1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.util.Enumeration;
26 import java.util.Map;
27 import java.util.Properties;
28
29 import javax.xml.stream.XMLStreamReader;
30 import javax.xml.transform.TransformerException;
31 import javax.xml.transform.dom.DOMSource;
32 import javax.xml.transform.stream.StreamResult;
33
34 import org.apache.wss4j.common.ext.WSSecurityException;
35 import org.apache.wss4j.dom.handler.RequestData;
36 import org.apache.wss4j.dom.handler.WSHandlerConstants;
37 import org.apache.wss4j.stax.ext.WSSConstants;
38 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
39 import org.apache.wss4j.stax.setup.InboundWSSec;
40 import org.apache.wss4j.stax.setup.WSSec;
41 import org.apache.wss4j.stax.test.utils.StAX2DOM;
42 import org.junit.jupiter.api.Test;
43 import org.w3c.dom.Document;
44 import org.w3c.dom.NodeList;
45
46 import static org.junit.jupiter.api.Assertions.assertEquals;
47 import static org.junit.jupiter.api.Assertions.assertNotNull;
48 import static org.junit.jupiter.api.Assertions.assertTrue;
49 import static org.junit.jupiter.api.Assertions.fail;
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78 public class SignatureCRLTest extends AbstractTestBase {
79
80
81
82
83
84
85 @Test
86 @org.junit.jupiter.api.Disabled
87 public void testSignatureDirectReference() throws Exception {
88 ByteArrayOutputStream baos = new ByteArrayOutputStream();
89 {
90 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
91 String action = WSHandlerConstants.SIGNATURE;
92 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
93
94
95 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
96 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
97
98 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
99 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
100 }
101
102
103 {
104 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
105 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("keys/wss40rev.jks"), "security".toCharArray());
106 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
107 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
108
109 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
110
111
112 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
113 assertEquals(nodeList.getLength(), 1);
114 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
115 }
116
117
118 {
119 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
120 securityProperties.setEnableRevocation(true);
121 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("wss40rev.jks"), "security".toCharArray());
122 securityProperties.loadCRLCertStore(this.getClass().getClassLoader().getResource("keys/wss40CACRL.pem"));
123 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
124 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
125
126 try {
127 StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
128 fail("Expected failure on a revocation check");
129 } catch (Exception ex) {
130 assertNotNull(ex.getCause());
131 assertTrue(ex.getCause() instanceof WSSecurityException);
132 }
133 }
134 }
135
136 @Override
137 protected Map<String, Object> doOutboundSecurityWithWSS4J_1(
138 InputStream sourceDocument, String action, final Properties properties
139 ) throws WSSecurityException, TransformerException, IOException {
140 CustomWSS4JHandler wss4JHandler = new CustomWSS4JHandler();
141 final Map<String, Object> messageContext = getMessageContext(sourceDocument);
142 messageContext.put(WSHandlerConstants.ACTION, action);
143 messageContext.put(WSHandlerConstants.USER, "wss40rev");
144 messageContext.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
145
146 Properties sigProperties = new Properties();
147 sigProperties.setProperty("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
148 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "keys/wss40rev.jks");
149 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "security");
150 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "wss40rev");
151 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.x509crl.file", "keys/wss40CACRL.pem");
152 wss4JHandler.setPassword(messageContext, "security");
153 messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" + sigProperties.hashCode());
154 messageContext.put("" + sigProperties.hashCode(), sigProperties);
155
156 Enumeration<?> enumeration = properties.propertyNames();
157 while (enumeration.hasMoreElements()) {
158 String s = (String) enumeration.nextElement();
159 messageContext.put(s, properties.get(s));
160 }
161
162 RequestData requestData = new RequestData();
163 requestData.setMsgContext(messageContext);
164 requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
165
166 wss4JHandler.doSender(messageContext, requestData, true);
167
168 return messageContext;
169 }
170
171 }