You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/05/28 12:37:22 UTC
svn commit: r1486859 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/mai...
Author: coheigea
Date: Tue May 28 10:37:21 2013
New Revision: 1486859
URL: http://svn.apache.org/r1486859
Log:
[WSS-447] - Add the ability to include the signing token for IssuerSerial/Thumbprint Reference cases
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Tue May 28 10:37:21 2013
@@ -466,6 +466,12 @@ public final class ConfigurationConstant
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION =
"validateSamlSubjectConfirmation";
+ /**
+ * Whether to include the Signature Token in the security header as well or not. This is only
+ * applicable to the IssuerSerial and Thumbprint Key Identifier cases. The default is false.
+ */
+ public static final String INCLUDE_SIGNATURE_TOKEN = "includeSignatureToken";
+
//
// (Non-boolean) Configuration parameters for the actions/processors
//
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Tue May 28 10:37:21 2013
@@ -52,6 +52,8 @@ public class SignatureAction implements
if (reqData.getSigDigestAlgorithm() != null) {
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
+
+ wsSign.setIncludeSignatureToken(reqData.isIncludeSignatureToken());
wsSign.setUserInfo(reqData.getSignatureUser(), passwordCallback.getPassword());
wsSign.setUseSingleCertificate(reqData.isUseSingleCert());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Tue May 28 10:37:21 2013
@@ -100,6 +100,7 @@ public class RequestData {
private boolean addUsernameTokenNonce;
private boolean addUsernameTokenCreated;
private Certificate[] tlsCerts;
+ private boolean includeSignatureToken;
public void clear() {
soapConstants = null;
@@ -132,6 +133,7 @@ public class RequestData {
setAddUsernameTokenNonce(false);
setAddUsernameTokenCreated(false);
setTlsCerts(null);
+ includeSignatureToken = false;
}
public Object getMsgContext() {
@@ -622,5 +624,13 @@ public class RequestData {
public void setTlsCerts(Certificate[] tlsCerts) {
this.tlsCerts = tlsCerts;
}
+
+ public boolean isIncludeSignatureToken() {
+ return includeSignatureToken;
+ }
+
+ public void setIncludeSignatureToken(boolean includeSignatureToken) {
+ this.includeSignatureToken = includeSignatureToken;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Tue May 28 10:37:21 2013
@@ -533,6 +533,9 @@ public abstract class WSHandler {
boolean useSingleCert = decodeUseSingleCertificate(reqData);
reqData.setUseSingleCert(useSingleCert);
+
+ boolean includeSignatureToken = decodeIncludeSignatureToken(reqData);
+ reqData.setIncludeSignatureToken(includeSignatureToken);
}
protected void decodeAlgorithmSuite(RequestData reqData) throws WSSecurityException {
@@ -788,6 +791,13 @@ public abstract class WSHandler {
);
}
+ protected boolean decodeIncludeSignatureToken(RequestData reqData)
+ throws WSSecurityException {
+ return decodeBooleanConfigValue(
+ reqData, WSHandlerConstants.INCLUDE_SIGNATURE_TOKEN, false
+ );
+ }
+
protected void decodeRequireSignedEncryptedDataElements(RequestData reqData)
throws WSSecurityException {
reqData.setRequireSignedEncryptedDataElements(decodeBooleanConfigValue(
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Tue May 28 10:37:21 2013
@@ -502,6 +502,13 @@ public final class WSHandlerConstants {
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION =
ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION;
+ /**
+ * Whether to include the Signature Token in the security header as well or not. This is only
+ * applicable to the IssuerSerial and Thumbprint Key Identifier cases. The default is false.
+ */
+ public static final String INCLUDE_SIGNATURE_TOKEN =
+ ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN;
+
//
// (Non-boolean) Configuration parameters for the actions/processors
//
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Tue May 28 10:37:21 2013
@@ -106,6 +106,7 @@ public class WSSecSignature extends WSSe
private Element securityHeader;
private boolean useCustomSecRef;
private boolean bstAddedToSecurityHeader;
+ private boolean includeSignatureToken;
public WSSecSignature() {
super();
@@ -220,6 +221,10 @@ public class WSSecSignature extends WSSe
new DOMX509IssuerSerial(doc, issuer, serialNumber);
DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
secRef.setX509Data(domX509Data);
+
+ if (includeSignatureToken) {
+ addBST(certs);
+ }
break;
case WSConstants.X509_KEY_IDENTIFIER:
@@ -228,10 +233,18 @@ public class WSSecSignature extends WSSe
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
+
+ if (includeSignatureToken) {
+ addBST(certs);
+ }
break;
case WSConstants.THUMBPRINT_IDENTIFIER:
secRef.setKeyIdentifierThumb(certs[0]);
+
+ if (includeSignatureToken) {
+ addBST(certs);
+ }
break;
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
@@ -432,6 +445,21 @@ public class WSSecSignature extends WSSe
}
/**
+ * Add a BinarySecurityToken
+ */
+ private void addBST(X509Certificate[] certs) throws WSSecurityException {
+ if (!useSingleCert) {
+ bstToken = new PKIPathSecurity(document);
+ ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
+ } else {
+ bstToken = new X509Security(document);
+ ((X509Security) bstToken).setX509Certificate(certs[0]);
+ }
+ bstToken.setID(certUri);
+ wsDocInfo.addTokenElement(bstToken.getElement(), false);
+ }
+
+ /**
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
*
@@ -816,5 +844,13 @@ public class WSSecSignature extends WSSe
}
return certs;
}
+
+ public boolean isIncludeSignatureToken() {
+ return includeSignatureToken;
+ }
+
+ public void setIncludeSignatureToken(boolean includeSignatureToken) {
+ this.includeSignatureToken = includeSignatureToken;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java Tue May 28 10:37:21 2013
@@ -100,6 +100,36 @@ public class SignatureTest extends org.j
assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
}
+ @org.junit.Test
+ public void testX509SignatureISAttached() throws Exception {
+ WSSecSignature builder = new WSSecSignature();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ builder.setIncludeSignatureToken(true);
+ LOG.info("Before Signing IS....");
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = builder.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message with IssuerSerial key identifier:");
+ String outputString =
+ XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ LOG.info("After Signing IS....");
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+ assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+ (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
+ }
+
/**
* Test that signs (twice) and verifies a WS-Security envelope.
