1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.nio.charset.StandardCharsets;
26 import java.security.Security;
27 import java.util.ArrayList;
28 import java.util.HashMap;
29 import java.util.List;
30 import java.util.Map;
31 import java.util.Properties;
32
33 import javax.crypto.KeyGenerator;
34 import javax.crypto.SecretKey;
35 import javax.security.auth.callback.Callback;
36 import javax.security.auth.callback.UnsupportedCallbackException;
37 import javax.xml.crypto.dsig.SignatureMethod;
38 import javax.xml.namespace.QName;
39 import javax.xml.stream.XMLStreamException;
40 import javax.xml.stream.XMLStreamReader;
41 import javax.xml.stream.XMLStreamWriter;
42 import javax.xml.transform.dom.DOMSource;
43 import javax.xml.transform.stream.StreamResult;
44 import javax.xml.xpath.XPathConstants;
45 import javax.xml.xpath.XPathExpression;
46
47 import org.apache.wss4j.common.ConfigurationConstants;
48 import org.apache.wss4j.common.bsp.BSPRule;
49 import org.apache.wss4j.common.crypto.CryptoFactory;
50 import org.apache.wss4j.common.ext.WSPasswordCallback;
51 import org.apache.wss4j.common.ext.WSSecurityException;
52 import org.apache.wss4j.dom.WSConstants;
53 import org.apache.wss4j.dom.handler.WSHandlerConstants;
54 import org.apache.wss4j.dom.message.WSSecHeader;
55 import org.apache.wss4j.dom.message.WSSecSignature;
56 import org.apache.wss4j.stax.ext.WSSConstants;
57 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
58 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
59 import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
60 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
61 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
62 import org.apache.wss4j.stax.setup.ConfigurationConverter;
63 import org.apache.wss4j.stax.setup.InboundWSSec;
64 import org.apache.wss4j.stax.setup.OutboundWSSec;
65 import org.apache.wss4j.stax.setup.WSSec;
66 import org.apache.wss4j.stax.test.utils.StAX2DOM;
67 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
68 import org.apache.xml.security.exceptions.XMLSecurityException;
69 import org.apache.xml.security.stax.ext.SecurePart;
70 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
71 import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
72 import org.junit.jupiter.api.Test;
73 import org.w3c.dom.Document;
74 import org.w3c.dom.Element;
75 import org.w3c.dom.Node;
76 import org.w3c.dom.NodeList;
77
78 import static org.junit.jupiter.api.Assertions.assertEquals;
79 import static org.junit.jupiter.api.Assertions.assertNotNull;
80 import static org.junit.jupiter.api.Assertions.assertNotSame;
81 import static org.junit.jupiter.api.Assertions.assertSame;
82 import static org.junit.jupiter.api.Assertions.assertTrue;
83 import static org.junit.jupiter.api.Assertions.fail;
84
85 public class SignatureTest extends AbstractTestBase {
86
87 @Test
88 public void testSignatureDefaultConfigurationOutbound() throws Exception {
89
90 ByteArrayOutputStream baos = new ByteArrayOutputStream();
91 {
92 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
93 List<WSSConstants.Action> actions = new ArrayList<>();
94 actions.add(WSSConstants.SIGNATURE);
95 securityProperties.setActions(actions);
96 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
97 securityProperties.setSignatureUser("transmitter");
98 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
99
100 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
101 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
102 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
103 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
104 xmlStreamWriter.close();
105
106 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
107 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
108 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
109
110 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
111 assertEquals(nodeList.getLength(), 1);
112
113 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
114 assertEquals(nodeList.getLength(), 1);
115 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
116 assertNotNull(idAttrValue);
117 assertTrue(idAttrValue.length() > 0);
118
119 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
120 assertEquals(nodeList.getLength(), 2);
121 assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
122 assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
123 }
124
125 {
126 String action = WSHandlerConstants.SIGNATURE;
127 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
128 }
129 }
130
131 @Test
132 public void testSignatureDefaultConfigurationInbound() throws Exception {
133
134 ByteArrayOutputStream baos = new ByteArrayOutputStream();
135 {
136 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
137 String action = WSHandlerConstants.SIGNATURE;
138 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
139
140
141 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
142 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
143
144 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
145 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
146 }
147
148
149 {
150 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
151 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
152 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
153 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
154
155 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
156
157
158 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
159 assertEquals(nodeList.getLength(), 1);
160 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
161 }
162 }
163
164 @Test
165 public void testSignatureCryptoPropertiesOutbound() throws Exception {
166
167 ByteArrayOutputStream baos = new ByteArrayOutputStream();
168 {
169 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
170 List<WSSConstants.Action> actions = new ArrayList<>();
171 actions.add(WSSConstants.SIGNATURE);
172 securityProperties.setActions(actions);
173 Properties properties =
174 CryptoFactory.getProperties("transmitter-crypto.properties", this.getClass().getClassLoader());
175 securityProperties.setSignatureCryptoProperties(properties);
176 securityProperties.setSignatureUser("transmitter");
177 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
178
179 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
180 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
181 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
182 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
183 xmlStreamWriter.close();
184
185 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
186 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
187 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
188
189 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
190 assertEquals(nodeList.getLength(), 1);
191
192 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
193 assertEquals(nodeList.getLength(), 1);
194 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
195 assertNotNull(idAttrValue);
196 assertTrue(idAttrValue.length() > 0);
197
198 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
199 assertEquals(nodeList.getLength(), 2);
200 assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
201 assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
202 }
203
204 {
205 String action = WSHandlerConstants.SIGNATURE;
206 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
207 }
208 }
209
210 @Test
211 public void testSignatureCryptoPropertiesInbound() throws Exception {
212
213 ByteArrayOutputStream baos = new ByteArrayOutputStream();
214 {
215 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
216 String action = WSHandlerConstants.SIGNATURE;
217 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
