You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/04/03 09:45:03 UTC
[ws-wss4j] branch master updated: WSS-667 - Support JDK14
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new f25b842 WSS-667 - Support JDK14
f25b842 is described below
commit f25b842a484dce71893315055303840647d76767
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Apr 3 10:27:43 2020 +0100
WSS-667 - Support JDK14
---
pom.xml | 1 -
.../test/AsymmetricBindingIntegrationTest.java | 124 -----------
.../stax/test/TransportBindingIntegrationTest.java | 124 -----------
ws-security-stax/pom.xml | 1 +
.../apache/wss4j/stax/test/AbstractTestBase.java | 100 ---------
.../VulnerabliltyVectorsDecompressedBytesTest.java | 87 ++++++++
.../wss4j/stax/test/VulnerabliltyVectorsTest.java | 228 +--------------------
.../wss4j/stax/test/saml/CustomContentsTest.java | 3 +
.../src/test/resources/wss-config-compression.xml | 105 ++++++++++
9 files changed, 197 insertions(+), 576 deletions(-)
diff --git a/pom.xml b/pom.xml
index 4546735..fb40455 100644
--- a/pom.xml
+++ b/pom.xml
@@ -237,7 +237,6 @@
<target>${targetJdk}</target>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
- <arg>-Xplugin:ErrorProne</arg>
</compilerArgs>
<annotationProcessorPaths>
<path>
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
index fd98714..0506cc4 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
@@ -46,10 +46,8 @@ import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.wss4j.stax.setup.WSSec;
import org.apache.wss4j.stax.test.CallbackHandlerImpl;
import org.apache.wss4j.stax.test.saml.SAMLCallbackHandlerImpl;
-import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.SecurePart;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
@@ -1157,128 +1155,6 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase {
}
@Test
- public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:AsymmetricBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:InitiatorToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:InitiatorToken>\n" +
- " <sp:RecipientToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
- " <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:WssX509V3Token11/>\n" +
- " </wsp:Policy>\n" +
- " </sp:X509Token>\n" +
- " </wsp:Policy>\n" +
- " </sp:RecipientToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " <sp:ProtectTokens/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AsymmetricBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_WSU_TIMESTAMP, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_WSU_CREATED, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_WSU_EXPIRES, SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Content));
- List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.TIMESTAMP);
- actions.add(WSSConstants.SIGNATURE);
- actions.add(WSSConstants.ENCRYPT);
- outSecurityProperties.setActions(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(BSPRule.R5420);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- switchAllowMD5Algorithm(true);
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- fail("Exception expected");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof WSSecurityException);
- // assertEquals(e.getCause().getMessage(),
- // "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
- // assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
- } finally {
- switchAllowMD5Algorithm(false);
- }
- }
-
- @Test
public void testEncryptionAlgorithmSuiteNegative() throws Exception {
String policyString =
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
index 3c29bfa..720e8f1 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
@@ -42,9 +42,7 @@ import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.wss4j.stax.setup.WSSec;
import org.apache.wss4j.stax.test.CallbackHandlerImpl;
-import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.junit.jupiter.api.Test;
@@ -1328,128 +1326,6 @@ public class TransportBindingIntegrationTest extends AbstractPolicyTestBase {
}
@Test
- public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
- String policyString =
- "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
- "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
- " <wsp:All>\n" +
- " <sp:TransportBinding>\n" +
- " <wsp:Policy>\n" +
- " <sp:TransportToken>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpsToken>\n" +
- " <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
- " <sp:IssuerName>transmitter</sp:IssuerName>\n" +
