View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.ByteArrayOutputStream;
23  import java.io.InputStream;
24  import java.nio.charset.StandardCharsets;
25  import java.util.ArrayList;
26  import java.util.List;
27  import java.util.Map;
28  import java.util.Properties;
29  import java.util.Set;
30  
31  import javax.xml.stream.XMLStreamException;
32  import javax.xml.stream.XMLStreamReader;
33  import javax.xml.stream.XMLStreamWriter;
34  import javax.xml.transform.dom.DOMSource;
35  import javax.xml.transform.stream.StreamResult;
36  
37  import org.apache.wss4j.common.ext.WSSecurityException;
38  import org.apache.wss4j.dom.handler.WSHandlerConstants;
39  import org.apache.wss4j.dom.handler.WSHandlerResult;
40  import org.apache.wss4j.stax.ext.WSSConstants;
41  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
42  import org.apache.wss4j.stax.setup.InboundWSSec;
43  import org.apache.wss4j.stax.setup.OutboundWSSec;
44  import org.apache.wss4j.stax.setup.WSSec;
45  import org.apache.wss4j.stax.test.utils.StAX2DOM;
46  import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
47  import org.apache.xml.security.stax.ext.SecurePart;
48  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
49  import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
50  import org.junit.jupiter.api.Test;
51  import org.w3c.dom.Document;
52  import org.w3c.dom.Element;
53  import org.w3c.dom.NodeList;
54  
55  import static org.junit.jupiter.api.Assertions.assertEquals;
56  import static org.junit.jupiter.api.Assertions.assertNotNull;
57  import static org.junit.jupiter.api.Assertions.assertNotSame;
58  import static org.junit.jupiter.api.Assertions.assertTrue;
59  import static org.junit.jupiter.api.Assertions.fail;
60  
61  public class SignatureConfirmationTest extends AbstractTestBase {
62  
63      @SuppressWarnings("unchecked")
64      @Test
65      public void testDefaultConfigurationInbound() throws Exception {
66  
67          Set<Integer> sigv;
68          ByteArrayOutputStream baos = new ByteArrayOutputStream();
69          {
70              InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
71              String action = WSHandlerConstants.SIGNATURE;
72              Properties properties = new Properties();
73              properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
74              Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
75              sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
76              Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
77  
78              //some test that we can really sure we get what we want from WSS4J
79              NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
80              assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
81  
82              javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
83              transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
84          }
85  
86          final List<SecurityEvent> securityEventList = new ArrayList<>();
87          //done signature; now test sig-verification:
88          {
89              WSSSecurityProperties securityProperties = new WSSSecurityProperties();
90              securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
91              InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
92  
93              SecurityEventListener securityEventListener = new SecurityEventListener() {
94                  @Override
95                  public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
96                      securityEventList.add(securityEvent);
97                  }
98              };
99  
100             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), new ArrayList<SecurityEvent>(), securityEventListener);
101 
102             Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
103 
104             //header element must still be there
105             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
106             assertEquals(nodeList.getLength(), 1);
107             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
108         }
109 
110         //so we have a request generated, now do the response:
111         baos = new ByteArrayOutputStream();
112         {
113             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
114             List<WSSConstants.Action> actions = new ArrayList<>();
115             actions.add(WSSConstants.SIGNATURE_CONFIRMATION);
116             actions.add(WSSConstants.SIGNATURE);
117             securityProperties.setActions(actions);
118             securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element));
119             securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, SecurePart.Modifier.Element));
120             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
121             securityProperties.setSignatureUser("receiver");
122             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
123 
124             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
125             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), securityEventList);
126             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
127             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
128             xmlStreamWriter.close();
129 
130             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
131             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
132             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
133 
134             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
135             assertEquals(nodeList.getLength(), 2);
136 
137             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSSE11_SIG_CONF.getNamespaceURI(), WSSConstants.TAG_WSSE11_SIG_CONF.getLocalPart());
138             assertEquals(nodeList.getLength(), 1);
139             assertNotSame(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_VALUE.getLocalPart()), "");
140             assertNotNull(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_WSU_ID.getLocalPart()), "");
141             assertTrue(((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart()).length() > 0);
142 
143             nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
144             assertEquals(nodeList.getLength(), 1);
145             String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
146             assertNotNull(idAttrValue);
147             assertTrue(idAttrValue.length() > 0);
148         }
149 
150         //verify SigConf response:
151         {
152             String action = WSHandlerConstants.SIGNATURE;
153             Properties properties = new Properties();
154             properties.put(WSHandlerConstants.SEND_SIGV, sigv);
155             doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, true);
156         }
157     }
158 
159     @SuppressWarnings("unchecked")