218
219
220 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
221 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
222
223 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
224 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
225 }
226
227
228 {
229 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
230 Properties properties =
231 CryptoFactory.getProperties("receiver-crypto.properties", this.getClass().getClassLoader());
232 securityProperties.setSignatureVerificationCryptoProperties(properties);
233 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
234 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
235
236 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
237
238
239 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
240 assertEquals(nodeList.getLength(), 1);
241 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
242 }
243 }
244
245 @Test
246 public void testSignaturePartsOutbound() throws Exception {
247
248 ByteArrayOutputStream baos = new ByteArrayOutputStream();
249 {
250 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
251 List<WSSConstants.Action> actions = new ArrayList<>();
252 actions.add(WSSConstants.SIGNATURE);
253 securityProperties.setActions(actions);
254 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
255 securityProperties.setSignatureUser("transmitter");
256 securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element));
257 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
258
259 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
260 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
261 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
262 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
263 xmlStreamWriter.close();
264
265 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
266 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
267 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
268
269 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
270 assertEquals(nodeList.getLength(), 25);
271
272 nodeList = document.getElementsByTagNameNS("http://www.w3.org/1999/XMLSchema", "complexType");
273 assertEquals(nodeList.getLength(), 26);
274 for (int i = 0; i < nodeList.getLength(); i++) {
275 String idAttrValue = ((Element) nodeList.item(i)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
276 if (i == 10) {
277 assertSame(idAttrValue, "");
278 } else {
279 assertNotSame(idAttrValue, "");
280 assertTrue(idAttrValue.length() > 0);
281 }
282 }
283 }
284
285
286 {
287 String action = WSHandlerConstants.SIGNATURE;
288 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
289 }
290 }
291
292 @Test
293 public void testExceptionOnElementToSignNotFound() throws Exception {
294
295 ByteArrayOutputStream baos = new ByteArrayOutputStream();
296 {
297 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
298 List<WSSConstants.Action> actions = new ArrayList<>();
299 actions.add(WSSConstants.SIGNATURE);
300 securityProperties.setActions(actions);
301 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
302 securityProperties.setSignatureUser("transmitter");
303 securityProperties.addSignaturePart(new SecurePart(new QName("http://www.wrongnamespace.org", "complexType"), SecurePart.Modifier.Element));
304 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
305
306 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
307 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
308 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
309
310 try {
311 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
312 xmlStreamWriter.close();
313 fail("Exception expected");
314 } catch (XMLStreamException e) {
315 assertTrue(e.getCause() instanceof XMLSecurityException);
316 assertEquals("Part to sign not found: {http://www.wrongnamespace.org}complexType", e.getCause().getMessage());
317 }
318 }
319 }
320
321 @Test
322 public void testSignatureC14NInclusivePartsOutbound() throws Exception {
323
324 ByteArrayOutputStream baos = new ByteArrayOutputStream();
325 {
326 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
327 List<WSSConstants.Action> actions = new ArrayList<>();
328 actions.add(WSSConstants.SIGNATURE);
329 securityProperties.setActions(actions);
330 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
331 securityProperties.setSignatureUser("transmitter");
332 securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element));
333 securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
334 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
335
336 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
337 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
338 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
339 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
340 xmlStreamWriter.close();
341
342 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
343 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
344 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
345
346 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
347 assertEquals(nodeList.getLength(), 25);
348
349 nodeList = document.getElementsByTagNameNS("http://www.w3.org/1999/XMLSchema", "complexType");
350 assertEquals(nodeList.getLength(), 26);
351 for (int i = 0; i < nodeList.getLength(); i++) {
352 String idAttrValue = ((Element) nodeList.item(i)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
353 if (i == 10) {
354 assertSame(idAttrValue, "");
355 } else {
356 assertNotSame(idAttrValue, "");
357 assertTrue(idAttrValue.length() > 0);
358 }
359 }
360 }
361
362
363 {
364 String action = WSHandlerConstants.SIGNATURE;
365 Properties properties = new Properties();
366 doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
367 }
368 }
369
370 @Test
371 public void testSignaturePartsInbound() throws Exception {
372
373 ByteArrayOutputStream baos = new ByteArrayOutputStream();
374 {
375 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
376 String action = WSHandlerConstants.SIGNATURE;
377 Properties properties = new Properties();
378 properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://www.w3.org/1999/XMLSchema}complexType;");
379 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
380
381
382 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
383 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
384
385 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
386 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
387 }
388
389
390 {
391 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
392 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
393 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
394 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
395
396 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
397
398
399 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
400 assertEquals(nodeList.getLength(), 1);
401 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
402 }
403 }
404
405 @Test
406 public void testSignatureC14NInclusivePartsInbound() throws Exception {
407
408 ByteArrayOutputStream baos = new ByteArrayOutputStream();
409 {
410 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
411 String action = WSHandlerConstants.SIGNATURE;
412 Properties properties = new Properties();
413 properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://www.w3.org/1999/XMLSchema}complexType;");
414 properties.setProperty("CanonicalizationAlgo", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
415 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
416
417
418 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
419 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
420
421 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
