1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.nio.charset.StandardCharsets;
24 import java.util.ArrayList;
25 import java.util.List;
26
27 import javax.xml.stream.XMLStreamReader;
28 import javax.xml.stream.XMLStreamWriter;
29
30 import org.apache.wss4j.common.ext.WSSecurityException;
31 import org.apache.wss4j.stax.ext.WSSConstants;
32 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
33 import org.apache.wss4j.stax.setup.OutboundWSSec;
34 import org.apache.wss4j.stax.setup.WSSec;
35 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
36 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
37 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
38 import org.junit.jupiter.api.Test;
39 import org.w3c.dom.Document;
40 import org.w3c.dom.Element;
41 import org.w3c.dom.NodeList;
42
43 import static org.junit.jupiter.api.Assertions.assertEquals;
44 import static org.junit.jupiter.api.Assertions.assertNotNull;
45 import static org.junit.jupiter.api.Assertions.assertTrue;
46 import static org.junit.jupiter.api.Assertions.fail;
47
48
49
50
51
52 public class MultipleActionTest extends AbstractTestBase {
53
54 @Test
55 @org.junit.jupiter.api.Disabled
56 public void testTwoSignatureActions() throws Exception {
57
58 ByteArrayOutputStream baos = new ByteArrayOutputStream();
59 {
60 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
61 List<WSSConstants.Action> actions = new ArrayList<>();
62 actions.add(WSSConstants.SIGNATURE);
63 actions.add(WSSConstants.SIGNATURE);
64 securityProperties.setActions(actions);
65 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
66 securityProperties.setSignatureUser("transmitter");
67 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
68
69 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
70 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
71 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
72 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
73 xmlStreamWriter.close();
74
75 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
76 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
77 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
78
79 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
80 assertEquals(nodeList.getLength(), 1);
81
82 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
83 assertEquals(nodeList.getLength(), 1);
84 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
85 assertNotNull(idAttrValue);
86 assertTrue(idAttrValue.length() > 0);
87
88 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
89 assertEquals(nodeList.getLength(), 2);
90 assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
91 assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
92 }
93 }
94
95 @Test
96 @org.junit.jupiter.api.Disabled
97 public void testTwoEncryptionActions() throws Exception {
98
99 ByteArrayOutputStream baos = new ByteArrayOutputStream();
100 {
101 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
102 List<WSSConstants.Action> actions = new ArrayList<>();
103 actions.add(WSSConstants.ENCRYPTION);
104 actions.add(WSSConstants.ENCRYPTION);
105 securityProperties.setActions(actions);
106 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
107 securityProperties.setEncryptionUser("transmitter");
108 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
109
110 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
111 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
112 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
113 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
114 xmlStreamWriter.close();
115 }
116 }
117
118 @Test
119 public void testDuplicateActions() throws Exception {
120 WSSSecurityProperties properties = new WSSSecurityProperties();
121 List<XMLSecurityConstants.Action> actions = new ArrayList<>();
122 actions.add(XMLSecurityConstants.SIGNATURE);
123 properties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
124 properties.setSignatureUser("transmitter");
125 properties.setCallbackHandler(new CallbackHandlerImpl());
126 properties.setActions(actions);
127
128
129 WSSec.getOutboundWSSec(properties);
130
131
132 actions.add(XMLSecurityConstants.SIGNATURE);
133 properties.setActions(actions);
134
135 try {
136 WSSec.getOutboundWSSec(properties);
137 fail();
138 } catch (WSSecurityException ex) {
139 assertTrue(ex.getMessage().contains("Duplicate Actions are not allowed"));
140 }
141 }
142 }