {
114 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
115 }
116 }
117
118
119
120
121 @Test
122 public void testTwoActors() throws Exception {
123 Document doc = SOAPUtil.toSOAPPart(TWO_ACTOR_MSG);
124 secEngine.processSecurityHeader(doc, null, null, null);
125
126 secEngine.processSecurityHeader(doc, "user", null, null);
127 }
128 }