You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/15 13:21:29 UTC
svn commit: r775086 - in /webservices/wss4j/trunk:
interop/org/apache/ws/axis/oasis/ping/ src/org/apache/ws/security/action/
src/org/apache/ws/security/handler/ src/org/apache/ws/security/message/
src/org/apache/ws/security/message/token/ src/org/apach...
Author: coheigea
Date: Fri May 15 11:21:29 2009
New Revision: 775086
URL: http://svn.apache.org/viewvc?rev=775086&view=rev
Log:
[WSS-189] - Refactored Signature Confirmation code
- Also added some tests.
- Changed some Vector references to Lists.
Added:
webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java (with props)
Modified:
webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SignatureConfirmation.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/wssec/PackageTests.java
Modified: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java (original)
+++ webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java Fri May 15 11:21:29 2009
@@ -36,6 +36,7 @@
import javax.xml.rpc.holders.StringHolder;
import java.security.Principal;
+import java.util.List;
import java.util.Vector;
public class PingBindingImpl
@@ -57,7 +58,7 @@
for (int i = 0; i < results.size(); i++) {
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
WSSecurityEngineResult wser =
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java Fri May 15 11:21:29 2009
@@ -28,6 +28,12 @@
* Interface for all actions
*/
public interface Action {
- public void execute(WSHandler handler, int actionToDo, Document doc,
- RequestData reqData) throws WSSecurityException;
+
+ public void execute(
+ WSHandler handler,
+ int actionToDo,
+ Document doc,
+ RequestData reqData
+ ) throws WSSecurityException;
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java Fri May 15 11:21:29 2009
@@ -45,27 +45,35 @@
log.debug("Perform Signature confirmation");
}
- Vector results = (Vector) handler.getProperty(reqData.getMsgContext(),
- WSHandlerConstants.RECV_RESULTS);
- /*
- * loop over all results gathered by all handlers in the chain. For each
- * handler result get the various actions. After that loop we have all
- * signature results in the signatureActions vector
- */
- Vector signatureActions = new Vector();
+ List results =
+ (List) handler.getProperty(reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS);
+ if (results == null) {
+ return;
+ }
+ //
+ // Loop over all the (signature) results gathered by all the processors, and store
+ // them in a list.
+ //
+ List signatureActions = new Vector();
for (int i = 0; i < results.size(); i++) {
WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+ List resultList = wshResult.getResults();
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.SIGN, signatureActions);
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.ST_SIGNED, signatureActions);
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.UT_SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(
+ resultList, WSConstants.SIGN, signatureActions
+ );
+ WSSecurityUtil.fetchAllActionResults(
+ resultList, WSConstants.ST_SIGNED, signatureActions
+ );
+ WSSecurityUtil.fetchAllActionResults(
+ resultList, WSConstants.UT_SIGN, signatureActions
+ );
}
- List signatureParts = reqData.getSignatureParts();
+ //
// prepare a SignatureConfirmation token
+ //
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ List signatureParts = reqData.getSignatureParts();
if (signatureActions.size() > 0) {
if (log.isDebugEnabled()) {
log.debug("Signature Confirmation: number of Signature results: "
@@ -82,7 +90,8 @@
signatureParts.add(new WSEncryptionPart(wsc.getId()));
}
handler.setProperty(
- reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE, WSHandler.DONE
+ reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE, ""
);
}
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Fri May 15 11:21:29 2009
@@ -60,7 +60,6 @@
* @author Marcel Ammerlaan (marcel.ammerlaan@gmail.com).
*/
public abstract class WSHandler {
- public static final String DONE = "done";
private static Log log = LogFactory.getLog(WSHandler.class.getName());
protected WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
protected Hashtable cryptos = new Hashtable(5);
@@ -166,16 +165,14 @@
}
/*
* If SignatureConfirmation is enabled and this is a response then
- * insert SignatureConfrmation elements, note their wsu:id in the signature
+ * insert SignatureConfirmation elements, note their wsu:id in the signature
* parts. They will be signed automatically during a (probably) defined
* SIGN action.
