View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.util.HashMap;
22  import java.util.Map;
23  
24  import org.apache.wss4j.common.ConfigurationConstants;
25  import org.apache.wss4j.stax.ext.WSSConstants;
26  import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
27  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
28  import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
29  import org.apache.wss4j.stax.setup.ConfigurationConverter;
30  import org.apache.wss4j.stax.setup.WSSec;
31  import org.apache.wss4j.stax.test.saml.SAMLCallbackHandlerImpl;
32  import org.junit.jupiter.api.Test;
33  
34  import static org.junit.jupiter.api.Assertions.assertEquals;
35  import static org.junit.jupiter.api.Assertions.assertFalse;
36  import static org.junit.jupiter.api.Assertions.assertNotNull;
37  import static org.junit.jupiter.api.Assertions.assertTrue;
38  
39  /**
40   * Some tests for the ConfigurationConverter utility
41   */
42  public class ConfigurationConverterTest extends AbstractTestBase {
43  
44      @Test
45      public void testUsernameTokenConfiguration() throws Exception {
46          Map<String, Object> config = new HashMap<>();
47          config.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN);
48          config.put(ConfigurationConstants.USER, "testuser");
49          config.put(ConfigurationConstants.PW_CALLBACK_CLASS, "org.apache.wss4j.stax.test.CallbackHandlerImpl");
50          config.put(ConfigurationConstants.PASSWORD_TYPE, "PasswordText");
51          config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
52          config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "false");
53  
54          WSSSecurityProperties properties = ConfigurationConverter.convert(config);
55          assertEquals(properties.getTokenUser(), "testuser");
56          assertEquals(properties.getActions().size(), 1);
57          assertEquals(properties.getActions().get(0), WSSConstants.USERNAMETOKEN);
58          assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
59          assertEquals(properties.getUsernameTokenPasswordType(),
60                              UsernameTokenPasswordType.PASSWORD_TEXT);
61          assertTrue(properties.isAddUsernameTokenNonce());
62          assertFalse(properties.isAddUsernameTokenCreated());
63  
64          WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
65      }
66  
67      @Test
68      public void testOutboundSignatureConfiguration() throws Exception {
69          Map<String, Object> config = new HashMap<>();
70          config.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
71          config.put(ConfigurationConstants.USER, "transmitter");
72          config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
73          String sigAlgo = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
74          config.put(ConfigurationConstants.SIG_ALGO, sigAlgo);
75          config.put(ConfigurationConstants.SIG_KEY_ID, "Thumbprint");
76          config.put(ConfigurationConstants.ADD_INCLUSIVE_PREFIXES, "false");
77          config.put(ConfigurationConstants.SIG_PROP_FILE, "transmitter-crypto.properties");
78          config.put(ConfigurationConstants.SIGNATURE_PARTS,
79                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
80  
81          WSSSecurityProperties properties = ConfigurationConverter.convert(config);
82  
83          assertEquals(properties.getSignatureUser(), "transmitter");
84          assertEquals(properties.getActions().size(), 1);
85          assertEquals(properties.getActions().get(0), WSSConstants.SIGNATURE);
86          assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
87          assertEquals(properties.getSignatureAlgorithm(), sigAlgo);
88          assertEquals(properties.getSignatureKeyIdentifiers().size(), 1);
89          assertEquals(properties.getSignatureKeyIdentifiers().get(0),
90                              WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
91          assertFalse(properties.isAddExcC14NInclusivePrefixes());
92          assertNotNull(properties.getSignatureCrypto());
93          assertNotNull(properties.getSignatureSecureParts());
94          assertEquals(properties.getSignatureSecureParts().size(), 1);
95          assertEquals(properties.getSignatureSecureParts().get(0).getName().getLocalPart(),
96                              "Body");
97          assertEquals(properties.getSignatureSecureParts().get(0).getName().getNamespaceURI(),
98                              "http://schemas.xmlsoap.org/soap/envelope/");
99  
100         WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
101     }
102 
103     @Test
104     public void testInboundSignatureConfiguration() throws Exception {
105         Map<String, Object> config = new HashMap<>();
106         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
107         config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
108         config.put(ConfigurationConstants.ADD_INCLUSIVE_PREFIXES, "false");
109         config.put(ConfigurationConstants.SIG_VER_PROP_FILE, "transmitter-crypto.properties");
110         config.put(ConfigurationConstants.IS_BSP_COMPLIANT, "false");
111         config.put(ConfigurationConstants.ENABLE_REVOCATION, "true");
112 
113         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
114 
115         assertEquals(properties.getActions().size(), 1);
116         assertEquals(properties.getActions().get(0), WSSConstants.SIGNATURE);
117         assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
118         assertTrue(properties.isDisableBSPEnforcement());
119         assertTrue(properties.isEnableRevocation());
120         assertNotNull(properties.getSignatureVerificationCrypto());
121 
122         WSSec.validateAndApplyDefaultsToInboundSecurityProperties(properties);
123     }
124 
125     @Test
126     public void testOutboundEncryptionConfiguration() throws Exception {
127         Map<String, Object> config = new HashMap<>();
128         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
129         config.put(ConfigurationConstants.USER, "transmitter");
130         config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
131         config.put(ConfigurationConstants.ENC_KEY_TRANSPORT, WSSConstants.NS_XENC_RSA15);
132         config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
133         config.put(ConfigurationConstants.ENC_PROP_FILE, "receiver-crypto.properties");
134         config.put(ConfigurationConstants.ENCRYPTION_PARTS,
135                    "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
136 
137         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
138 
139         assertEquals(properties.getEncryptionUser(), "transmitter");
140         assertEquals(properties.getActions().size(), 1);