- " <wsp:Policy>\n" +
- " <sp:HttpBasicAuthentication/>\n" +
- " </wsp:Policy>\n" +
- " </sp:HttpsToken>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportToken>\n" +
- " <sp:AlgorithmSuite>\n" +
- " <wsp:Policy>\n" +
- " <sp:Basic256/>\n" +
- " </wsp:Policy>\n" +
- " </sp:AlgorithmSuite>\n" +
- " <sp:Layout>\n" +
- " <wsp:Policy>\n" +
- " <sp:Lax/>\n" +
- " </wsp:Policy>\n" +
- " </sp:Layout>\n" +
- " <sp:IncludeTimestamp/>\n" +
- " </wsp:Policy>\n" +
- " </sp:TransportBinding>\n" +
- " <sp:SignedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:SignedParts>\n" +
- " <sp:SignedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:SignedElements>\n" +
- " <sp:EncryptedParts>\n" +
- " <sp:Body/>\n" +
- " <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
- " <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
- " </sp:EncryptedParts>\n" +
- " <sp:EncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
- " </sp:EncryptedElements>\n" +
- " <sp:ContentEncryptedElements>\n" +
- " <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
- " </sp:ContentEncryptedElements>\n" +
- " </wsp:All>\n" +
- " </wsp:ExactlyOne>";
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
- outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_WSU_TIMESTAMP.getNamespaceURI(), WSSConstants.TAG_WSU_TIMESTAMP.getLocalPart()), SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_WSU_CREATED.getNamespaceURI(), WSSConstants.TAG_WSU_CREATED.getLocalPart()), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_WSU_EXPIRES.getNamespaceURI(), WSSConstants.TAG_WSU_EXPIRES.getLocalPart()), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Content));
- List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.TIMESTAMP);
- actions.add(WSSConstants.SIGNATURE);
- actions.add(WSSConstants.ENCRYPT);
- outSecurityProperties.setActions(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.addIgnoreBSPRule(BSPRule.R5420);
-
- PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl(true, "transmitter");
- httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
- httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
- List<SecurityEvent> securityEventList = new ArrayList<>();
- securityEventList.add(httpsTokenSecurityEvent);
-
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- switchAllowMD5Algorithm(true);
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- fail("Exception expected");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof WSSecurityException);
- //assertEquals(e.getCause().getMessage(),
- // "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
- // assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
- } finally {
- switchAllowMD5Algorithm(false);
- }
- }
-
- @Test
public void testEncryptionAlgorithmSuiteNegative() throws Exception {
String policyString =
diff --git a/ws-security-stax/pom.xml b/ws-security-stax/pom.xml
index 2993614..e01748f 100644
--- a/ws-security-stax/pom.xml
+++ b/ws-security-stax/pom.xml
@@ -114,6 +114,7 @@
<systemPropertyVariables>
<log4j.configuration>log4j-wss.xml</log4j.configuration>
</systemPropertyVariables>
+ <reuseForks>false</reuseForks>
<!--<debugForkedProcess>true</debugForkedProcess>-->
</configuration>
</plugin>
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
index d5992b8..1c56e19 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
@@ -21,8 +21,6 @@ package org.apache.wss4j.stax.test;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Enumeration;
@@ -68,7 +66,6 @@ import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.impl.processor.input.DecryptInputProcessor;
import org.apache.wss4j.stax.setup.ConfigurationConverter;
import org.apache.wss4j.stax.setup.InboundWSSec;
import org.apache.wss4j.stax.setup.OutboundWSSec;
@@ -77,10 +74,6 @@ import org.apache.wss4j.stax.test.utils.SOAPUtil;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
-import org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor;
-import org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor;
-import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
@@ -704,99 +697,6 @@ public abstract class AbstractTestBase {
}
}
- //sometimes I really like reflection. We can fix jdk bugs which will never be fixed, we can do other funny things and
- //we can also change "private static final" fields for testing:-)
- //But keep in mind that this only works for Objects and not primitive types. Primitive types will be inlined...
