1   /*
2    * Copyright 2005-2010 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import java.security.cert.X509Certificate;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.CallbackHandler;
22  import javax.xml.soap.SOAPMessage;
23  
24  import org.springframework.core.io.ClassPathResource;
25  import org.springframework.ws.soap.saaj.SaajSoapMessage;
26  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
27  
28  import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
29  import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
30  import org.junit.Test;
31  
32  import static org.junit.Assert.*;
33  
34  public class XwssMessageInterceptorSignTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
35  
36      @Test
37      public void testSignDefaultCertificate() throws Exception {
38          interceptor.setPolicyConfiguration(new ClassPathResource("sign-config.xml", getClass()));
39          CallbackHandler handler = new AbstractCallbackHandler() {
40  
41              @Override
42              protected void handleInternal(Callback callback) {
43                  if (callback instanceof SignatureKeyCallback) {
44                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
45                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
46                          SignatureKeyCallback.DefaultPrivKeyCertRequest request =
47                                  (SignatureKeyCallback.DefaultPrivKeyCertRequest) keyCallback.getRequest();
48                          request.setX509Certificate(certificate);
49                          request.setPrivateKey(privateKey);
50                      }
51                      else {
52                          fail("Unexpected request");
53                      }
54                  }
55                  else {
56                      fail("Unexpected callback");
57                  }
58              }
59          };
60          interceptor.setCallbackHandler(handler);
61          interceptor.afterPropertiesSet();
62          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
63          interceptor.secureMessage(message, null);
64          SOAPMessage result = message.getSaajMessage();
65          assertNotNull("No result returned", result);
66          assertXpathExists("BinarySecurityToken does not exist",
67                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
68          assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
69                  result);
70      }
71  
72      @Test
73      public void testSignAlias() throws Exception {
74          interceptor.setPolicyConfiguration(new ClassPathResource("sign-alias-config.xml", getClass()));
75          CallbackHandler handler = new AbstractCallbackHandler() {
76  
77              @Override
78              protected void handleInternal(Callback callback) {
79                  if (callback instanceof SignatureKeyCallback) {
80                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
81                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest) {
82                          SignatureKeyCallback.AliasPrivKeyCertRequest request =
83                                  (SignatureKeyCallback.AliasPrivKeyCertRequest) keyCallback.getRequest();
84                          assertEquals("Invalid alias", "alias", request.getAlias());
85                          request.setX509Certificate(certificate);
86                          request.setPrivateKey(privateKey);
87                      }
88                      else {
89                          fail("Unexpected request");
90                      }
91                  }
92                  else {
93                      fail("Unexpected callback");
94                  }
95              }
96          };
97          interceptor.setCallbackHandler(handler);
98          interceptor.afterPropertiesSet();
99          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
100         interceptor.secureMessage(message, null);
101         SOAPMessage result = message.getSaajMessage();
102         assertNotNull("No result returned", result);
103         assertXpathExists("BinarySecurityToken does not exist",
104                 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
105         assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
106                 result);
107     }
108 
109     @Test
110     public void testValidateCertificate() throws Exception {
111         interceptor.setPolicyConfiguration(new ClassPathResource("requireSignature-config.xml", getClass()));
112         CallbackHandler handler = new AbstractCallbackHandler() {
113 
114             @Override
115             protected void handleInternal(Callback callback) {
116                 if (callback instanceof CertificateValidationCallback) {
117                     CertificateValidationCallback validationCallback = (CertificateValidationCallback) callback;
118                     validationCallback.setValidator(new CertificateValidationCallback.CertificateValidator() {
119                         public boolean validate(X509Certificate passedCertificate) {
120                             assertEquals("Invalid certificate", certificate, passedCertificate);
121                             return true;
122                         }
123                     });
124                 }
125                 else {
126                     fail("Unexpected callback");
127                 }
128             }
129         };
130         interceptor.setCallbackHandler(handler);
131         interceptor.afterPropertiesSet();
132         SaajSoapMessage message = loadSaajMessage("signed-soap.xml");
133         interceptor.validateMessage(message, null);
134         SOAPMessage result = message.getSaajMessage();
135         assertNotNull("No result returned", result);
136         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
137     }
138 
139 }