1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message.token;
21
22 import org.apache.wss4j.common.util.SOAPUtil;
23 import org.apache.wss4j.dom.WSConstants;
24
25 import org.apache.wss4j.dom.engine.WSSConfig;
26 import org.apache.wss4j.dom.engine.WSSecurityEngine;
27 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
28 import org.apache.wss4j.dom.handler.WSHandlerResult;
29 import org.apache.wss4j.common.bsp.BSPEnforcer;
30 import org.apache.wss4j.common.crypto.Crypto;
31 import org.apache.wss4j.common.crypto.CryptoFactory;
32 import org.apache.wss4j.common.crypto.CryptoType;
33 import org.apache.wss4j.common.ext.WSSecurityException;
34 import org.apache.wss4j.common.token.BinarySecurity;
35 import org.apache.wss4j.common.token.PKIPathSecurity;
36 import org.apache.wss4j.common.token.X509Security;
37 import org.apache.wss4j.common.util.XMLUtils;
38 import org.apache.wss4j.dom.message.WSSecHeader;
39 import org.apache.wss4j.dom.util.WSSecurityUtil;
40
41 import org.junit.jupiter.api.Test;
42 import org.w3c.dom.Document;
43
44 import java.security.cert.X509Certificate;
45
46 import static org.junit.jupiter.api.Assertions.assertNotNull;
47 import static org.junit.jupiter.api.Assertions.assertTrue;
48 import static org.junit.jupiter.api.Assertions.fail;
49
50
51
52
53 public class BinarySecurityTokenTest {
54 private static final org.slf4j.Logger LOG =
55 org.slf4j.LoggerFactory.getLogger(BinarySecurityTokenTest.class);
56 private Crypto crypto;
57
58 public BinarySecurityTokenTest() throws Exception {
59 crypto = CryptoFactory.getInstance("wss40.properties");
60 }
61
62
63
64
65 @Test
66 public void testX509() throws Exception {
67 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
68
69 WSSecHeader secHeader = new WSSecHeader(doc);
70 secHeader.insertSecurityHeader();
71
72 X509Security bst = new X509Security(doc);
73 CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
74 cryptoType.setAlias("wss40");
75 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
76 bst.setX509Certificate(certs[0]);
77
78 WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
79
80 if (LOG.isDebugEnabled()) {
81 LOG.debug("BST output");
82 String outputString =
83 XMLUtils.prettyDocumentToString(doc);
84 LOG.debug(outputString);
85 }
86
87 WSSecurityEngine secEngine = new WSSecurityEngine();
88 secEngine.setWssConfig(WSSConfig.getNewInstance());
89 WSHandlerResult results =
90 secEngine.processSecurityHeader(doc, null, null, crypto);
91
92 WSSecurityEngineResult actionResult =
93 results.getActionResults().get(WSConstants.BST).get(0);
94 BinarySecurity token =
95 (BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
96 assertNotNull(token);
97
98 BinarySecurity clone = new BinarySecurity(token.getElement(), new BSPEnforcer(true));
99 assertTrue(clone.equals(token));
100 assertTrue(clone.hashCode() == token.hashCode());
101 }
102
103
104
105
106 @Test
107 public void testPKIPath() throws Exception {
108 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
109
110 WSSecHeader secHeader = new WSSecHeader(doc);
111 secHeader.insertSecurityHeader();
112
113 PKIPathSecurity bst = new PKIPathSecurity(doc);
114 CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
115 cryptoType.setAlias("wss40");
116 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
117 bst.setX509Certificates(certs, crypto);
118
119 WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
120
121 if (LOG.isDebugEnabled()) {
122 LOG.debug("PKIPath output");
123 String outputString =
124 XMLUtils.prettyDocumentToString(doc);
125 LOG.debug(outputString);
126 }
127
128 WSSecurityEngine secEngine = new WSSecurityEngine();
129 secEngine.setWssConfig(WSSConfig.getNewInstance());
130 WSHandlerResult results =
131 secEngine.processSecurityHeader(doc, null, null, crypto);
132
133 WSSecurityEngineResult actionResult =
134 results.getActionResults().get(WSConstants.BST).get(0);
135 PKIPathSecurity token =
136 (PKIPathSecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
137 assertNotNull(token);
138 }
139
140
141
142
143 @Test
144 public void testCustomToken() throws Exception {
145 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
146
147 WSSecHeader secHeader = new WSSecHeader(doc);
148 secHeader.insertSecurityHeader();
149
150 BinarySecurity bst = new BinarySecurity(doc);
151 bst.setToken("12435677".getBytes());
152
153 WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
154
155 if (LOG.isDebugEnabled()) {
156 LOG.debug("Custom Token output");
157 String outputString =
158 XMLUtils.prettyDocumentToString(doc);
159 LOG.debug(outputString);
160 }
161
162 WSSecurityEngine secEngine = new WSSecurityEngine();
163 secEngine.setWssConfig(WSSConfig.getNewInstance());
164
165 try {
166 secEngine.processSecurityHeader(doc, null, null, crypto);
167 fail("Expected failure on no ValueType");
168 } catch (WSSecurityException ex) {
169 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
170 }
171
172 doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
173 bst = new BinarySecurity(doc);
174 bst.setToken("12435677".getBytes());
175 bst.setValueType("http://custom_value_Type");
176 secHeader = new WSSecHeader(doc);
177 secHeader.insertSecurityHeader();
178 WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
179
180 WSHandlerResult results =
181 secEngine.processSecurityHeader(doc, null, null, crypto);
182 WSSecurityEngineResult actionResult =
183 results.getActionResults().get(WSConstants.BST).get(0);
184 BinarySecurity token =
185 (BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
186 assertNotNull(token);
187 }
188
189 }