*/
if (wssConfig.isEnableSignatureConfirmation() && !isRequest) {
String done = (String)
getProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE);
- if (!DONE.equals(done)
- && (getProperty(reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS))
- != null) {
+ if (done == null) {
wssConfig.getAction(WSConstants.SC).execute(this, WSConstants.SC, doc, reqData);
}
}
@@ -229,17 +226,16 @@
* other actors.
*/
if (wssConfig.isEnableSignatureConfirmation()
- && isRequest
- && reqData.getSignatureValues().size() > 0) {
- Vector sigv = (Vector)
- getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
- if (sigv == null) {
- sigv = new Vector();
- setProperty(reqData.getMsgContext(),
- WSHandlerConstants.SEND_SIGV, sigv);
+ && isRequest && reqData.getSignatureValues().size() > 0) {
+ List savedSignatures =
+ (List)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+ if (savedSignatures == null) {
+ savedSignatures = new Vector();
+ setProperty(
+ reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV, savedSignatures
+ );
}
- // sigv.add(reqData.getSignatureValues());
- sigv.addAll(reqData.getSignatureValues());
+ savedSignatures.addAll(reqData.getSignatureValues());
}
}
@@ -328,80 +324,84 @@
return true;
}
- protected void checkSignatureConfirmation(RequestData reqData,
- Vector wsResult) throws WSSecurityException{
+ protected void checkSignatureConfirmation(
+ RequestData reqData,
+ List resultList
+ ) throws WSSecurityException{
if (doDebug) {
log.debug("Check Signature confirmation");
}
-
- /*
- * First get all Signature values stored during sending the request
- */
- Vector sigv = (Vector) getProperty(reqData.getMsgContext(),
- WSHandlerConstants.SEND_SIGV);
- /*
- * Now get all results that hold a SignatureConfirmation element from
- * the current run of receiver (we can have more than one run: if we
- * have several security header blocks with different actors/roles)
- */
- Vector sigConf = new Vector();
- WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SC, sigConf);
- /*
- * now loop over all SignatureConfirmation results and check:
- * - if there is a signature value and no Signature value generated in request: error
- * - if there is a signature value and no matching Signature value found: error
- *
- * If a matching value found: remove from vector of stored signature values
- */
+ //
+ // First get all Signature values stored during sending the request
+ //
+ List savedSignatures =
+ (List) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+ //
+ // Now get all results that hold a SignatureConfirmation element from
+ // the current run of receiver (we can have more than one run: if we
+ // have several security header blocks with different actors/roles)
+ //
+ List sigConf = new Vector();
+ WSSecurityUtil.fetchAllActionResults(resultList, WSConstants.SC, sigConf);
+ //
+ // now loop over all SignatureConfirmation results and check:
+ // - if there is a signature value and no Signature value generated in request: error
+ // - if there is a signature value and no matching Signature value found: error
+ //
+ // If a matching value found: remove from vector of stored signature values
+ //
for (int i = 0; i < sigConf.size(); i++) {
WSSecurityEngineResult result =
(WSSecurityEngineResult)sigConf.get(i);
SignatureConfirmation sc =
- (SignatureConfirmation)result.get(WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION);
+ (SignatureConfirmation)result.get(
+ WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION
+ );
byte[] sigVal = sc.getSignatureValue();
if (sigVal != null) {
- if (sigv == null || sigv.size() == 0) {
- // If there are no stored signature values
+ if (savedSignatures == null || savedSignatures.size() == 0) {
+ //
+ // If there are no stored signature values, and we've received a
+ // SignatureConfirmation element then throw an Exception
+ //
if (sigVal.length != 0) {
- // If there's no value in the case where there are no
- // stored SV it is valid. Therefore if there IS a value
- // in the sig confirmation element
throw new WSSecurityException(
- "WSHandler: Check Signature confirmation: got a SC element, "
- + "but no stored SV"
+ "Received a SignatureConfirmation element, but there are no stored"
+ + "signature values"
);
}
} else {
- //If we have stored signature values
boolean found = false;
- for (int ii = 0; ii < sigv.size(); ii++) {
- byte[] storedValue = (byte[]) sigv.get(ii);