422 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
423 }
424
425
426 {
427 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
428 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
429 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
430 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
431
432 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
433
434
435 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
436 assertEquals(nodeList.getLength(), 1);
437 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
438 }
439 }
440
441
442
443
444
445
446 @Test
447 public void testSignatureC14NInclusivePartsInbound_1() throws Exception {
448
449 ByteArrayOutputStream baos = new ByteArrayOutputStream();
450 {
451 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
452 List<WSSConstants.Action> actions = new ArrayList<>();
453 actions.add(WSSConstants.SIGNATURE);
454 securityProperties.setActions(actions);
455 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
456 securityProperties.setSignatureUser("transmitter");
457 securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element));
458 securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
459 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
460
461 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
462 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
463 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
464 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
465 xmlStreamWriter.close();
466
467 Document securedDocument = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
468 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
469 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
470 }
471
472
473 {
474 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
475 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
476 securityProperties.addIgnoreBSPRule(BSPRule.R5404);
477 securityProperties.addIgnoreBSPRule(BSPRule.R5423);
478 securityProperties.addIgnoreBSPRule(BSPRule.R5412);
479 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
480 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
481
482 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
483
484
485 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
486 assertEquals(nodeList.getLength(), 1);
487 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
488 }
489 }
490
491
492
493
494
495
496 @Test
497 public void testSignatureC14NInclusivePartsInbound_DisableAllBSPRules() throws Exception {
498
499 ByteArrayOutputStream baos = new ByteArrayOutputStream();
500 {
501 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
502 List<WSSConstants.Action> actions = new ArrayList<>();
503 actions.add(WSSConstants.SIGNATURE);
504 securityProperties.setActions(actions);
505 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
506 securityProperties.setSignatureUser("transmitter");
507 securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element));
508 securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
509 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
510
511 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
512 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
513 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
514 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
515 xmlStreamWriter.close();
516
517 Document securedDocument = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
518 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
519 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
520 }
521
522
523 {
524 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
525 securityProperties.setDisableBSPEnforcement(true);
526 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
527 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
528 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
529
530 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
531
532
533 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
534 assertEquals(nodeList.getLength(), 1);
535 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
536 }
537 }
538
539 @Test
540 public void testSignatureKeyIdentifierIssuerSerialOutbound() throws Exception {
541
542 ByteArrayOutputStream baos = new ByteArrayOutputStream();
543 {
544 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
545 List<WSSConstants.Action> actions = new ArrayList<>();
546 actions.add(WSSConstants.SIGNATURE);
547 securityProperties.setActions(actions);
548 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
549 securityProperties.setSignatureUser("transmitter");
550 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
551 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
552
553 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
554 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
555 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
556 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
557 xmlStreamWriter.close();
558
559 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
560 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
561 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
562
563 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/dsig:X509Data/dsig:X509IssuerSerial/dsig:X509SerialNumber");
564 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
565 assertNotNull(node);
566
567 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
568 assertEquals(nodeList.getLength(), 1);
569
570 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
571 assertEquals(nodeList.getLength(), 1);
572 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
573 assertNotNull(idAttrValue);
574 assertTrue(idAttrValue.length() > 0);
575 }
576
577
578 {
579 String action = WSHandlerConstants.SIGNATURE;
580 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
581 }
582 }
583
584 @Test
585 public void testSignatureKeyIdentifierIssuerSerialInbound() throws Exception {
586
587 ByteArrayOutputStream baos = new ByteArrayOutputStream();
588 {
589 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
590 String action = WSHandlerConstants.SIGNATURE;
591 Properties properties = new Properties();
592 properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
593 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
594
595
596 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/dsig:X509Data/dsig:X509IssuerSerial/dsig:X509SerialNumber");
597 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
598 assertNotNull(node);
599
600 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
601 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
602 }
603
604
605 {
606 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
607 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
608 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
609 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
610
611 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
612
613
614 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
615 assertEquals(nodeList.getLength(), 1);
616 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
617 }
618 }
619
620 @Test
621 public void testSignatureKeyIdentifierIssuerSerialIncludeTokenOutbound() throws Exception {
622
623 ByteArrayOutputStream baos = new ByteArrayOutputStream();
624 {
625 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
626 List<WSSConstants.Action> actions = new ArrayList<>();
627 actions.add(WSSConstants.SIGNATURE);
628 securityProperties.setActions(actions);
629 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
630 securityProperties.setSignatureUser("transmitter");
631 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
632 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
