You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/02/24 16:00:52 UTC
svn commit: r1661971 - in
/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src:
main/java/org/apache/wss4j/dom/processor/
main/java/org/apache/wss4j/dom/util/ test/java/org/apache/wss4j/dom/message/
Author: coheigea
Date: Tue Feb 24 15:00:52 2015
New Revision: 1661971
URL: http://svn.apache.org/r1661971
Log:
Refactoring of WS-SecurityUtil
Conflicts:
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java Tue Feb 24 15:00:52 2015
@@ -91,7 +91,9 @@ public class EncryptedDataProcessor impl
);
if (request.isRequireSignedEncryptedDataElements()) {
- WSSecurityUtil.verifySignedElement(elem, wsDocInfo);
+ List<WSSecurityEngineResult> signedResults =
+ wsDocInfo.getResultsByTag(WSConstants.SIGN);
+ WSSecurityUtil.verifySignedElement(elem, signedResults);
}
SecretKey key = null;
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Tue Feb 24 15:00:52 2015
@@ -525,7 +525,9 @@ public class EncryptedKeyProcessor imple
Element encryptedDataElement =
ReferenceListProcessor.findEncryptedDataElement(doc, docInfo, dataRefURI);
if (encryptedDataElement != null && data.isRequireSignedEncryptedDataElements()) {
- WSSecurityUtil.verifySignedElement(encryptedDataElement, docInfo);
+ List<WSSecurityEngineResult> signedResults =
+ docInfo.getResultsByTag(WSConstants.SIGN);
+ WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
}
//
// Prepare the SecretKey object to decrypt EncryptedData
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java Tue Feb 24 15:00:52 2015
@@ -149,7 +149,9 @@ public class ReferenceListProcessor impl
Element encryptedDataElement = findEncryptedDataElement(doc, wsDocInfo, dataRefURI);
if (encryptedDataElement != null && asymBinding && data.isRequireSignedEncryptedDataElements()) {
- WSSecurityUtil.verifySignedElement(encryptedDataElement, wsDocInfo);
+ List<WSSecurityEngineResult> signedResults =
+ wsDocInfo.getResultsByTag(WSConstants.SIGN);
+ WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
}
//
// Prepare the SecretKey object to decrypt EncryptedData
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Tue Feb 24 15:00:52 2015
@@ -1064,107 +1064,6 @@ public final class WSSecurityUtil {
}
/**
- * Check that all of the QName[] requiredParts are protected by a specified action in the
- * results list.
- * @param results The List of WSSecurityEngineResults from processing
- * @param action The action that is required (e.g. WSConstants.SIGN)
- * @param requiredParts An array of QNames that correspond to the required elements
- */
- @SuppressWarnings("unchecked")
- public static void checkAllElementsProtected(
- List<WSSecurityEngineResult> results,
- int action,
- QName[] requiredParts
- ) throws WSSecurityException {
-
- if (requiredParts != null) {
- for (int i = 0; i < requiredParts.length; i++) {
- QName requiredPart = requiredParts[i];
-
- boolean found = false;
- for (Iterator<WSSecurityEngineResult> iter = results.iterator();
- iter.hasNext() && !found;) {
- WSSecurityEngineResult result = iter.next();
- int resultAction =
- (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
- if (resultAction != action) {
- continue;
- }
- List<WSDataRef> refList =
- (List<WSDataRef>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
- if (refList != null) {
- for (WSDataRef dataRef : refList) {
- if (dataRef.getName().equals(requiredPart)) {
- found = true;
- break;
- }
- }
- }
- }
- if (!found) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILED_CHECK,
- "requiredElementNotProtected",
- requiredPart);
- }
- }
- LOG.debug("All required elements are protected");
- }
- }
-
- /**
- * Ensure that this covers all required elements (identified by
- * their wsu:Id attributes).
