1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.nio.charset.StandardCharsets;
24 import java.util.ArrayList;
25 import java.util.List;
26
27 import javax.xml.stream.XMLStreamReader;
28 import javax.xml.stream.XMLStreamWriter;
29
30 import org.apache.wss4j.dom.handler.WSHandlerConstants;
31 import org.apache.wss4j.stax.ext.WSSConstants;
32 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
33 import org.apache.wss4j.stax.setup.OutboundWSSec;
34 import org.apache.wss4j.stax.setup.WSSec;
35 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
36 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
37 import org.junit.jupiter.api.Test;
38 import org.w3c.dom.Document;
39 import org.w3c.dom.Element;
40 import org.w3c.dom.NodeList;
41
42 import static org.junit.jupiter.api.Assertions.assertEquals;
43 import static org.junit.jupiter.api.Assertions.assertNotNull;
44 import static org.junit.jupiter.api.Assertions.assertTrue;
45
46
47
48
49 public class SignaturePrefixListTest extends AbstractTestBase {
50
51 @Test
52 public void testDuplicatePrefixListValues() throws Exception {
53
54 ByteArrayOutputStream baos = new ByteArrayOutputStream();
55 {
56 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
57 List<WSSConstants.Action> actions = new ArrayList<>();
58 actions.add(WSSConstants.SIGNATURE);
59 securityProperties.setActions(actions);
60 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
61 securityProperties.setSignatureUser("transmitter");
62 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
63
64 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
65 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
66 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/SignaturePrefixListMessage.xml"));
67 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
68 xmlStreamWriter.close();
69
70 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
71 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
72 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
73
74 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
75 assertEquals(nodeList.getLength(), 1);
76
77 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP12, WSSConstants.TAG_SOAP_BODY_LN);
78 assertEquals(nodeList.getLength(), 1);
79 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
80 assertNotNull(idAttrValue);
81 assertTrue(idAttrValue.length() > 0);
82
83 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
84 assertEquals(nodeList.getLength(), 2);
85
86 String parsedPrefixes = ((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart());
87 assertEquals(parsedPrefixes.split(" ").length, 5);
88 }
89
90 {
91 String action = WSHandlerConstants.SIGNATURE;
92 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
93 }
94 }
95
96 }