You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/01 11:52:37 UTC
svn commit: r770601 -
/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
Author: coheigea
Date: Fri May 1 09:52:36 2009
New Revision: 770601
URL: http://svn.apache.org/viewvc?rev=770601&view=rev
Log:
[WSS-181] - Added a test for this (to test it works when not using Axis).
Modified:
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java?rev=770601&r1=770600&r2=770601&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java Fri May 1 09:52:36 2009
@@ -30,12 +30,14 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecTimestamp;
import org.w3c.dom.Document;
import javax.security.auth.callback.Callback;
@@ -44,6 +46,8 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
+import java.util.Vector;
/**
* WS-Security Test Case
@@ -194,6 +198,53 @@
verify(signedDoc);
}
+
+
+ /**
+ * Test that signs and verifies a Timestamp. The request is then modified so that the
+ * Timestamp has a default (WSU) namespace inserted. The signature validation should still
+ * pass due to c14n (see WSS-181).
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in signing or verification
+ */
+ public void testValidModifiedSignature() throws Exception {
+ WSSecSignature builder = new WSSecSignature();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ LOG.info("Before Signing....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecTimestamp timestamp = new WSSecTimestamp();
+ timestamp.setTimeToLive(300);
+ Document createdDoc = timestamp.build(doc, secHeader);
+
+ List parts = new Vector();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "Timestamp",
+ WSConstants.WSU_NS,
+ "");
+ parts.add(encP);
+ builder.setParts(parts);
+
+ Document signedDoc = builder.build(createdDoc, crypto, secHeader);
+ org.w3c.dom.Element secHeaderElement = secHeader.getSecurityHeader();
+ org.w3c.dom.Node timestampNode =
+ secHeaderElement.getElementsByTagName("wsu:Timestamp").item(0);
+ ((org.w3c.dom.Element)timestampNode).setAttributeNS(
+ WSConstants.XMLNS_NS, "xmlns", WSConstants.WSU_NS
+ );
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ verify(signedDoc);
+ }
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org