160     @Test
161     public void testDefaultConfigurationInboundUnsignedConfirmation() throws Exception {
162 
163         Set<Integer> sigv;
164         ByteArrayOutputStream baos = new ByteArrayOutputStream();
165         {
166             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
167             String action = WSHandlerConstants.SIGNATURE;
168             Properties properties = new Properties();
169             properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
170             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
171             sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
172             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
173 
174             //some test that we can really sure we get what we want from WSS4J
175             NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
176             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
177 
178             javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
179             transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
180         }
181 
182         final List<SecurityEvent> securityEventList = new ArrayList<>();
183         //done signature; now test sig-verification:
184         {
185             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
186             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
187             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
188 
189             SecurityEventListener securityEventListener = new SecurityEventListener() {
190                 @Override
191                 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
192                     securityEventList.add(securityEvent);
193                 }
194             };
195 
196             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), new ArrayList<SecurityEvent>(), securityEventListener);
197 
198             Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
199 
200             //header element must still be there
201             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
202             assertEquals(nodeList.getLength(), 1);
203             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
204         }
205 
206         //so we have a request generated, now do the response:
207         baos = new ByteArrayOutputStream();
208         {
209             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
210             List<WSSConstants.Action> actions = new ArrayList<>();
211             actions.add(WSSConstants.SIGNATURE_CONFIRMATION);
212             securityProperties.setActions(actions);
213             securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element));
214             securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, SecurePart.Modifier.Element));
215             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
216             securityProperties.setSignatureUser("receiver");
217             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
218 
219             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
220             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), securityEventList);
221             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
222             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
223             xmlStreamWriter.close();
224 
225             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
226             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
227             assertEquals(nodeList.getLength(), 0);
228 
229             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSSE11_SIG_CONF.getNamespaceURI(), WSSConstants.TAG_WSSE11_SIG_CONF.getLocalPart());
230             assertEquals(nodeList.getLength(), 1);
231             assertNotSame(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_VALUE.getLocalPart()), "");
232             assertNotNull(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_WSU_ID.getLocalPart()), "");
233             assertTrue(((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart()).length() > 0);
234         }
235 
236         //verify SigConf response:
237         {
238             String action = "";
239             Properties properties = new Properties();
240             properties.put(WSHandlerConstants.SEND_SIGV, sigv);
241             doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, true);
242         }
243     }
244 
245     @SuppressWarnings("unchecked")
246     @Test
247     public void testDefaultConfigurationOutbound() throws Exception {
248 
249         final List<SecurityEvent> securityEventList = new ArrayList<>();
250         ByteArrayOutputStream baos = new ByteArrayOutputStream();
251         {
252             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
253             List<WSSConstants.Action> actions = new ArrayList<>();
254             actions.add(WSSConstants.SIGNATURE);
255             securityProperties.setActions(actions);
256             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
257             securityProperties.setSignatureUser("transmitter");
258             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
259 
260             SecurityEventListener securityEventListener = new SecurityEventListener() {
261                 @Override
262                 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
263                     securityEventList.add(securityEvent);
264                 }
265             };
266 
267             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
268             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>(), securityEventListener);
269             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
270             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
271             xmlStreamWriter.close();
272 
273             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
274             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
275             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
276 
277             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
278             assertEquals(nodeList.getLength(), 1);
279         }
280 
281         List<WSHandlerResult> wsHandlerResult;
282         //done signature; now test sig-verification:
283         {
284             String action = WSHandlerConstants.SIGNATURE;
285             Properties properties = new Properties();
286             properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
287             Map<String, Object> messageContext = doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
288             wsHandlerResult = (List<WSHandlerResult>) messageContext.get(WSHandlerConstants.RECV_RESULTS);
289         }
290 
291         //so we have a request generated, now do the response:
292         baos = new ByteArrayOutputStream();
