1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message.token;
21
22 import java.util.Collections;
23
24 import org.apache.wss4j.common.bsp.BSPEnforcer;
25 import org.apache.wss4j.common.bsp.BSPRule;
26 import org.apache.wss4j.common.ext.WSSecurityException;
27 import org.apache.wss4j.common.token.Reference;
28 import org.apache.wss4j.common.token.SecurityTokenReference;
29 import org.apache.wss4j.common.util.DOM2Writer;
30 import org.apache.wss4j.common.util.SOAPUtil;
31 import org.apache.wss4j.dom.WSConstants;
32
33 import org.apache.wss4j.dom.engine.WSSConfig;
34
35 import org.junit.jupiter.api.Test;
36 import org.w3c.dom.Document;
37 import org.w3c.dom.Element;
38
39 import static org.junit.jupiter.api.Assertions.assertTrue;
40 import static org.junit.jupiter.api.Assertions.fail;
41
42
43
44
45 public class SecurityTokenReferenceTest {
46 private static final org.slf4j.Logger LOG =
47 org.slf4j.LoggerFactory.getLogger(SecurityTokenReferenceTest.class);
48
49 public SecurityTokenReferenceTest() {
50 WSSConfig.init();
51 }
52
53
54
55
56 @Test
57 public void testReferenceNoURI() throws Exception {
58 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
59
60
61 SecurityTokenReference str = new SecurityTokenReference(doc);
62 str.addWSSENamespace();
63 Reference ref = new Reference(doc);
64 ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
65 ref.setURI(null);
66 str.setReference(ref);
67
68 if (LOG.isDebugEnabled()) {
69 LOG.debug(str.toString());
70 }
71
72
73 Element strElement = str.getElement();
74 try {
75 new SecurityTokenReference(strElement, new BSPEnforcer(true));
76 fail("Failure expected on a reference with no URI");
77 } catch (WSSecurityException ex) {
78 assertTrue(ex.getMessage().contains("Reference URI is null"));
79 }
80 }
81
82
83
84
85 @Test
86 public void testMultipleChildren() throws Exception {
87 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
88
89
90 SecurityTokenReference str = new SecurityTokenReference(doc);
91 str.addWSSENamespace();
92 str.setKeyIdentifierEncKeySHA1("123456");
93 Element strElement = str.getElement();
94
95 Reference ref = new Reference(doc);
96 ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
97 ref.setURI("#123");
98 strElement.appendChild(ref.getElement());
99
100 if (LOG.isDebugEnabled()) {
101 LOG.debug(str.toString());
102 }
103
104 BSPEnforcer bspEnforcer = new BSPEnforcer();
105
106 try {
107 new SecurityTokenReference(strElement, bspEnforcer);
108 fail("Failure expected on multiple data references");
109 } catch (WSSecurityException ex) {
110 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
111 }
112
113 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3061));
114 new SecurityTokenReference(strElement, bspEnforcer);
115 }
116
117
118
119
120 @Test
121 public void testKeyIdentifierNoValueType() throws Exception {
122 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
123
124
125 SecurityTokenReference str = new SecurityTokenReference(doc);
126 str.addWSSENamespace();
127 str.setKeyIdentifier(null, "#123");
128 Element strElement = str.getElement();
129
130 if (LOG.isDebugEnabled()) {
131 LOG.debug(str.toString());
132 }
133
134 BSPEnforcer bspEnforcer = new BSPEnforcer();
135
136 try {
137 new SecurityTokenReference(strElement, bspEnforcer);
138 fail("Failure expected on a Key Identifier with no ValueType");
139 } catch (WSSecurityException ex) {
140 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
141 }
142
143 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3054));
144 }
145
146
147
148
149 @Test
150 public void testKeyIdentifierBadEncodingType() throws Exception {
151 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
152
153
154 SecurityTokenReference str = new SecurityTokenReference(doc);
155 str.addWSSENamespace();
156 Element strElement = str.getElement();
157
158 Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
159 keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
160 keyId.setAttributeNS(null, "EncodingType", "http://bad_encoding");
161 keyId.appendChild(doc.createTextNode("#123"));
162 strElement.appendChild(keyId);
163
164 if (LOG.isDebugEnabled()) {
165 LOG.debug(str.toString());
