XwssMessageInterceptorSignTest xref


1   /*
2    * Copyright 2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import java.security.cert.X509Certificate;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.CallbackHandler;
22  import javax.xml.soap.SOAPMessage;
23  
24  import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
25  import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
26  import org.springframework.core.io.ClassPathResource;
27  import org.springframework.ws.soap.saaj.SaajSoapMessage;
28  import org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler;
29  
30  public class XwssMessageInterceptorSignTest extends XwssMessageInterceptorKeyStoreTestCase {
31  
32      public void testSignDefaultCertificate() throws Exception {
33          interceptor.setPolicyConfiguration(new ClassPathResource("sign-config.xml", getClass()));
34          CallbackHandler handler = new AbstractCallbackHandler() {
35  
36              protected void handleInternal(Callback callback) {
37                  if (callback instanceof SignatureKeyCallback) {
38                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
39                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
40                          SignatureKeyCallback.DefaultPrivKeyCertRequest request =
41                                  (SignatureKeyCallback.DefaultPrivKeyCertRequest) keyCallback.getRequest();
42                          request.setX509Certificate(certificate);
43                          request.setPrivateKey(privateKey);
44                      }
45                      else {
46                          fail("Unexpected request");
47                      }
48                  }
49                  else {
50                      fail("Unexpected callback");
51                  }
52              }
53          };
54          interceptor.setCallbackHandler(handler);
55          interceptor.afterPropertiesSet();
56          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
57          interceptor.secureMessage(message);
58          SOAPMessage result = message.getSaajMessage();
59          assertNotNull("No result returned", result);
60          assertXpathExists("BinarySecurityToken does not exist",
61                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
62          assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
63                  result);
64      }
65  
66      public void testSignAlias() throws Exception {
67          interceptor.setPolicyConfiguration(new ClassPathResource("sign-alias-config.xml", getClass()));
68          CallbackHandler handler = new AbstractCallbackHandler() {
69  
70              protected void handleInternal(Callback callback) {
71                  if (callback instanceof SignatureKeyCallback) {
72                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
73                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest) {
74                          SignatureKeyCallback.AliasPrivKeyCertRequest request =
75                                  (SignatureKeyCallback.AliasPrivKeyCertRequest) keyCallback.getRequest();
76                          assertEquals("Invalid alias", "alias", request.getAlias());
77                          request.setX509Certificate(certificate);
78                          request.setPrivateKey(privateKey);
79                      }
80                      else {
81                          fail("Unexpected request");
82                      }
83                  }
84                  else {
85                      fail("Unexpected callback");
86                  }
87              }
88          };
89          interceptor.setCallbackHandler(handler);
90          interceptor.afterPropertiesSet();
91          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
92          interceptor.secureMessage(message);
93          SOAPMessage result = message.getSaajMessage();
94          assertNotNull("No result returned", result);
95          assertXpathExists("BinarySecurityToken does not exist",
96                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
97          assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
98                  result);
99      }
100 
101     public void testValidateCertificate() throws Exception {
102         interceptor.setPolicyConfiguration(new ClassPathResource("requireSignature-config.xml", getClass()));
103         CallbackHandler handler = new AbstractCallbackHandler() {
104 
105             protected void handleInternal(Callback callback) {
106                 if (callback instanceof CertificateValidationCallback) {
107                     CertificateValidationCallback validationCallback = (CertificateValidationCallback) callback;
108                     validationCallback.setValidator(new CertificateValidationCallback.CertificateValidator() {
109                         public boolean validate(X509Certificate passedCertificate) {
110                             assertEquals("Invalid certificate", certificate, passedCertificate);
111                             return true;
112                         }
113                     });
114                 }
115                 else {
116                     fail("Unexpected callback");
117                 }
118             }
119         };
120         interceptor.setCallbackHandler(handler);
121         interceptor.afterPropertiesSet();
122         SaajSoapMessage message = loadSaajMessage("signed-soap.xml");
123         interceptor.validateMessage(message);
124         SOAPMessage result = message.getSaajMessage();
125         assertNotNull("No result returned", result);
126         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
127     }
128 
129 }