@@ -366,6 +396,38 @@ public class SignatureTest extends org.j
assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
}
+ @org.junit.Test
+ public void testX509SignatureThumbAttached() throws Exception {
+ WSSecSignature builder = new WSSecSignature();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ builder.setIncludeSignatureToken(true);
+ LOG.info("Before Signing ThumbprintSHA1....");
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document signedDoc = builder.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message with ThumbprintSHA1 key identifier:");
+ String outputString =
+ XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ LOG.info("After Signing ThumbprintSHA1....");
+
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+ assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+ (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
+ }
/**
* Test that signs (twice) and verifies a WS-Security envelope.
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Tue May 28 10:37:21 2013
@@ -378,6 +378,10 @@ public final class ConfigurationConverte
boolean validateSamlSubjectConf =
decodeBooleanConfigValue(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true, config);
properties.setValidateSamlSubjectConfirmation(validateSamlSubjectConf);
+
+ boolean includeSignatureToken =
+ decodeBooleanConfigValue(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, false, config);
+ properties.setIncludeSignatureToken(includeSignatureToken);
}
private static void parseNonBooleanProperties(
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Tue May 28 10:37:21 2013
@@ -90,6 +90,7 @@ public class WSSSecurityProperties exten
private String signatureUser;
private boolean enableSignatureConfirmation = false;
private boolean enableSignatureConfirmationVerification = false;
+ private boolean includeSignatureToken;
private WSSCrypto signatureVerificationWSSCrypto;
private CertStore crlCertStore;
private WSSCrypto decryptionWSSCrypto;
@@ -133,6 +134,7 @@ public class WSSSecurityProperties exten
this.signatureUser = wssSecurityProperties.signatureUser;
this.enableSignatureConfirmation = wssSecurityProperties.enableSignatureConfirmation;
this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
+ this.includeSignatureToken = wssSecurityProperties.includeSignatureToken;
this.signatureVerificationWSSCrypto = wssSecurityProperties.signatureVerificationWSSCrypto;
this.crlCertStore = wssSecurityProperties.crlCertStore;
this.decryptionWSSCrypto = wssSecurityProperties.decryptionWSSCrypto;
@@ -809,5 +811,13 @@ public class WSSSecurityProperties exten
public void setMustUnderstand(boolean mustUnderstand) {
this.mustUnderstand = mustUnderstand;
}
+
+ public boolean isIncludeSignatureToken() {
+ return includeSignatureToken;
+ }
+
+ public void setIncludeSignatureToken(boolean includeSignatureToken) {
+ this.includeSignatureToken = includeSignatureToken;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java Tue May 28 10:37:21 2013
@@ -139,7 +139,10 @@ public class BinarySecurityTokenOutputPr
if (WSSConstants.SIGNATURE.equals(action)
|| WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, bstId);
- if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
+ boolean includeSignatureToken =
+ ((WSSSecurityProperties) getSecurityProperties()).isIncludeSignatureToken();
+ if (includeSignatureToken
+ || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor = new FinalBinarySecurityTokenOutputProcessor(binarySecurityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1486859&r1=1486858&r2=1486859&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Tue May 28 10:37:21 2013
@@ -601,6 +601,51 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
}
}
+
+ @Test
+ public void testSignatureKeyIdentifierIssuerSerialIncludeTokenOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ securityProperties.setIncludeSignatureToken(true);
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/dsig:X509Data/dsig:X509IssuerSerial/dsig:X509SerialNumber");
+ Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
+ Assert.assertEquals(nodeList.getLength(), 1);
+ String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart());
+ Assert.assertNotNull(idAttrValue);
+ Assert.assertTrue(idAttrValue.length() > 0);
+ }
+
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
@Test
public void testSignatureKeyIdentifierBinarySecurityTokenDirectReferenceOutbound() throws Exception {
@@ -976,6 +1021,52 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
}
}
+
+
+ @Test
+ public void testSignatureKeyIdentifierThumbprintIncludeTokenOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
+ securityProperties.setCallbackHandler(new org.apache.wss4j.stax.test.CallbackHandlerImpl());
+ securityProperties.setIncludeSignatureToken(true);
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1']");
+ Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
+ Assert.assertEquals(nodeList.getLength(), 1);
+ String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart());
+ Assert.assertNotNull(idAttrValue);
+ Assert.assertTrue(idAttrValue.length() > 0);
+ }
+
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
@Test
public void testSignatureKeyIdentifierSha1Outbound() throws Exception {