166 }
167
168 BSPEnforcer bspEnforcer = new BSPEnforcer();
169
170 try {
171 new SecurityTokenReference(strElement, bspEnforcer);
172 fail("Failure expected on a Key Identifier with a Bad EncodingType");
173 } catch (WSSecurityException ex) {
174 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
175 }
176
177 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3071));
178 }
179
180
181
182
183
184 @Test
185 public void testKeyIdentifierNoEncodingType() throws Exception {
186 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
187
188
189 SecurityTokenReference str = new SecurityTokenReference(doc);
190 str.addWSSENamespace();
191 Element strElement = str.getElement();
192
193 Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
194 keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
195 keyId.appendChild(doc.createTextNode("#123"));
196 strElement.appendChild(keyId);
197
198 if (LOG.isDebugEnabled()) {
199 LOG.debug(str.toString());
200 }
201
202 BSPEnforcer bspEnforcer = new BSPEnforcer();
203
204 try {
205 new SecurityTokenReference(strElement, bspEnforcer);
206 fail("Failure expected on a Key Identifier with no EncodingType");
207 } catch (WSSecurityException ex) {
208 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
209 }
210
211 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3070));
212 }
213
214
215
216
217
218 @Test
219 public void testKeyIdentifierSAMLNoEncodingType() throws Exception {
220 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
221
222
223 SecurityTokenReference str = new SecurityTokenReference(doc);
224 str.addWSSENamespace();
225 Element strElement = str.getElement();
226
227 Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
228 keyId.setAttributeNS(null, "ValueType", WSConstants.WSS_SAML_KI_VALUE_TYPE);
229 keyId.appendChild(doc.createTextNode("#123"));
230 strElement.appendChild(keyId);
231
232 if (LOG.isDebugEnabled()) {
233 LOG.debug(str.toString());
234 }
235
236 BSPEnforcer bspEnforcer = new BSPEnforcer();
237 new SecurityTokenReference(strElement, bspEnforcer);
238 }
239
240
241
242
243
244 @Test
245 public void testEmbeddedSTRChild() throws Exception {
246 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
247
248
249 SecurityTokenReference str = new SecurityTokenReference(doc);
250 str.addWSSENamespace();
251 Element strElement = str.getElement();
252
253 Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
254 str = new SecurityTokenReference(doc);
255 str.addWSSENamespace();
256 embedded.appendChild(str.getElement());
257
258 strElement.appendChild(embedded);
259
260 if (LOG.isDebugEnabled()) {
261 LOG.debug(DOM2Writer.nodeToString(strElement));
262 }
263
264 BSPEnforcer bspEnforcer = new BSPEnforcer();
265
266 try {
267 new SecurityTokenReference(strElement, bspEnforcer);
268 fail("Failure expected on an Embedded Child with a SecurityTokenReference child");
269 } catch (WSSecurityException ex) {
270 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
271 }
272
273 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3056));
274 }
275
276
277
278
279
280 @Test
281 public void testMultipleEmbeddedChildren() throws Exception {
282 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
283
284
285 SecurityTokenReference str = new SecurityTokenReference(doc);
286 str.addWSSENamespace();
287 Element strElement = str.getElement();
288
289 Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
290 Element embedded1 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
291 Element embedded2 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
292 embedded.appendChild(embedded1);
293 embedded.appendChild(embedded2);
294
295 strElement.appendChild(embedded);
296
297 if (LOG.isDebugEnabled()) {
298 LOG.debug(DOM2Writer.nodeToString(strElement));
299 }
300
301 BSPEnforcer bspEnforcer = new BSPEnforcer();
302
303 try {
304 new SecurityTokenReference(strElement, bspEnforcer);
305 fail("Failure expected on an Embedded Child with multiple children");
306 } catch (WSSecurityException ex) {
307 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
308 }
309
310 bspEnforcer.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3060));
311 }
312
313 }