633 securityProperties.setIncludeSignatureToken(true);
634
635 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
636 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
637 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
638 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
639 xmlStreamWriter.close();
640
641 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
642 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
643 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
644
645 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/dsig:X509Data/dsig:X509IssuerSerial/dsig:X509SerialNumber");
646 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
647 assertNotNull(node);
648
649 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
650 assertEquals(nodeList.getLength(), 1);
651
652 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
653 assertEquals(nodeList.getLength(), 1);
654 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
655 assertNotNull(idAttrValue);
656 assertTrue(idAttrValue.length() > 0);
657 }
658
659
660 {
661 String action = WSHandlerConstants.SIGNATURE;
662 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
663 }
664 }
665
666 @Test
667 public void testSignatureKeyIdentifierBinarySecurityTokenDirectReferenceOutbound() throws Exception {
668
669 ByteArrayOutputStream baos = new ByteArrayOutputStream();
670 {
671 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
672 List<WSSConstants.Action> actions = new ArrayList<>();
673 actions.add(WSSConstants.SIGNATURE);
674 securityProperties.setActions(actions);
675 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
676 securityProperties.setSignatureUser("transmitter");
677 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
678 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
679
680 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
681 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
682 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
683 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
684 xmlStreamWriter.close();
685
686 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
687 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
688 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
689
690 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/wsse:BinarySecurityToken");
691 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
692 assertNotNull(node);
693
694 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
695 assertEquals(nodeList.getLength(), 1);
696
697 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
698 assertEquals(nodeList.getLength(), 1);
699 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
700 assertNotNull(idAttrValue);
701 assertTrue(idAttrValue.length() > 0);
702 }
703
704
705 {
706 String action = WSHandlerConstants.SIGNATURE;
707 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
708 }
709 }
710
711 @Test
712 public void testSignatureKeyIdentifierBinarySecurityTokenDirectReferenceInbound() throws Exception {
713
714 ByteArrayOutputStream baos = new ByteArrayOutputStream();
715 {
716 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
717 String action = WSHandlerConstants.SIGNATURE;
718 Properties properties = new Properties();
719 properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
720 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
721
722
723 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/wsse:BinarySecurityToken");
724 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
725 assertNotNull(node);
726
727 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
728 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
729 }
730
731
732 {
733 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
734 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
735 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
736 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
737
738 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
739
740
741 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
742 assertEquals(nodeList.getLength(), 1);
743 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
744 }
745 }
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801 @Test
802 public void testSignatureKeyIdentifierX509KeyOutbound() throws Exception {
803
804 ByteArrayOutputStream baos = new ByteArrayOutputStream();
805 {
806 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
807 List<WSSConstants.Action> actions = new ArrayList<>();
808 actions.add(WSSConstants.SIGNATURE);
809 securityProperties.setActions(actions);
810 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
811 securityProperties.setSignatureUser("transmitter");
812 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
813 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
814
815 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
816 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
817 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
818 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
819 xmlStreamWriter.close();
820
821 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
822 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
823 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
824
825 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3']");
826 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
827 assertNotNull(node);
828
829 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
830 assertEquals(nodeList.getLength(), 1);
831
832 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
833 assertEquals(nodeList.getLength(), 1);
834 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
835 assertNotNull(idAttrValue);
836 assertTrue(idAttrValue.length() > 0);
837 }
838
839
840 {
841 String action = WSHandlerConstants.SIGNATURE;
842 Properties properties = new Properties();
843 doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
844 }
845 }
846
847 @Test
848 public void testSignatureKeyIdentifierX509KeyInbound() throws Exception {
849
850 ByteArrayOutputStream baos = new ByteArrayOutputStream();
851 {
852 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
853 String action = WSHandlerConstants.SIGNATURE;
854 Properties properties = new Properties();
855 properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "X509KeyIdentifier");
856 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
857
858
859 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3']");
860 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
861 assertNotNull(node);
862
863 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
864 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
865 }
866
867
868 {
869 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
870 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
871 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
872 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
873
874 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
875
876
877 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
878 assertEquals(nodeList.getLength(), 1);
879 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
880 }
881 }
882
883 @Test
884 public void testSignatureKeyIdentifierSubjectKeyOutbound() throws Exception {
885
886 ByteArrayOutputStream baos = new ByteArrayOutputStream();
887 {
888 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
889 List<WSSConstants.Action> actions = new ArrayList<>();
890 actions.add(WSSConstants.SIGNATURE);
891 securityProperties.setActions(actions);
892 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
893 securityProperties.setSignatureUser("transmitter");
