1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.wss4j;
18
19 import java.io.ByteArrayInputStream;
20 import java.io.ByteArrayOutputStream;
21 import java.util.Iterator;
22 import javax.xml.namespace.QName;
23 import javax.xml.soap.MimeHeaders;
24 import javax.xml.soap.SOAPHeader;
25 import javax.xml.soap.SOAPHeaderElement;
26 import javax.xml.soap.SOAPMessage;
27 import javax.xml.transform.Transformer;
28 import javax.xml.transform.TransformerFactory;
29 import javax.xml.transform.dom.DOMResult;
30
31 import org.springframework.ws.context.DefaultMessageContext;
32 import org.springframework.ws.context.MessageContext;
33 import org.springframework.ws.soap.SoapMessage;
34 import org.springframework.ws.soap.saaj.SaajSoapMessage;
35 import org.springframework.ws.soap.saaj.SaajSoapMessageFactory;
36 import org.springframework.xml.transform.StringSource;
37
38 public class SaajWss4jMessageInterceptorSignTest extends Wss4jMessageInterceptorSignTestCase {
39
40 private static final String PAYLOAD =
41 "<tru:StockSymbol xmlns:tru=\"http://fabrikam123.com/payloads\">QQQ</tru:StockSymbol>";
42
43 public void testSignAndValidate() throws Exception {
44 Transformer transformer = TransformerFactory.newInstance().newTransformer();
45 interceptor.setSecurementActions("Signature");
46 interceptor.setEnableSignatureConfirmation(false);
47 interceptor.setSecurementPassword("123456");
48 interceptor.setSecurementUsername("rsaKey");
49 SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
50 transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
51 SoapMessage message = new SaajSoapMessage(saajMessage);
52 MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
53
54 interceptor.secureMessage(message, messageContext);
55
56 SOAPHeader header = ((SaajSoapMessage) message).getSaajMessage().getSOAPHeader();
57 Iterator iterator = header.getChildElements(new QName(
58 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
59 assertTrue("No security header", iterator.hasNext());
60 SOAPHeaderElement securityHeader = (SOAPHeaderElement) iterator.next();
61 iterator = securityHeader.getChildElements(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"));
62 assertTrue("No signature header", iterator.hasNext());
63
64 ByteArrayOutputStream bos = new ByteArrayOutputStream();
65 message.writeTo(bos);
66
67 MimeHeaders mimeHeaders = new MimeHeaders();
68 mimeHeaders.addHeader("Content-Type", "text/xml");
69 ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
70
71 SOAPMessage signed = saajSoap11MessageFactory.createMessage(mimeHeaders, bis);
72 message = new SaajSoapMessage(signed);
73 messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
74
75 interceptor.validateMessage(message, messageContext);
76 }
77
78 }