+ for (int j = 0; j < savedSignatures.size(); j++) {
+ byte[] storedValue = (byte[]) savedSignatures.get(j);
if (Arrays.equals(sigVal, storedValue)) {
found = true;
- sigv.remove(ii);
+ savedSignatures.remove(j);
break;
}
}
if (!found) {
throw new WSSecurityException(
- "WSHandler: Check Signature confirmation: got SC element, "
- + "but no matching SV"
+ "Received a SignatureConfirmation element, but there are no matching"
+ + "stored signature values"
);
}
}
}
}
- /*
- * This indicates this is the last handler: the vector holding the
- * stored Signature values must be empty, otherwise we have an error
- */
+ //
+ // This indicates this is the last handler: the list holding the
+ // stored Signature values must be empty, otherwise we have an error
+ //
if (!reqData.isNoSerialization()) {
- log.debug("Check Signature confirmation - last handler");
- if (sigv != null && !sigv.isEmpty()) {
+ if (doDebug) {
+ log.debug("Check Signature confirmation - last handler");
+ }
+ if (savedSignatures != null && !savedSignatures.isEmpty()) {
throw new WSSecurityException(
- "WSHandler: Check Signature confirmation: stored SV vector not empty"
+ "Check Signature confirmation: the stored signature values list is not empty"
);
}
}
@@ -918,7 +918,7 @@
if (!WSSecurityUtil.isActorEqual(reqData.getActor(), hActor)) {
continue;
}
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Fri May 15 11:21:29 2009
@@ -403,7 +403,7 @@
public static final String SIG_PROP_FILE = "signaturePropFile";
/**
- * The key that hold the refernce of the <code>java.util.Properties</code>
+ * The key that holds the reference of the <code>java.util.Properties</code>
* object holding complete info about signature Crypto implementation.
* This should contain all information that would contain in an equivalent
* .properties file which includes the Crypto implementation class name.
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerResult.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerResult.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerResult.java Fri May 15 11:21:29 2009
@@ -19,23 +19,23 @@
package org.apache.ws.security.handler;
-import java.util.Vector;
+import java.util.List;
/**
* @author Werner Dittmann (Werner.Dittmann@Siemens.com)
*/
public class WSHandlerResult {
private String actor;
- private Vector wsSecurityResults;
+ private List wsSecurityResults;
/**
* constructor
* @param actor
* @param wsResults
*/
- public WSHandlerResult(String actor, Vector wsResults) {
+ public WSHandlerResult(String actor, List results) {
this.actor = actor;
- this.wsSecurityResults = wsResults;
+ this.wsSecurityResults = results;
}
/**
@@ -48,9 +48,9 @@
/**
* gets the the security results
- * @return vector
+ * @return list
*/
- public Vector getResults() {
+ public List getResults() {
return wsSecurityResults;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java Fri May 15 11:21:29 2009
@@ -60,7 +60,7 @@
*/
public void prepare(Document doc) {
sc = new SignatureConfirmation(doc, signatureValue);
- sc.setID(wssConfig.getIdAllocator().createId("SigConf-", sc));
+ sc.setID(wssConfig.getIdAllocator().createId("SC-", sc));
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SignatureConfirmation.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SignatureConfirmation.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SignatureConfirmation.java Fri May 15 11:21:29 2009
@@ -37,20 +37,20 @@
*/
public class SignatureConfirmation {
- private static final String VALUE = "Value";
+ public static final String SC_VALUE_ATTR = "Value";
protected Element element = null;
private byte[] signatureValue = null;
/**
* Constructs a <code>SignatureConfirmation</code> object and parses the
- * <code>wsse11:SignatureCOnfirmation</code> element to initialize it.
+ * <code>wsse11:SignatureConfirmation</code> element to initialize it.
*
* @param elem the <code>wsse11:SignatureCOnfirmation</code> element that
* contains the confirmation data
*/
public SignatureConfirmation(Element elem) throws WSSecurityException {
element = elem;
- String sv = element.getAttribute(VALUE);
+ String sv = element.getAttribute(SC_VALUE_ATTR);
if (sv != null) {
signatureValue = Base64.decode(sv);
}
@@ -62,7 +62,7 @@
*
* @param doc the SOAP envelope as <code>Document</code>
* @param signVal the Signature value as byte[] of <code>null</code>
- * if no value available.