894 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier);
895 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
896
897 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
898 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
899 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
900 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
901 xmlStreamWriter.close();
902
903 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
904 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
905 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
906
907 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier']");
908 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
909 assertNotNull(node);
910
911 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
912 assertEquals(nodeList.getLength(), 1);
913
914 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
915 assertEquals(nodeList.getLength(), 1);
916 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
917 assertNotNull(idAttrValue);
918 assertTrue(idAttrValue.length() > 0);
919 }
920
921
922 {
923 String action = WSHandlerConstants.SIGNATURE;
924 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
925 }
926 }
927
928 @Test
929 public void testSignatureKeyIdentifierSubjectKeyInbound() throws Exception {
930
931 ByteArrayOutputStream baos = new ByteArrayOutputStream();
932 {
933 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
934 String action = WSHandlerConstants.SIGNATURE;
935 Properties properties = new Properties();
936 properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "SKIKeyIdentifier");
937 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
938
939
940 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier']");
941 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
942 assertNotNull(node);
943
944 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
945 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
946 }
947
948
949 {
950 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
951 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
952 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
953 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
954
955 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
956
957
958 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
959 assertEquals(nodeList.getLength(), 1);
960 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
961 }
962 }
963
964 @Test
965 public void testSignatureKeyIdentifierThumbprintOutbound() throws Exception {
966
967 ByteArrayOutputStream baos = new ByteArrayOutputStream();
968 {
969 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
970 List<WSSConstants.Action> actions = new ArrayList<>();
971 actions.add(WSSConstants.SIGNATURE);
972 securityProperties.setActions(actions);
973 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
974 securityProperties.setSignatureUser("transmitter");
975 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
976 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
977
978 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
979 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
980 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
981 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
982 xmlStreamWriter.close();
983
984 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
985 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
986 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
987
988 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1']");
989 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
990 assertNotNull(node);
991
992 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
993 assertEquals(nodeList.getLength(), 1);
994
995 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
996 assertEquals(nodeList.getLength(), 1);
997 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
998 assertNotNull(idAttrValue);
999 assertTrue(idAttrValue.length() > 0);
1000 }
1001
1002
1003 {
1004 String action = WSHandlerConstants.SIGNATURE;
1005 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
1006 }
1007 }
1008
1009 @Test
1010 public void testSignatureKeyIdentifierThumbprintInbound() throws Exception {
1011
1012 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1013 {
1014 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1015 String action = WSHandlerConstants.SIGNATURE;
1016 Properties properties = new Properties();
1017 properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
1018 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
1019
1020
1021 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1']");
1022 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
1023 assertNotNull(node);
1024
1025 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1026 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1027 }
1028
1029
1030 {
1031 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1032 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1033 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1034 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1035
1036 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1037
1038
1039 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1040 assertEquals(nodeList.getLength(), 1);
1041 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1042 }
1043 }
1044
1045
1046 @Test
1047 public void testSignatureKeyIdentifierThumbprintIncludeTokenOutbound() throws Exception {
1048
1049 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1050 {
1051 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1052 List<WSSConstants.Action> actions = new ArrayList<>();
1053 actions.add(WSSConstants.SIGNATURE);
1054 securityProperties.setActions(actions);
1055 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1056 securityProperties.setSignatureUser("transmitter");
1057 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
1058 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1059 securityProperties.setIncludeSignatureToken(true);
1060
1061 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1062 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1063 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1064 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1065 xmlStreamWriter.close();
1066
1067 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1068 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1069 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1070
1071 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1']");
1072 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
1073 assertNotNull(node);
1074
1075 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
1076 assertEquals(nodeList.getLength(), 1);
1077
1078 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1079 assertEquals(nodeList.getLength(), 1);
1080 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1081 assertNotNull(idAttrValue);
1082 assertTrue(idAttrValue.length() > 0);
1083 }
1084
1085
1086 {
1087 String action = WSHandlerConstants.SIGNATURE;
1088 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
1089 }
1090 }
1091
1092 @Test
1093 public void testSignatureKeyIdentifierSha1Outbound() throws Exception {
1094
1095 KeyGenerator keyGen = KeyGenerator.getInstance("AES");
1096 keyGen.init(128);
1097 final SecretKey key = keyGen.generateKey();
1098
1099 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1100 {
1101 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1102 List<WSSConstants.Action> actions = new ArrayList<>();
1103 actions.add(WSSConstants.SIGNATURE);
1104 securityProperties.setActions(actions);
1105 securityProperties.setSignatureUser("transmitter");