- public static void switchAllowNotSameDocumentReferences(Boolean value) throws NoSuchFieldException, IllegalAccessException {
-
- Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("allowNotSameDocumentReferences");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- field.set(null, value);
- }
-
- public static void switchDoNotThrowExceptionForManifests(Boolean value) throws NoSuchFieldException, IllegalAccessException {
- Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("doNotThrowExceptionForManifests");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- field.set(null, value);
- }
-
- public static int changeValueOfMaximumAllowedReferencesPerManifest(Integer value) throws NoSuchFieldException, IllegalAccessException {
- Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedReferencesPerManifest");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- Integer oldval = (Integer)field.get(null);
- field.set(null, value);
- return oldval;
- }
-
- public static int changeValueOfMaximumAllowedTransformsPerReference(Integer value) throws NoSuchFieldException, IllegalAccessException {
- Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedTransformsPerReference");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- Integer oldval = (Integer)field.get(null);
- field.set(null, value);
- return oldval;
- }
-
- public static void switchAllowMD5Algorithm(Boolean value) throws NoSuchFieldException, IllegalAccessException {
- Field field = InboundSecurityContextImpl.class.getDeclaredField("allowMD5Algorithm");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- field.set(null, value);
- }
-
- public static int changeValueOfMaximumAllowedXMLStructureDepth(Integer value) throws NoSuchFieldException, IllegalAccessException {
- Field xmlEventReaderInputProcessorField = XMLEventReaderInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
- xmlEventReaderInputProcessorField.setAccessible(true);
- Field abstractDecryptInputProcessorField = AbstractDecryptInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
- abstractDecryptInputProcessorField.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(xmlEventReaderInputProcessorField, xmlEventReaderInputProcessorField.getModifiers() & ~Modifier.FINAL);
- modifiersField.setInt(abstractDecryptInputProcessorField, abstractDecryptInputProcessorField.getModifiers() & ~Modifier.FINAL);
-
- Integer oldval = (Integer)xmlEventReaderInputProcessorField.get(null);
- xmlEventReaderInputProcessorField.set(null, value);
- abstractDecryptInputProcessorField.set(null, value);
- return oldval;
- }
-
- public static long changeValueOfMaximumAllowedDecompressedBytes(Long value) throws NoSuchFieldException, IllegalAccessException {
- Field field = DecryptInputProcessor.class.getDeclaredField("MAX_ALLOWED_DECOMPRESSED_BYTES");
- field.setAccessible(true);
-
- Field modifiersField = Field.class.getDeclaredField("modifiers");
- modifiersField.setAccessible(true);
- modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
- Long oldval = (Long) field.get(null);
- field.set(null, value);
- return oldval;
- }
-
public static Double getJavaSpecificationVersion() {
String jsv = System.getProperty("java.specification.version");
if (jsv != null) {
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java
new file mode 100644
index 0000000..43f7349
--- /dev/null
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.setup.WSSec;
+import org.apache.xml.security.stax.config.Init;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+public class VulnerabliltyVectorsDecompressedBytesTest extends AbstractTestBase {
+
+ @BeforeAll
+ public static void setup() throws Exception {
+ WSSec.init();
+ Init.init(VulnerabliltyVectorsDecompressedBytesTest.class.getClassLoader().getResource("wss-config-compression.xml").toURI(),
+ VulnerabliltyVectorsDecompressedBytesTest.class);
+ }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void testMaximumAllowedDecompressedBytes() throws Exception {
+
+ try {
+ WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
+ outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ outboundSecurityProperties.setEncryptionUser("receiver");
+ outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ outboundSecurityProperties.setSignatureUser("transmitter");
+ outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ List<WSSConstants.Action> actions = new ArrayList<>();
+ actions.add(WSSConstants.TIMESTAMP);
+ actions.add(WSSConstants.SIGNATURE);
+ actions.add(WSSConstants.ENCRYPT);
+ outboundSecurityProperties.setActions(actions);
+ outboundSecurityProperties.setEncryptionCompressionAlgorithm("http://www.apache.org/2012/04/xmlsec/xz");
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
+
+
+ WSSSecurityProperties inboundSecurityProperties = new WSSSecurityProperties();
+ inboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ inboundSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ inboundSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+
+ doInboundSecurity(inboundSecurityProperties,