+ * if no value available.
*/
public SignatureConfirmation(Document doc, byte[] signVal) {
element =
@@ -73,7 +73,7 @@
WSSecurityUtil.setNamespace(element, WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX);
if (signVal != null) {
String sv = Base64.encode(signVal);
- element.setAttribute(VALUE, sv);
+ element.setAttribute(SC_VALUE_ATTR, sv);
}
}
@@ -86,9 +86,9 @@
}
/**
- * Returns the dom element of this <code>Timestamp</code> object.
+ * Returns the dom element of this <code>SignatureConfirmation</code> object.
*
- * @return the <code>wsse:UsernameToken</code> element
+ * @return the <code>wsse11:SignatureConfirmation</code> element
*/
public Element getElement() {
return element;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java Fri May 15 11:21:29 2009
@@ -58,7 +58,7 @@
0,
new WSSecurityEngineResult(WSConstants.SC, sigConf)
);
- scId = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ scId = sigConf.getID();
}
public String getId() {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Fri May 15 11:21:29 2009
@@ -720,60 +720,62 @@
);
}
}
+
/**
- * Fetch the result of a given action from a given result vector <p/>
+ * Fetch the result of a given action from a given result list
*
- * @param wsResultVector The result vector to fetch an action from
+ * @param resultList The result list to fetch an action from
* @param action The action to fetch
- * @return The result fetched from the result vector, null if the result
+ * @return The first result fetched from the result list, null if the result
* could not be found
*/
- public static WSSecurityEngineResult fetchActionResult(Vector wsResultVector, int action) {
- WSSecurityEngineResult wsResult = null;
+ public static WSSecurityEngineResult fetchActionResult(List resultList, int action) {
- // Find the part of the security result that matches the given action
- for (int i = 0; i < wsResultVector.size(); i++) {
+ for (int i = 0; i < resultList.size(); i++) {
+ //
// Check the result of every action whether it matches the given action
+ //
WSSecurityEngineResult result =
- (WSSecurityEngineResult) wsResultVector.get(i);
+ (WSSecurityEngineResult) resultList.get(i);
int resultAction =
((java.lang.Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
if (resultAction == action) {
- wsResult = (WSSecurityEngineResult) wsResultVector.get(i);
+ return result;
}
}
- return wsResult;
+ return null;
}
+
/**
- * Fetch the result of a given action from a given result vector <p/>
+ * Fetch the result of a given action from a given result list.
*
- * @param wsResultVector The result vector to fetch an action from
+ * @param resultList The result list to fetch an action from
* @param action The action to fetch
- * @param results where to store the found results data for the action
- * @return The result fetched from the result vector, null if the result
+ * @param actionResultList where to store the found results data for the action
+ * @return The result fetched from the result list, null if the result
* could not be found
*/
- public static Vector fetchAllActionResults(
- Vector wsResultVector,
+ public static List fetchAllActionResults(
+ List resultList,
int action,
- Vector results
+ List actionResultList
) {
- // Find the parts of the security result that matches the given action
- for (int i = 0; i < wsResultVector.size(); i++) {
- // Check the result of every action whether it matches the given
- // action
+ for (int i = 0; i < resultList.size(); i++) {
+ //
+ // Check the result of every action whether it matches the given action
+ //
WSSecurityEngineResult result =
- (WSSecurityEngineResult) wsResultVector.get(i);
+ (WSSecurityEngineResult) resultList.get(i);
int resultAction =
((java.lang.Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
if (resultAction == action) {
- results.add(wsResultVector.get(i));
+ actionResultList.add(result);
}
}
- return results;
+ return actionResultList;
}
public static int decodeAction(String action, Vector actions) throws WSSecurityException {
Modified: webservices/wss4j/trunk/test/wssec/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/PackageTests.java?rev=775086&r1=775085&r2=775086&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/PackageTests.java (original)
+++ webservices/wss4j/trunk/test/wssec/PackageTests.java Fri May 15 11:21:29 2009
@@ -73,6 +73,7 @@
suite.addTestSuite(SignatureKeyValueTest.class);
suite.addTestSuite(TestWSSecurityResultsOrder.class);
suite.addTestSuite(TestWSSecurityWSS178.class);
+ suite.addTestSuite(SignatureConfirmationTest.class);
return suite;
}
Added: webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java?rev=775086&view=auto
==============================================================================
--- webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java (added)
+++ webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java Fri May 15 11:21:29 2009
@@ -0,0 +1,400 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package wssec;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.axis.client.AxisClient;
+import org.apache.axis.configuration.NullProvider;
+import org.apache.axis.message.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.Vector;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+
+/**
+ * A set of test-cases for SignatureConfirmation.