1106 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1107 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
1108 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
1109 securityProperties.setCallbackHandler(
1110 new CallbackHandlerImpl(key.getEncoded()){
1111 @Override
1112 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
1113 WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
1114 pc.setKey(key.getEncoded());
1115 }
1116 }
1117 );
1118
1119 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1120 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1121 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1122 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1123 xmlStreamWriter.close();
1124
1125 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1126 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1127 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1128
1129 XPathExpression xPathExpression =
1130 getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/" +
1131 "wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType=" +
1132 "'http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
1133 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
1134 assertNotNull(node);
1135
1136 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
1137 assertEquals(nodeList.getLength(), 1);
1138
1139 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1140 assertEquals(nodeList.getLength(), 1);
1141 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1142 assertNotNull(idAttrValue);
1143 assertTrue(idAttrValue.length() > 0);
1144 }
1145
1146
1147 {
1148 String action = WSHandlerConstants.SIGNATURE;
1149 Properties properties = new Properties();
1150 WSS4JCallbackHandlerImpl callbackHandler = new WSS4JCallbackHandlerImpl(key.getEncoded());
1151 properties.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
1152 doInboundSecurityWithWSS4J_1(
1153 documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())),
1154 action, properties, true);
1155 }
1156 }
1157
1158 @Test
1159 public void testSignatureKeyIdentifierSha1Inbound() throws Exception {
1160
1161 KeyGenerator keyGen = KeyGenerator.getInstance("AES");
1162 keyGen.init(128);
1163 SecretKey key = keyGen.generateKey();
1164
1165 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1166 {
1167 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1168
1169 Document doc = documentBuilderFactory.newDocumentBuilder().parse(sourceDocument);
1170 WSSecHeader secHeader = new WSSecHeader(doc);
1171 secHeader.insertSecurityHeader();
1172
1173 WSSecSignature sign = new WSSecSignature(secHeader);
1174 sign.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
1175 sign.setSecretKey(key.getEncoded());
1176 sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
1177
1178 Document securedDocument = sign.build(null);
1179
1180
1181 XPathExpression xPathExpression =
1182 getXPath("/soap:Envelope/soap:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/" +
1183 "wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType=" +
1184 "'http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
1185 Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
1186 assertNotNull(node);
1187
1188 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1189 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1190 }
1191
1192
1193 {
1194 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1195 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1196 securityProperties.setCallbackHandler(new CallbackHandlerImpl(key.getEncoded()));
1197 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1198 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1199
1200 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1201
1202
1203 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1204 assertEquals(nodeList.getLength(), 1);
1205 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1206 }
1207 }
1208
1209 @Test
1210 public void testSignatureUsePKIPathOutbound() throws Exception {
1211
1212
1213 if (Security.getProvider("BC") == null) {
1214 return;
1215 }
1216
1217 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1218 {
1219 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1220 List<WSSConstants.Action> actions = new ArrayList<>();
1221 actions.add(WSSConstants.SIGNATURE);
1222 securityProperties.setActions(actions);
1223 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1224 securityProperties.setSignatureUser("transmitter");
1225 securityProperties.setUseSingleCert(false);
1226 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
1227 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1228
1229 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1230 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1231 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1232 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1233 xmlStreamWriter.close();
1234
1235 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1236 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1237 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1238
1239 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
1240 assertEquals(nodeList.getLength(), 1);
1241
1242 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1243 assertEquals(nodeList.getLength(), 1);
1244 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1245 assertNotNull(idAttrValue);
1246 assertTrue(idAttrValue.length() > 0);
1247 }
1248
1249
1250 {
1251 String action = WSHandlerConstants.SIGNATURE;
1252 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
1253 }
1254 }
1255
1256 @Test
1257 public void testSignatureUsePKIPathInbound() throws Exception {
1258
1259 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1260 {
1261 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1262 String action = WSHandlerConstants.SIGNATURE;
1263 Properties properties = new Properties();
1264 properties.setProperty(WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false");
1265 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
1266
1267
1268 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1269 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1270
1271 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1272 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1273 }
1274
1275
1276 {
1277 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1278 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1279 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1280 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1281
1282 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1283
1284
1285 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1286 assertEquals(nodeList.getLength(), 1);
1287 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1288 }
1289 }
1290
1291 @Test
1292 public void testSignatureRSAKeyValue() throws Exception {
1293
1294 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1295 {
1296 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1297 List<WSSConstants.Action> actions = new ArrayList<>();
1298 actions.add(WSSConstants.SIGNATURE);
1299 securityProperties.setActions(actions);
1300 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1301 securityProperties.setSignatureUser("transmitter");
1302 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_KeyValue);
1303 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1304
1305 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1306 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1307 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1308 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1309 xmlStreamWriter.close();
1310
1311 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1312 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1313 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1314
