SaajWss4jMessageInterceptorSignTest xref


1   /*
2    * Copyright 2008 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j;
18  
19  import java.io.ByteArrayInputStream;
20  import java.io.ByteArrayOutputStream;
21  import java.util.Iterator;
22  import javax.xml.namespace.QName;
23  import javax.xml.soap.MimeHeaders;
24  import javax.xml.soap.SOAPHeader;
25  import javax.xml.soap.SOAPHeaderElement;
26  import javax.xml.soap.SOAPMessage;
27  import javax.xml.transform.Transformer;
28  import javax.xml.transform.TransformerFactory;
29  import javax.xml.transform.dom.DOMResult;
30  
31  import org.springframework.ws.context.DefaultMessageContext;
32  import org.springframework.ws.context.MessageContext;
33  import org.springframework.ws.soap.SoapMessage;
34  import org.springframework.ws.soap.saaj.SaajSoapMessage;
35  import org.springframework.ws.soap.saaj.SaajSoapMessageFactory;
36  import org.springframework.xml.transform.StringSource;
37  
38  public class SaajWss4jMessageInterceptorSignTest extends Wss4jMessageInterceptorSignTestCase {
39  
40      private static final String PAYLOAD =
41              "<tru:StockSymbol xmlns:tru=\"http://fabrikam123.com/payloads\">QQQ</tru:StockSymbol>";
42  
43      public void testSignAndValidate() throws Exception {
44          Transformer transformer = TransformerFactory.newInstance().newTransformer();
45          interceptor.setSecurementActions("Signature");
46          interceptor.setEnableSignatureConfirmation(false);
47          interceptor.setSecurementPassword("123456");
48          interceptor.setSecurementUsername("rsaKey");
49          SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
50          transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
51          SoapMessage message = new SaajSoapMessage(saajMessage);
52          MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
53  
54          interceptor.secureMessage(message, messageContext);
55  
56          SOAPHeader header = ((SaajSoapMessage) message).getSaajMessage().getSOAPHeader();
57          Iterator iterator = header.getChildElements(new QName(
58                  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
59          assertTrue("No security header", iterator.hasNext());
60          SOAPHeaderElement securityHeader = (SOAPHeaderElement) iterator.next();
61          iterator = securityHeader.getChildElements(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"));
62          assertTrue("No signature header", iterator.hasNext());
63  
64          ByteArrayOutputStream bos = new ByteArrayOutputStream();
65          message.writeTo(bos);
66  
67          MimeHeaders mimeHeaders = new MimeHeaders();
68          mimeHeaders.addHeader("Content-Type", "text/xml");
69          ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
70  
71          SOAPMessage signed = saajSoap11MessageFactory.createMessage(mimeHeaders, bis);
72          message = new SaajSoapMessage(signed);
73          messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
74  
75          interceptor.validateMessage(message, messageContext);
76      }
77  
78  }