+ */
+public class SignatureConfirmationTest extends TestCase implements CallbackHandler {
+ private static final Log LOG = LogFactory.getLog(SignatureConfirmationTest.class);
+ private static final String SOAPMSG =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope "
+ + "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
+ + "<value xmlns=\"\">15</value>"
+ + "</add>"
+ + "</SOAP-ENV:Body>"
+ + "</SOAP-ENV:Envelope>";
+
+ private MessageContext msgContext;
+ private SOAPEnvelope unsignedEnvelope;
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private Crypto crypto = CryptoFactory.getInstance();
+
+ /**
+ * TestWSSecurity constructor
+ *
+ * @param name name of the test
+ */
+ public SignatureConfirmationTest(String name) {
+ super(name);
+ }
+
+ /**
+ * JUnit suite
+ *
+ * @return a junit test suite
+ */
+ public static Test suite() {
+ return new TestSuite(SignatureConfirmationTest.class);
+ }
+
+ /**
+ * Setup method
+ *
+ * @throws java.lang.Exception Thrown when there is a problem in setup
+ */
+ protected void setUp() throws Exception {
+ AxisClient tmpEngine = new AxisClient(new NullProvider());
+ msgContext = new MessageContext(tmpEngine);
+ unsignedEnvelope = getSOAPEnvelope();
+ }
+
+ /**
+ * Constructs a soap envelope
+ *
+ * @return soap envelope
+ * @throws java.lang.Exception if there is any problem constructing the soap envelope
+ */
+ protected SOAPEnvelope getSOAPEnvelope() throws Exception {
+ InputStream in = new ByteArrayInputStream(SOAPMSG.getBytes());
+ Message msg = new Message(in);
+ msg.setMessageContext(msgContext);
+ return msg.getSOAPEnvelope();
+ }
+
+
+ /**
+ * Test to see that a signature is saved correctly on the outbound request.
+ */
+ public void
+ testRequestSavedSignature() throws Exception {
+ final RequestData reqData = new RequestData();
+ java.util.Map msgContext = new java.util.TreeMap();
+ msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+ msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ reqData.setMsgContext(msgContext);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.SIGN, doc, reqData, actions, true
+ );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ msgContext = (java.util.Map)reqData.getMsgContext();
+ List savedSignatures = (List)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ assertTrue(savedSignatures != null && savedSignatures.size() == 1);
+ byte[] signatureValue = (byte[])savedSignatures.get(0);
+ assertTrue(signatureValue != null && signatureValue.length > 0);
+ }
+
+
+ /**
+ * Test to see that a signature is not saved on the outbound request if
+ * enable signature confirmation is false.
+ */
+ public void
+ testRequestNotSavedSignature() throws Exception {
+ final RequestData reqData = new RequestData();
+ java.util.Map msgContext = new java.util.TreeMap();
+ msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
+ msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ reqData.setMsgContext(msgContext);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.SIGN, doc, reqData, actions, true
+ );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ msgContext = (java.util.Map)reqData.getMsgContext();
+ List savedSignatures = (List)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ assertTrue(savedSignatures == null);
+ }
+
+
+ /**
+ * Test to see that a signature confirmation response is correctly sent on receiving
+ * a signed message.