141         assertEquals(properties.getActions().get(0), WSSConstants.ENCRYPTION);
142         assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
143         assertEquals(properties.getEncryptionKeyTransportAlgorithm(),
144                             WSSConstants.NS_XENC_RSA15);
145         assertEquals(properties.getEncryptionKeyIdentifier(),
146                             WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
147         assertNotNull(properties.getEncryptionCrypto());
148         assertNotNull(properties.getEncryptionSecureParts());
149         assertEquals(properties.getEncryptionSecureParts().size(), 1);
150         assertEquals(properties.getEncryptionSecureParts().get(0).getName().getLocalPart(),
151                             "Body");
152         assertEquals(properties.getEncryptionSecureParts().get(0).getName().getNamespaceURI(),
153                             "http://schemas.xmlsoap.org/soap/envelope/");
154 
155         WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
156     }
157 
158     @Test
159     public void testOutboundEncryptionConfigurationOldConfigTag() throws Exception {
160         Map<String, Object> config = new HashMap<>();
161         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPT);
162         config.put(ConfigurationConstants.USER, "transmitter");
163         config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
164         config.put(ConfigurationConstants.ENC_KEY_TRANSPORT, WSSConstants.NS_XENC_RSA15);
165         config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
166         config.put(ConfigurationConstants.ENC_PROP_FILE, "receiver-crypto.properties");
167         config.put(ConfigurationConstants.ENCRYPTION_PARTS,
168                 "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
169 
170         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
171 
172         assertEquals(properties.getEncryptionUser(), "transmitter");
173         assertEquals(properties.getActions().size(), 1);
174         assertEquals(properties.getActions().get(0), WSSConstants.ENCRYPTION);
175         assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
176         assertEquals(properties.getEncryptionKeyTransportAlgorithm(),
177                 WSSConstants.NS_XENC_RSA15);
178         assertEquals(properties.getEncryptionKeyIdentifier(),
179                 WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
180         assertNotNull(properties.getEncryptionCrypto());
181         assertNotNull(properties.getEncryptionSecureParts());
182         assertEquals(properties.getEncryptionSecureParts().size(), 1);
183         assertEquals(properties.getEncryptionSecureParts().get(0).getName().getLocalPart(),
184                 "Body");
185         assertEquals(properties.getEncryptionSecureParts().get(0).getName().getNamespaceURI(),
186                 "http://schemas.xmlsoap.org/soap/envelope/");
187 
188         WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
189     }
190 
191     @Test
192     public void testInboundEncryptionConfiguration() throws Exception {
193         Map<String, Object> config = new HashMap<>();
194         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
195         config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
196         config.put(ConfigurationConstants.DEC_PROP_FILE, "receiver-crypto.properties");
197         config.put(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "true");
198 
199         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
200 
201         assertEquals(properties.getActions().size(), 1);
202         assertEquals(properties.getActions().get(0), WSSConstants.ENCRYPTION);
203         assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
204         assertNotNull(properties.getDecryptionCrypto());
205 
206         WSSec.validateAndApplyDefaultsToInboundSecurityProperties(properties);
207     }
208 
209     @Test
210     public void testInboundEncryptionConfigurationOldConfigTag() throws Exception {
211         Map<String, Object> config = new HashMap<>();
212         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPT);
213         config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
214         config.put(ConfigurationConstants.DEC_PROP_FILE, "receiver-crypto.properties");
215         config.put(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "true");
216 
217         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
218 
219         assertEquals(properties.getActions().size(), 1);
220         assertEquals(properties.getActions().get(0), WSSConstants.ENCRYPTION);
221         assertTrue(properties.getCallbackHandler() instanceof CallbackHandlerImpl);
222         assertNotNull(properties.getDecryptionCrypto());
223 
224         WSSec.validateAndApplyDefaultsToInboundSecurityProperties(properties);
225     }
226 
227     @Test
228     public void testSAMLConfiguration() throws Exception {
229         Map<String, Object> config = new HashMap<>();
230         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
231         config.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAMLCallbackHandlerImpl());
232 
233         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
234         assertEquals(properties.getActions().size(), 1);
235         assertEquals(properties.getActions().get(0), WSSConstants.SAML_TOKEN_UNSIGNED);
236         assertTrue(properties.getSamlCallbackHandler() instanceof SAMLCallbackHandlerImpl);
237 
238         WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
239     }
240 
241     @Test
242     public void testTimestampConfiguration() throws Exception {
243         // Outbound
244         Map<String, Object> config = new HashMap<>();
245         config.put(ConfigurationConstants.ACTION, ConfigurationConstants.TIMESTAMP);
246         config.put(ConfigurationConstants.TTL_TIMESTAMP, "180");
247 
248         WSSSecurityProperties properties = ConfigurationConverter.convert(config);
249         assertEquals(properties.getActions().size(), 1);
250         assertEquals(properties.getActions().get(0), WSSConstants.TIMESTAMP);
251         assertEquals(properties.getTimestampTTL(), Integer.valueOf(180));
252 
253         WSSec.validateAndApplyDefaultsToOutboundSecurityProperties(properties);
254 
255         // Inbound
256         config.put(ConfigurationConstants.TTL_FUTURE_TIMESTAMP, "120");
257         config.put(ConfigurationConstants.TIMESTAMP_STRICT, "false");
258 
259         properties = ConfigurationConverter.convert(config);
260         assertEquals(properties.getTimeStampFutureTTL(), Integer.valueOf(120));
261         assertFalse(properties.isStrictTimestampCheck());
262 
263         WSSec.validateAndApplyDefaultsToInboundSecurityProperties(properties);
264     }
265 
266 }