+ xmlInputFactory.createXMLStreamReader(
+ new ByteArrayInputStream(baos.toByteArray())));
+ fail("Expected XMLStreamException");
+ } catch (XMLStreamException e) {
+ assertTrue(e.getCause() instanceof IOException);
+ assertEquals(e.getCause().getMessage(),
+ "Maximum byte count (101) reached.");
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
index d51cee4..75404fb 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
@@ -20,31 +20,23 @@ package org.apache.wss4j.stax.test;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.io.IOException;
import java.io.InputStream;
-import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.List;
-import java.util.Map;
import java.util.Properties;
-
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
-import org.apache.commons.compress.compressors.xz.XZCompressorInputStream;
-import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.setup.WSSec;
-import org.apache.xml.security.stax.config.Init;
-import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
import org.junit.jupiter.api.Test;
+
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -302,47 +294,6 @@ public class VulnerabliltyVectorsTest extends AbstractTestBase {
}
@Test
- public void testMaximumAllowedTransformsPerReference() throws Exception {
-
- if (getJavaSpecificationVersion() > 1.7) {
- System.out.println("testMaximumAllowedTransformsPerReference skipped");
- return;
- }
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
- String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
- Properties properties = new Properties();
- properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
- Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
- WSSSecurityProperties securityProperties = new WSSSecurityProperties();
- securityProperties.setCallbackHandler(new CallbackHandlerImpl());
- securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- int oldval = 0;
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- oldval = changeValueOfMaximumAllowedTransformsPerReference(0);
- doInboundSecurity(securityProperties,
- xmlInputFactory.createXMLStreamReader(
- new ByteArrayInputStream(baos.toByteArray())));
- fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof WSSecurityException);
- assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
- } finally {
- changeValueOfMaximumAllowedTransformsPerReference(oldval);
- }
- }
-
-
- @Test
public void testDisallowMD5Algorithm() throws Exception {
WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
@@ -377,183 +328,6 @@ public class VulnerabliltyVectorsTest extends AbstractTestBase {
}
}
-
- @Test
- public void testAllowMD5Algorithm() throws Exception {
-
- if (getJavaSpecificationVersion() >= 1.7) {
- System.out.println("testAllowMD5Algorithm skipped");
- return;
- }
-
- WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
- outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outboundSecurityProperties.setEncryptionUser("receiver");
- outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outboundSecurityProperties.setSignatureUser("transmitter");
- outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outboundSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
- List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.TIMESTAMP);
- actions.add(WSSConstants.SIGNATURE);
- actions.add(WSSConstants.ENCRYPT);
- outboundSecurityProperties.setActions(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inboundsecurityProperties = new WSSSecurityProperties();
- inboundsecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inboundsecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inboundsecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inboundsecurityProperties.addIgnoreBSPRule(BSPRule.R5421);
-
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- switchAllowMD5Algorithm(true);
- Document document = doInboundSecurity(inboundsecurityProperties,
- xmlInputFactory.createXMLStreamReader(
- new ByteArrayInputStream(baos.toByteArray())));
- assertNotNull(document);
- } finally {
- switchAllowMD5Algorithm(false);
- }
- }
-
- @Test
- public void testMaximumAllowedXMLStructureDepth() throws Exception {
-
- if (getJavaSpecificationVersion() >= 1.7) {
- System.out.println("testAllowMD5Algorithm skipped");
- return;
- }
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
- String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE;
- Properties properties = new Properties();
- properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
- Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
- WSSSecurityProperties securityProperties = new WSSSecurityProperties();
- securityProperties.setCallbackHandler(new CallbackHandlerImpl());
- securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- int oldval = 0;
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- oldval = changeValueOfMaximumAllowedXMLStructureDepth(10);
- doInboundSecurity(securityProperties,
- xmlInputFactory.createXMLStreamReader(
- new ByteArrayInputStream(baos.toByteArray())));
- fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- assertEquals(e.getCause().getMessage(),
- "Maximum depth (10) of the XML structure reached. You can raise the maximum via the " +
- "\"MaximumAllowedXMLStructureDepth\" property in the configuration.");
- } finally {
- changeValueOfMaximumAllowedXMLStructureDepth(oldval);
- }
- }
-
- @Test
- public void testMaximumAllowedXMLStructureDepthInEncryptedContent() throws Exception {
-
- if (getJavaSpecificationVersion() >= 1.7) {
- System.out.println("testAllowMD5Algorithm skipped");
- return;
- }
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
- String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
- Properties properties = new Properties();
- properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
- Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
- WSSSecurityProperties securityProperties = new WSSSecurityProperties();
- securityProperties.setCallbackHandler(new CallbackHandlerImpl());
- securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- int oldval = 0;
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- oldval = changeValueOfMaximumAllowedXMLStructureDepth(10);
- doInboundSecurity(securityProperties,
- xmlInputFactory.createXMLStreamReader(
- new ByteArrayInputStream(baos.toByteArray())));
- fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- assertEquals(e.getCause().getMessage(),
- "Maximum depth (10) of the XML structure reached. You can raise the maximum via the " +
- "\"MaximumAllowedXMLStructureDepth\" property in the configuration.");
- } finally {
- changeValueOfMaximumAllowedXMLStructureDepth(oldval);
- }
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void testMaximumAllowedDecompressedBytes() throws Exception {
-
- long oldval = 0;
- try {
- Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
- Field algorithmsClassMapField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapOut");
- algorithmsClassMapField.setAccessible(true);
- Map<String, Class<?>> map = (Map<String, Class<?>>)algorithmsClassMapField.get(null);
- map.put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorOutputStream.class);
- algorithmsClassMapField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapIn");
- algorithmsClassMapField.setAccessible(true);
- map = (Map<String, Class<?>>)algorithmsClassMapField.get(null);
- map.put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorInputStream.class);
- oldval = changeValueOfMaximumAllowedDecompressedBytes(101L);
-
- WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
- outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outboundSecurityProperties.setEncryptionUser("receiver");
- outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outboundSecurityProperties.setSignatureUser("transmitter");
- outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.TIMESTAMP);
- actions.add(WSSConstants.SIGNATURE);
- actions.add(WSSConstants.ENCRYPT);
- outboundSecurityProperties.setActions(actions);
- outboundSecurityProperties.setEncryptionCompressionAlgorithm("http://www.apache.org/2012/04/xmlsec/xz");
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
-
-
- WSSSecurityProperties inboundSecurityProperties = new WSSSecurityProperties();
- inboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inboundSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inboundSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- doInboundSecurity(inboundSecurityProperties,
- xmlInputFactory.createXMLStreamReader(
- new ByteArrayInputStream(baos.toByteArray())));
- fail("Expected XMLStreamException");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof IOException);
- assertEquals(e.getCause().getMessage(),
- "Maximum byte count (101) reached.");
- } finally {
- changeValueOfMaximumAllowedDecompressedBytes(oldval);
- }
- }
-
@Test
public void testModifiedEncryptedKeyCipherValue() throws Exception {
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
index 9a4e5ab..9a2f729 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
@@ -19,6 +19,7 @@
package org.apache.wss4j.stax.test.saml;
import org.apache.wss4j.common.WSS4JConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
@@ -60,6 +61,8 @@ public class CustomContentsTest extends AbstractTestBase {
@Test
public void testSubjectConfirmationDataExtensibility() throws Exception {
+ OpenSAMLUtil.initSamlEngine();
+
// create a data structure with custom contents
SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
{
diff --git a/ws-security-stax/src/test/resources/wss-config-compression.xml b/ws-security-stax/src/test/resources/wss-config-compression.xml
new file mode 100644
index 0000000..67e5df2
--- /dev/null
+++ b/ws-security-stax/src/test/resources/wss-config-compression.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0"?>
+<!-- This configuration file is used for configuration of the org.apache.wss4j -->
+<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration" xmlns:xi="http://www.w3.org/2001/XInclude">
+ <Properties>