1315 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_RSAKeyValue.getNamespaceURI(), WSSConstants.TAG_dsig_RSAKeyValue.getLocalPart());
1316 assertEquals(nodeList.getLength(), 1);
1317
1318 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1319 assertEquals(nodeList.getLength(), 1);
1320 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1321 assertNotNull(idAttrValue);
1322 assertTrue(idAttrValue.length() > 0);
1323 }
1324
1325 {
1326 String action = WSHandlerConstants.SIGNATURE;
1327 Properties properties = new Properties();
1328 doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
1329 }
1330
1331 {
1332 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1333 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1334 securityProperties.addIgnoreBSPRule(BSPRule.R5421);
1335 securityProperties.addIgnoreBSPRule(BSPRule.R5417);
1336 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1337
1338 WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{
1339 WSSecurityEventConstants.AlgorithmSuite,
1340 WSSecurityEventConstants.AlgorithmSuite,
1341 WSSecurityEventConstants.AlgorithmSuite,
1342 WSSecurityEventConstants.AlgorithmSuite,
1343 WSSecurityEventConstants.KeyValueToken,
1344 WSSecurityEventConstants.SignatureValue,
1345 WSSecurityEventConstants.SIGNED_PART,
1346 WSSecurityEventConstants.OPERATION,
1347 };
1348 final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
1349 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
1350 StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1351
1352 securityEventListener.compare();
1353
1354 SignedPartSecurityEvent signedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SIGNED_PART);
1355 SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue);
1356 OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION);
1357 String signedElementCorrelationID = signedPartSecurityEvent.getCorrelationID();
1358 String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID();
1359 String operationCorrelationID = operationSecurityEvent.getCorrelationID();
1360
1361 List<SecurityEvent> operationSecurityEvents = new ArrayList<>();
1362 List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
1363 List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<>();
1364
1365 List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
1366 for (SecurityEvent securityEvent : securityEvents) {
1367 if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
1368 signedElementSecurityEvents.add(securityEvent);
1369 } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) {
1370 signatureValueSecurityEvents.add(securityEvent);
1371 } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
1372 operationSecurityEvents.add(securityEvent);
1373 }
1374 }
1375
1376 assertEquals(3, signedElementSecurityEvents.size());
1377 assertEquals(4, signatureValueSecurityEvents.size());
1378 assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
1379 operationSecurityEvents.size() +
1380 signedElementSecurityEvents.size() + signatureValueSecurityEvents.size()
1381 );
1382 }
1383 }
1384
1385 @Test
1386 public void testSignatureDSAKeyValue() throws Exception {
1387
1388 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1389 {
1390 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1391 List<WSSConstants.Action> actions = new ArrayList<>();
1392 actions.add(WSSConstants.SIGNATURE);
1393 securityProperties.setActions(actions);
1394 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1395 securityProperties.setSignatureUser("transmitter-dsa");
1396 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_KeyValue);
1397 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1398 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#dsa-sha1");
1399
1400 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1401 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1402 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1403 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1404 xmlStreamWriter.close();
1405
1406 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1407 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1408 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1409
1410 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_DSAKeyValue.getNamespaceURI(), WSSConstants.TAG_dsig_DSAKeyValue.getLocalPart());
1411 assertEquals(nodeList.getLength(), 1);
1412
1413 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1414 assertEquals(nodeList.getLength(), 1);
1415 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1416 assertNotNull(idAttrValue);
1417 assertTrue(idAttrValue.length() > 0);
1418 }
1419
1420 {
1421 String action = WSHandlerConstants.SIGNATURE;
1422 Properties properties = new Properties();
1423 doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
1424 }
1425
1426 {
1427 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1428 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1429 securityProperties.addIgnoreBSPRule(BSPRule.R5421);
1430 securityProperties.addIgnoreBSPRule(BSPRule.R5417);
1431 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1432 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1433
1434 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1435 assertNotNull(document);
1436 }
1437 }
1438
1439 @Test
1440 public void testSignatureECKeyValue() throws Exception {
1441
1442
1443
1444
1445
1446 if ("IBM Corporation".equals(System.getProperty("java.vendor"))
1447 || System.getProperty("java.version") != null
1448 && System.getProperty("java.version").startsWith("1.8")) {
1449 return;
1450 }
1451
1452 if (Security.getProvider("BC") == null) {
1453 return;
1454 }
1455
1456 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1457 {
1458 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1459 List<WSSConstants.Action> actions = new ArrayList<>();
1460 actions.add(WSSConstants.SIGNATURE);
1461 securityProperties.setActions(actions);
1462 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1463 securityProperties.setSignatureUser("transmitter-ecdsa");
1464 securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_KeyValue);
1465 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1466 securityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512");
1467
1468 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1469 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1470 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1471 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1472 xmlStreamWriter.close();
1473
1474 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1475 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1476 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1477
1478 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig11_ECKeyValue.getNamespaceURI(), WSSConstants.TAG_dsig11_ECKeyValue.getLocalPart());
1479 assertEquals(nodeList.getLength(), 1);
1480
1481 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1482 assertEquals(nodeList.getLength(), 1);
1483 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1484 assertNotNull(idAttrValue);
1485 assertTrue(idAttrValue.length() > 0);
1486 }
1487
1488 {
1489 String action = WSHandlerConstants.SIGNATURE;
1490 Properties properties = new Properties();
1491 doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
1492 }
1493
1494 {
1495 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1496 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1497 securityProperties.addIgnoreBSPRule(BSPRule.R5421);
1498 securityProperties.addIgnoreBSPRule(BSPRule.R5417);
1499 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1500 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1501