- *
- * @param resultItem the signature to check
- * @param requiredIDs the list of wsu:Id values that must be covered
- * @throws WSSecurityException if any required element is not included
- */
- @SuppressWarnings("unchecked")
- public static void checkSignsAllElements(
- WSSecurityEngineResult resultItem,
- String[] requiredIDs
- ) throws WSSecurityException {
- int resultAction =
- (Integer) resultItem.get(WSSecurityEngineResult.TAG_ACTION);
- if (resultAction != WSConstants.SIGN) {
- throw new IllegalArgumentException("Not a SIGN result");
- }
-
- List<WSDataRef> signedElemsRefList =
- (List<WSDataRef>)resultItem.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
- if (signedElemsRefList == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
- "WSSecurityEngineResult does not contain any references to signed elements"
- );
- }
-
- LOG.debug("Checking required elements are in the signature...");
- for (int i = 0; i < requiredIDs.length; i++) {
- boolean found = false;
- for (int j = 0; j < signedElemsRefList.size(); j++) {
- WSDataRef dataRef = signedElemsRefList.get(j);
- String wsuId = dataRef.getWsuId();
- if (wsuId.charAt(0) == '#') {
- wsuId = wsuId.substring(1);
- }
- if (wsuId.equals(requiredIDs[i])) {
- found = true;
- }
- }
- if (!found) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILED_CHECK,
- "requiredElementNotSigned",
- requiredIDs[i]);
- }
- LOG.debug("Element with ID " + requiredIDs[i] + " was correctly signed");
- }
- LOG.debug("All required elements are signed");
- }
-
-
- /**
* @return a list of child Nodes
*/
public static List<Node>
@@ -1255,8 +1154,11 @@ public final class WSSecurityUtil {
public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo)
throws WSSecurityException {
- List<WSSecurityEngineResult> signedResults =
- wsDocInfo.getResultsByTag(WSConstants.SIGN);
+ verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN));
+ }
+
+ public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults)
+ throws WSSecurityException {
if (signedResults != null) {
for (WSSecurityEngineResult signedResult : signedResults) {
@SuppressWarnings("unchecked")
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java Tue Feb 24 15:00:52 2015
@@ -119,23 +119,6 @@ public class EncryptionPartsTest extends
List<WSSecurityEngineResult> results = verify(encryptedDoc);
- QName name = new QName("urn:foo.bar", "foobar");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
- try {
- name = new QName("urn:foo.bar", "foobar2");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
- fail("Failure expected on a wrong protected part");
- } catch (WSSecurityException ex) {
- // expected
- }
- try {
- name = new QName("urn:foo.bar", "foobar");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
- fail("Failure expected on a wrong action");
- } catch (WSSecurityException ex) {
- // expected
- }
-
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
assertTrue(actionResult != null);
@@ -150,6 +133,8 @@ public class EncryptionPartsTest extends
String xpath = wsDataRef.getXpath();
assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath);
assertEquals(WSConstants.AES_128, wsDataRef.getAlgorithm());
+ QName expectedQName = new QName("urn:foo.bar", "foobar");
+ assertEquals(expectedQName, wsDataRef.getName());
}
@org.junit.Test
@@ -422,39 +407,32 @@ public class EncryptionPartsTest extends
QName fooName = new QName("urn:foo.bar", "foobar");
QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{fooName});
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{bodyName});
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.ENCR,
- new QName[]{bodyName, fooName}
- );
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.ENCR,
- new QName[]{fooName, bodyName}
- );
- try {
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.SIGN,
- new QName[]{fooName, bodyName}
- );
- fail("Failure expected on a wrong action");
- } catch (WSSecurityException ex) {
- // expected
- }
- try {
- QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.ENCR,
- new QName[]{fooName, bodyName, headerName}
- );
- fail("Failure expected on an unsatisfied requirement");
- } catch (WSSecurityException ex) {
- // expected
+ QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+
+ @SuppressWarnings("unchecked")
+ final java.util.List<WSDataRef> refs =
+ (java.util.List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ assertTrue(refs != null && !refs.isEmpty());
+
+ boolean foundFoo = false;
+ boolean foundBody = false;
+ boolean foundHeader = false;
+ for (WSDataRef ref : refs) {
+ if (fooName.equals(ref.getName())) {
+ foundFoo = true;
+ } else if (bodyName.equals(ref.getName())) {
+ foundBody = true;
+ } else if (headerName.equals(ref.getName())) {
+ foundHeader = true;
+ }
}
+ assertTrue(foundFoo && foundBody);
+ assertFalse(foundHeader);
}
@@ -496,8 +474,17 @@ public class EncryptionPartsTest extends
assertTrue (!outputString.contains("testMethod"));
List<WSSecurityEngineResult> results = verify(encryptedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ @SuppressWarnings("unchecked")
+ final List<WSDataRef> refs =
+ (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ WSDataRef wsDataRef = refs.get(0);
QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{bodyName});
+ assertEquals(bodyName, wsDataRef.getName());
}
/**
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java Tue Feb 24 15:00:52 2015
@@ -19,23 +19,32 @@
package org.apache.wss4j.dom.message;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SOAPUtil;
-import org.apache.wss4j.dom.common.SecurityTestUtil;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.datatype.Duration;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.saml.WSSecSignatureSAML;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
@@ -43,15 +52,6 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.datatype.Duration;
-import javax.xml.datatype.XMLGregorianCalendar;
-
/**
* This class tests the modification of requests.
*/
@@ -146,7 +146,7 @@ public class ModifiedRequestTest extends
* Test that signs a SOAP body element "value". The SOAP request is then modified
* so that the signed "value" element is put in the header, and the value of the
* original element is changed. The wsu:Id value of the original element is also
- * changed. Signature verification will pass, so we need to check the wsu:Id's.
+ * changed. Signature verification will pass, so we need to check the Elements.
