View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.ByteArrayOutputStream;
23  import java.nio.charset.StandardCharsets;
24  import java.util.ArrayList;
25  import java.util.List;
26  
27  import javax.xml.stream.XMLStreamReader;
28  import javax.xml.stream.XMLStreamWriter;
29  
30  import org.apache.wss4j.dom.handler.WSHandlerConstants;
31  import org.apache.wss4j.stax.ext.WSSConstants;
32  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
33  import org.apache.wss4j.stax.setup.OutboundWSSec;
34  import org.apache.wss4j.stax.setup.WSSec;
35  import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
36  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
37  import org.junit.jupiter.api.Test;
38  import org.w3c.dom.Document;
39  import org.w3c.dom.Element;
40  import org.w3c.dom.NodeList;
41  
42  import static org.junit.jupiter.api.Assertions.assertEquals;
43  import static org.junit.jupiter.api.Assertions.assertNotNull;
44  import static org.junit.jupiter.api.Assertions.assertTrue;
45  
46  /**
47   * A test-case for WSS-626 - "Duplicates in the PrefixList".
48   */
49  public class SignaturePrefixListTest extends AbstractTestBase {
50  
51      @Test
52      public void testDuplicatePrefixListValues() throws Exception {
53  
54          ByteArrayOutputStream baos = new ByteArrayOutputStream();
55          {
56              WSSSecurityProperties securityProperties = new WSSSecurityProperties();
57              List<WSSConstants.Action> actions = new ArrayList<>();
58              actions.add(WSSConstants.SIGNATURE);
59              securityProperties.setActions(actions);
60              securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
61              securityProperties.setSignatureUser("transmitter");
62              securityProperties.setCallbackHandler(new CallbackHandlerImpl());
63  
64              OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
65              XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
66              XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/SignaturePrefixListMessage.xml"));
67              XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
68              xmlStreamWriter.close();
69  
70              Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
71              NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
72              assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
73  
74              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
75              assertEquals(nodeList.getLength(), 1);
76  
77              nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP12, WSSConstants.TAG_SOAP_BODY_LN);
78              assertEquals(nodeList.getLength(), 1);
79              String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
80              assertNotNull(idAttrValue);
81              assertTrue(idAttrValue.length() > 0);
82  
83              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
84              assertEquals(nodeList.getLength(), 2);
85  
86              String parsedPrefixes = ((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart());
87              assertEquals(parsedPrefixes.split(" ").length, 5);
88          }
89          //done signature; now test sig-verification:
90          {
91              String action = WSHandlerConstants.SIGNATURE;
92              doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
93          }
94      }
95  
96  }