+ */
+ public void
+ testSignatureConfirmationResponse() throws Exception {
+ final RequestData reqData = new RequestData();
+ java.util.Map msgContext = new java.util.TreeMap();
+ msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+ msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ reqData.setMsgContext(msgContext);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.SIGN, doc, reqData, actions, true
+ );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ msgContext = (java.util.Map)reqData.getMsgContext();
+ List savedSignatures = (List)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ assertTrue(savedSignatures != null && savedSignatures.size() == 1);
+ byte[] signatureValue = (byte[])savedSignatures.get(0);
+ assertTrue(signatureValue != null && signatureValue.length > 0);
+
+ //
+ // Verify the inbound request, and create a response with a Signature Confirmation
+ //
+ List results = verify(doc);
+ actions.clear();
+ doc = unsignedEnvelope.getAsDocument();
+ msgContext = (java.util.Map)reqData.getMsgContext();
+ WSHandlerResult handlerResult = new WSHandlerResult(null, results);
+ List receivedResults = new Vector();
+ receivedResults.add(handlerResult);
+ msgContext.put(WSHandlerConstants.RECV_RESULTS, receivedResults);
+ handler.doit(
+ WSConstants.NO_SECURITY, doc, reqData, actions, false
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signature Confirmation response....");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("SignatureConfirmation") != -1);
+ assertTrue(outputString.indexOf(Base64.encode(signatureValue)) != -1);
+ }
+
+
+ /**
+ * Test to see that a signature confirmation response is correctly processed.
+ */
+ public void
+ testSignatureConfirmationProcessing() throws Exception {
+ final RequestData reqData = new RequestData();
+ java.util.Map msgContext = new java.util.TreeMap();
+ msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+ msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ reqData.setMsgContext(msgContext);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.SIGN, doc, reqData, actions, true
+ );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // Verify the inbound request, and create a response with a Signature Confirmation
+ //
+ List results = verify(doc);
+ actions.clear();
+ doc = unsignedEnvelope.getAsDocument();
+ msgContext = (java.util.Map)reqData.getMsgContext();
+ WSHandlerResult handlerResult = new WSHandlerResult(null, results);
+ List receivedResults = new Vector();
+ receivedResults.add(handlerResult);
+ msgContext.put(WSHandlerConstants.RECV_RESULTS, receivedResults);
+ handler.doit(
+ WSConstants.NO_SECURITY, doc, reqData, actions, false
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signature Confirmation response....");
+ LOG.debug(outputString);
+ }
+
+ //
+ // Verify the SignatureConfirmation response
+ //
+ results = verify(doc);
+ WSSecurityEngineResult scResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SC);
+ assertTrue(scResult != null);
+ assertTrue(scResult.get(WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION) != null);
+ handler.signatureConfirmation(reqData, results);
+ }
+
+
+ /**
+ * Verifies the soap envelope
+ * <p/>
+ *
+ * @param doc
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ private Vector verify(Document doc) throws Exception {
+ Vector results = secEngine.processSecurityHeader(doc, null, this, crypto);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Verfied and decrypted message:");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ return results;
+ }
+
+
+ /**
+ * a trivial extension of the WSHandler type
+ */
+ private static class MyHandler extends WSHandler {
+
+ public Object
+ getOption(String key) {
+ return null;
+ }
+
+ public void
+ setProperty(
+ Object ctx,
+ String key,
+ Object value
+ ) {
+ ((java.util.Map)ctx).put(key, value);
+ }
+
+ public Object
+ getProperty(Object ctx, String key) {
+ return ((java.util.Map)ctx).get(key);
+ }
+
+ public void
+ setPassword(Object msgContext, String password) {
+ }
+
+ public String
+ getPassword(Object msgContext) {
+ return "security";
+ }
+
+ void doit(
+ int action,
+ Document doc,
+ RequestData reqData,
+ java.util.Vector actions,
+ boolean request
+ ) throws org.apache.ws.security.WSSecurityException {
+ doSenderAction(
+ action,
+ doc,
+ reqData,
+ actions,
+ request
+ );
+ }
+
+ void signatureConfirmation(
+ RequestData requestData,
+ List results
+ ) throws org.apache.ws.security.WSSecurityException {
+ checkSignatureConfirmation(requestData, results);
+ }
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ /*
+ * here call a function/method to lookup the password for
+ * the given identifier (e.g. a user name or keystore alias)
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+ * for Testing we supply a fixed name here.
+ */
+ pc.setPassword("security");
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+}
+}
Propchange: webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/test/wssec/SignatureConfirmationTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org