*/
@org.junit.Test
public void testMovedElementChangedId() throws Exception {
@@ -179,8 +179,6 @@ public class ModifiedRequestTest extends
org.w3c.dom.Node clonedValueNode = valueNode.cloneNode(true);
secHeaderElement.appendChild(clonedValueNode);
valueNode.getFirstChild().setNodeValue("250");
- String savedId =
- ((org.w3c.dom.Element)valueNode).getAttributeNS(WSConstants.WSU_NS, "Id");
((org.w3c.dom.Element)valueNode).setAttributeNS(
WSConstants.WSU_NS, "wsu:Id", "id-250"
);
@@ -193,18 +191,12 @@ public class ModifiedRequestTest extends
}
//
- // Now we check that the wsu:Id of the element we want signed corresponds to the
- // wsu:Id that was actually signed...again, this should pass
+ // Check the signature...this should pass
//
List<WSSecurityEngineResult> results = verify(signedDoc);
- WSSecurityEngineResult actionResult =
- WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
- WSSecurityUtil.checkSignsAllElements(actionResult, new String[]{savedId});
-
//
- // Finally we need to check that the wsu:Id of the element we want signed in the
- // SOAP request is the same as the wsu:Id that was actually signed
+ // Finally we need to check that the Element that was signed is what we expect to be signed
//
envelopeElement = signedDoc.getDocumentElement();
org.w3c.dom.Node bodyNode =
@@ -215,14 +207,14 @@ public class ModifiedRequestTest extends
((org.w3c.dom.Element)bodyNode).getElementsByTagNameNS(
"http://blah.com", "value"
).item(0);
- String actualId =
- ((org.w3c.dom.Element)valueNode).getAttributeNS(WSConstants.WSU_NS, "Id");
+
+ List<WSSecurityEngineResult> signedResults =
+ WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN);
try {
- WSSecurityUtil.checkSignsAllElements(actionResult, new String[]{actualId});
- fail("Failure expected on bad wsu:Id");
+ WSSecurityUtil.verifySignedElement((org.w3c.dom.Element)valueNode, signedResults);
+ fail("Failure expected on the required element not being signed");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
- assertEquals("Element id-250 is not included in the signature", ex.getMessage());
}
}
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java Tue Feb 24 15:00:52 2015
@@ -126,23 +126,6 @@ public class SignaturePartsTest extends
List<WSSecurityEngineResult> results = verify(signedDoc);
- QName name = new QName("urn:foo.bar", "foobar");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
- try {
- name = new QName("urn:foo.bar", "foobar2");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
- fail("Failure expected on a wrong protected part");
- } catch (WSSecurityException ex) {
- // expected
- }
- try {
- name = new QName("urn:foo.bar", "foobar");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
- fail("Failure expected on a wrong action");
- } catch (WSSecurityException ex) {
- // expected
- }
-
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
assertTrue(actionResult != null);
@@ -156,6 +139,8 @@ public class SignaturePartsTest extends
assertEquals(WSConstants.RSA_SHA1, wsDataRef.getAlgorithm());
assertNotNull(wsDataRef.getDigestValue());
assertTrue(wsDataRef.getDigestValue().length > 0);
+ QName expectedQName = new QName("urn:foo.bar", "foobar");
+ assertEquals(expectedQName, wsDataRef.getName());
assertEquals(WSConstants.SHA1, wsDataRef.getDigestAlgorithm());
@@ -474,39 +459,32 @@ public class SignaturePartsTest extends
QName fooName = new QName("urn:foo.bar", "foobar");
QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{fooName});
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{bodyName});
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.SIGN,
- new QName[]{bodyName, fooName}
- );
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.SIGN,
- new QName[]{fooName, bodyName}
- );
- try {
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.ENCR,
- new QName[]{fooName, bodyName}
- );
- fail("Failure expected on a wrong action");
- } catch (WSSecurityException ex) {
- // expected
- }
- try {
- QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
- WSSecurityUtil.checkAllElementsProtected(
- results,
- WSConstants.SIGN,
- new QName[]{fooName, bodyName, headerName}
- );
- fail("Failure expected on an unsatisfied requirement");
- } catch (WSSecurityException ex) {
- // expected
+ QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+
+ @SuppressWarnings("unchecked")
+ final java.util.List<WSDataRef> refs =
+ (java.util.List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ assertTrue(refs != null && !refs.isEmpty());
+
+ boolean foundFoo = false;
+ boolean foundBody = false;
+ boolean foundHeader = false;
+ for (WSDataRef ref : refs) {
+ if (fooName.equals(ref.getName())) {
+ foundFoo = true;
+ } else if (bodyName.equals(ref.getName())) {
+ foundBody = true;
+ } else if (headerName.equals(ref.getName())) {
+ foundHeader = true;
+ }
}
+ assertTrue(foundFoo && foundBody);
+ assertFalse(foundHeader);
}
@@ -549,8 +527,17 @@ public class SignaturePartsTest extends
List<WSSecurityEngineResult> results = verify(signedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ @SuppressWarnings("unchecked")
+ final List<WSDataRef> refs =
+ (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ WSDataRef wsDataRef = refs.get(0);
QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
- WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{bodyName});
+ assertEquals(bodyName, wsDataRef.getName());
}
/**