+ <Property NAME="securityTokenFactory" VAL="org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
+ <Property NAME="MaximumAllowedDecompressedBytes" VAL="101"/>
+ <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:Properties/c:Property[@NAME!='securityTokenFactory'])"/>
+ <Property NAME="AllowNotSameDocumentReferences" VAL="true"/>
+ </Properties>
+ <SecurityHeaderHandlers>
+ <Handler NAME="BinarySecurityToken"
+ URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.BinarySecurityTokenInputHandler"/>
+ <Handler NAME="EncryptedKey"
+ URI="http://www.w3.org/2001/04/xmlenc#"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSEncryptedKeyInputHandler"/>
+ <Handler NAME="ReferenceList"
+ URI="http://www.w3.org/2001/04/xmlenc#"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.ReferenceListInputHandler"/>
+ <Handler NAME="EncryptedData"
+ URI="http://www.w3.org/2001/04/xmlenc#"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.EncryptedDataInputHandler"/>
+ <Handler NAME="Signature"
+ URI="http://www.w3.org/2000/09/xmldsig#"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSSignatureInputHandler"/>
+ <Handler NAME="Timestamp"
+ URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.TimestampInputHandler"/>
+ <Handler NAME="UsernameToken"
+ URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.UsernameTokenInputHandler"/>
+ <Handler NAME="SignatureConfirmation"
+ URI="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputHandler"/>
+ <Handler NAME="SecurityTokenReference"
+ URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityTokenReferenceInputHandler"/>
+ <Handler NAME="Assertion"
+ URI="urn:oasis:names:tc:SAML:1.0:assertion"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
+ <Handler NAME="Assertion"
+ URI="urn:oasis:names:tc:SAML:2.0:assertion"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
+ <Handler NAME="SecurityContextToken"
+ URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
+ <Handler NAME="SecurityContextToken"
+ URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
+ <Handler NAME="DerivedKeyToken"
+ URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
+ <Handler NAME="DerivedKeyToken"
+ URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
+ JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
+ </SecurityHeaderHandlers>
+ <TransformAlgorithms>
+ <!-- STR-Transformer -->
+ <TransformAlgorithm URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"
+ JAVACLASS="org.apache.wss4j.stax.impl.transformer.STRTransformer" />
+
+ <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
+ JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform" />
+ <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"
+ JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentCompleteSignatureTransform" />
+
+ <!-- The compress-transformations are disabled by default because its not standard
+ and could introduce potential security issues -->
+ <!--
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="IN"
+ JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream" />
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="IN"
+ JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream" />
+ -->
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="IN"
+ JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorInputStream" />
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="OUT"
+ JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorOutputStream" />
+ <!--
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="IN"
+ JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream" />
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="OUT"
+ JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream" />
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="OUT"
+ JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream" />
+ <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="OUT"
+ JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream" />
+ -->
+
+ <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:TransformAlgorithms/c:TransformAlgorithm[@URI!='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform'])"/>
+ </TransformAlgorithms>
+ <JCEAlgorithmMappings>
+ <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:JCEAlgorithmMappings/c:Algorithm)"/>
+ </JCEAlgorithmMappings>
+ <ResourceResolvers>
+ <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverSameDocument"
+ DESCRIPTION="A simple resolver for requests of same-document URIs"/>
+ <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverXPointer"
+ DESCRIPTION="A simple resolver for requests of XPointer fragents"/>
+ <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverAttachment"
+ DESCRIPTION="A simple resolver for SwA"/>
+ <xi:include href="security-config.xml"
+ xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:ResourceResolvers/c:Resolver[@JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument' and @JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer'])"/>
+ </ResourceResolvers>
+</Configuration>