293         {
294             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
295             String action = WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION + " " + WSHandlerConstants.SIGNATURE;
296             Properties properties = new Properties();
297             properties.put(WSHandlerConstants.RECV_RESULTS, wsHandlerResult);
298             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
299             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
300 
301             //some test that we can really sure we get what we want from WSS4J
302             NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
303             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
304 
305             nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_WSSE11_SIG_CONF.getNamespaceURI(), WSSConstants.TAG_WSSE11_SIG_CONF.getLocalPart());
306             assertEquals(nodeList.getLength(), 1);
307             assertNotSame(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_VALUE.getLocalPart()), "");
308             assertNotNull(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_WSU_ID.getLocalPart()), "");
309 
310             nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
311             assertEquals(nodeList.getLength(), 1);
312             String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
313             assertNotNull(idAttrValue);
314             assertTrue(idAttrValue.length() > 0);
315 
316             javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
317             transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
318         }
319 
320         //verify SigConf response:
321         {
322             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
323             securityProperties.setEnableSignatureConfirmationVerification(true);
324             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
325             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
326 
327             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(
328                     xmlInputFactory.createXMLStreamReader(
329                             new ByteArrayInputStream(baos.toByteArray())
330                     ),
331                     securityEventList);
332 
333             Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
334 
335             //header element must still be there
336             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
337             assertEquals(nodeList.getLength(), 1);
338             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
339         }
340     }
341 
342     @Test
343     public void testOutboundNoSignatureConfirmation() throws Exception {
344 
345         final List<SecurityEvent> securityEventList = new ArrayList<>();
346         ByteArrayOutputStream baos = new ByteArrayOutputStream();
347         {
348             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
349             List<WSSConstants.Action> actions = new ArrayList<>();
350             actions.add(WSSConstants.SIGNATURE);
351             securityProperties.setActions(actions);
352             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
353             securityProperties.setSignatureUser("transmitter");
354             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
355 
356             SecurityEventListener securityEventListener = new SecurityEventListener() {
357                 @Override
358                 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
359                     securityEventList.add(securityEvent);
360                 }
361             };
362 
363             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
364             XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>(), securityEventListener);
365             XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
366             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
367             xmlStreamWriter.close();
368 
369             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
370             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
371             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
372 
373             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
374             assertEquals(nodeList.getLength(), 1);
375         }
376 
377         //done signature; now test sig-verification:
378         {
379             String action = WSHandlerConstants.SIGNATURE;
380             doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
381         }
382 
383         //so we have a request generated, now do the response:
384         baos = new ByteArrayOutputStream();
385         {
386             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
387             String action = WSHandlerConstants.SIGNATURE;
388             Properties properties = new Properties();
389             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
390             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
391 
392             //some test that we can really sure we get what we want from WSS4J
393             NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
394             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
395 
396             nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_WSSE11_SIG_CONF.getNamespaceURI(), WSSConstants.TAG_WSSE11_SIG_CONF.getLocalPart());
397             assertEquals(nodeList.getLength(), 0);
398 
399             nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
400             assertEquals(nodeList.getLength(), 1);
401             String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
402             assertNotNull(idAttrValue);
403             assertTrue(idAttrValue.length() > 0);
404 
405             javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
406             transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
407         }
408 
409         //verify SigConf response:
410         {
411             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
412             securityProperties.setEnableSignatureConfirmationVerification(true);
413             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
414             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties, false, true);
415 
416             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventList);
417 
418             try {
419                 StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
420                 fail("Expected XMLStreamException");
421             } catch (XMLStreamException e) {
422                 assertNotNull(e.getCause());
423                 assertTrue(e.getCause() instanceof WSSecurityException);
424                 assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
425             }
426         }
427     }
428 }