1502 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1503 assertNotNull(document);
1504 }
1505 }
1506
1507 @Test
1508 public void testSignatureHMACOutputLengthInbound() throws Exception {
1509
1510 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1511 {
1512 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1513 String action = WSHandlerConstants.SIGNATURE;
1514 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
1515
1516 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_SignatureMethod.getNamespaceURI(), WSSConstants.TAG_dsig_SignatureMethod.getLocalPart());
1517 Element hmacElement = securedDocument.createElementNS(WSSConstants.TAG_dsig_HMACOutputLength.getNamespaceURI(), WSSConstants.TAG_dsig_HMACOutputLength.getLocalPart());
1518 hmacElement.setTextContent("abc");
1519 nodeList.item(0).appendChild(hmacElement);
1520
1521 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1522 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1523 }
1524
1525
1526 {
1527 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1528 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1529 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties, false, true);
1530 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1531
1532 try {
1533 StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1534 fail("Should have thrown XMLStreamException");
1535 } catch (XMLStreamException e) {
1536 assertTrue(e.getCause() instanceof WSSecurityException);
1537 assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
1538 }
1539 }
1540 }
1541
1542 @Test
1543 public void testInboundRequiredAlgorithm() throws Exception {
1544
1545 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1546 {
1547 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1548 String action = WSHandlerConstants.SIGNATURE;
1549 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
1550
1551
1552 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1553 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1554
1555 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1556 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1557 }
1558
1559
1560 {
1561 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1562 securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_RSASHA1);
1563 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1564 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1565 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1566
1567 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1568
1569
1570 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1571 assertEquals(nodeList.getLength(), 1);
1572 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1573 }
1574
1575
1576 {
1577 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1578 securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
1579 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1580 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1581
1582 try {
1583 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1584 StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1585 fail("Failure expected on the wrong signature algorithm");
1586 } catch (XMLStreamException e) {
1587 assertTrue(e.getCause() instanceof WSSecurityException);
1588 }
1589 }
1590 }
1591
1592 @Test
1593 public void testSignaturePropertiesOutbound() throws Exception {
1594
1595 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1596 {
1597 Map<String, Object> config = new HashMap<>();
1598 config.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
1599 config.put(ConfigurationConstants.SIGNATURE_USER, "transmitter");
1600 config.put(ConfigurationConstants.PW_CALLBACK_REF, new CallbackHandlerImpl());
1601 config.put(ConfigurationConstants.SIG_PROP_FILE, "transmitter-crypto.properties");
1602
1603 WSSSecurityProperties securityProperties = ConfigurationConverter.convert(config);
1604 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1605 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1606 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1607 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1608 xmlStreamWriter.close();
1609
1610 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
1611 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1612 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1613
1614 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
1615 assertEquals(nodeList.getLength(), 1);
1616
1617 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
1618 assertEquals(nodeList.getLength(), 1);
1619 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
1620 assertNotNull(idAttrValue);
1621 assertTrue(idAttrValue.length() > 0);
1622
1623 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
1624 assertEquals(nodeList.getLength(), 2);
1625 assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
1626 assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
1627 }
1628
1629 {
1630 String action = WSHandlerConstants.SIGNATURE;
1631 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
1632 }
1633 }
1634
1635 @Test
1636 public void testSignaturePropertiesInbound() throws Exception {
1637
1638 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1639 {
1640 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1641 String action = WSHandlerConstants.SIGNATURE;
1642 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
1643
1644
1645 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1646 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1647
1648 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1649 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1650 }
1651
1652
1653 {
1654 Map<String, Object> config = new HashMap<>();
1655 config.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
1656 config.put(ConfigurationConstants.SIG_VER_PROP_FILE, "transmitter-crypto.properties");
1657
1658 WSSSecurityProperties securityProperties = ConfigurationConverter.convert(config);
1659 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1660 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1661
1662 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1663
1664
1665 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1666 assertEquals(nodeList.getLength(), 1);
1667 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
1668 }
1669 }
1670
1671 @Test
1672 public void testElementToSignNotFound() throws Exception {
1673
1674 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1675 {
1676 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1677 List<WSSConstants.Action> actions = new ArrayList<>();
1678 actions.add(WSSConstants.SIGNATURE);
1679 securityProperties.setActions(actions);
1680 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
1681 securityProperties.setSignatureUser("transmitter");
1682 securityProperties.setTokenUser("transmitter");
1683 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1684 securityProperties.addSignaturePart(
1685 new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
1686 );
1687 securityProperties.addSignaturePart(
1688 new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
1689 );
1690
1691 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
1692 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
1693 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
1694
1695 try {
1696 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
1697 xmlStreamWriter.close();
1698 fail("Exception expected");
1699 } catch (XMLStreamException e) {
1700 assertTrue(e.getCause() instanceof XMLSecurityException);
1701 assertEquals("Part to sign not found: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken", e.getCause().getMessage());
1702 }
1703 }
1704 }
1705 }