View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.ByteArrayOutputStream;
23  import java.nio.charset.StandardCharsets;
24  import java.util.ArrayList;
25  import java.util.List;
26  
27  import javax.xml.stream.XMLStreamReader;
28  import javax.xml.stream.XMLStreamWriter;
29  
30  import org.apache.wss4j.common.ext.WSSecurityException;
31  import org.apache.wss4j.stax.ext.WSSConstants;
32  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
33  import org.apache.wss4j.stax.setup.OutboundWSSec;
34  import org.apache.wss4j.stax.setup.WSSec;
35  import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
36  import org.apache.xml.security.stax.ext.XMLSecurityConstants;
37  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
38  import org.junit.jupiter.api.Test;
39  import org.w3c.dom.Document;
40  import org.w3c.dom.Element;
41  import org.w3c.dom.NodeList;
42  
43  import static org.junit.jupiter.api.Assertions.assertEquals;
44  import static org.junit.jupiter.api.Assertions.assertNotNull;
45  import static org.junit.jupiter.api.Assertions.assertTrue;
46  import static org.junit.jupiter.api.Assertions.fail;
47  
48  /**
49   * A test for 2x Signatures + 2x Encryption. This is not supported for now, but these tests are mainly to
50   * demonstrate an issue with WSS4J/Santuario hanging on the outbound side in certain scenarios.
51   */
52  public class MultipleActionTest extends AbstractTestBase {
53  
54      @Test
55      @org.junit.jupiter.api.Disabled
56      public void testTwoSignatureActions() throws Exception {
57  
58          ByteArrayOutputStream baos = new ByteArrayOutputStream();
59          {
60              WSSSecurityProperties securityProperties = new WSSSecurityProperties();
61              List<WSSConstants.Action> actions = new ArrayList<>();
62              actions.add(WSSConstants.SIGNATURE);
63              actions.add(WSSConstants.SIGNATURE);
64              securityProperties.setActions(actions);
65              securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
66              securityProperties.setSignatureUser("transmitter");
67              securityProperties.setCallbackHandler(new CallbackHandlerImpl());
68  
69              OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
70              XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
71              XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
72              XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
73              xmlStreamWriter.close();
74  
75              Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
76              NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
77              assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
78  
79              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
80              assertEquals(nodeList.getLength(), 1);
81  
82              nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
83              assertEquals(nodeList.getLength(), 1);
84              String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
85              assertNotNull(idAttrValue);
86              assertTrue(idAttrValue.length() > 0);
87  
88              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
89              assertEquals(nodeList.getLength(), 2);
90              assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
91              assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
92          }
93      }
94  
95      @Test
96      @org.junit.jupiter.api.Disabled
97      public void testTwoEncryptionActions() throws Exception {
98  
99          ByteArrayOutputStream baos = new ByteArrayOutputStream();
100         {
101             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
102             List<WSSConstants.Action> actions = new ArrayList<>();
103             actions.add(WSSConstants.ENCRYPTION);
104             actions.add(WSSConstants.ENCRYPTION);
105             securityProperties.setActions(actions);
106             securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
107             securityProperties.setEncryptionUser("transmitter");
108             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
109 
110             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
111             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
112             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
113             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
114             xmlStreamWriter.close();
115         }
116     }
117 
118     @Test
119     public void testDuplicateActions() throws Exception {
120         WSSSecurityProperties properties = new WSSSecurityProperties();
121         List<XMLSecurityConstants.Action> actions = new ArrayList<>();
122         actions.add(XMLSecurityConstants.SIGNATURE);
123         properties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
124         properties.setSignatureUser("transmitter");
125         properties.setCallbackHandler(new CallbackHandlerImpl());
126         properties.setActions(actions);
127 
128         // Should work
129         WSSec.getOutboundWSSec(properties);
130 
131         // Should throw an error on a duplicate Action
132         actions.add(XMLSecurityConstants.SIGNATURE);
133         properties.setActions(actions);
134 
135         try {
136             WSSec.getOutboundWSSec(properties);
137             fail();
138         } catch (WSSecurityException ex) {
139             assertTrue(ex.getMessage().contains("Duplicate Actions are not allowed"));
140         }
141     }
142 }