XwssMessageInterceptorSignTest xref


1   /*
2    * Copyright 2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import java.security.cert.X509Certificate;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.CallbackHandler;
22  import javax.xml.soap.SOAPMessage;
23  
24  import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
25  import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
26  
27  import org.springframework.core.io.ClassPathResource;
28  import org.springframework.ws.soap.saaj.SaajSoapMessage;
29  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
30  
31  public class XwssMessageInterceptorSignTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
32  
33      public void testSignDefaultCertificate() throws Exception {
34          interceptor.setPolicyConfiguration(new ClassPathResource("sign-config.xml", getClass()));
35          CallbackHandler handler = new AbstractCallbackHandler() {
36  
37              protected void handleInternal(Callback callback) {
38                  if (callback instanceof SignatureKeyCallback) {
39                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
40                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
41                          SignatureKeyCallback.DefaultPrivKeyCertRequest request =
42                                  (SignatureKeyCallback.DefaultPrivKeyCertRequest) keyCallback.getRequest();
43                          request.setX509Certificate(certificate);
44                          request.setPrivateKey(privateKey);
45                      }
46                      else {
47                          fail("Unexpected request");
48                      }
49                  }
50                  else {
51                      fail("Unexpected callback");
52                  }
53              }
54          };
55          interceptor.setCallbackHandler(handler);
56          interceptor.afterPropertiesSet();
57          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
58          interceptor.secureMessage(message, null);
59          SOAPMessage result = message.getSaajMessage();
60          assertNotNull("No result returned", result);
61          assertXpathExists("BinarySecurityToken does not exist",
62                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
63          assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
64                  result);
65      }
66  
67      public void testSignAlias() throws Exception {
68          interceptor.setPolicyConfiguration(new ClassPathResource("sign-alias-config.xml", getClass()));
69          CallbackHandler handler = new AbstractCallbackHandler() {
70  
71              protected void handleInternal(Callback callback) {
72                  if (callback instanceof SignatureKeyCallback) {
73                      SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
74                      if (keyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest) {
75                          SignatureKeyCallback.AliasPrivKeyCertRequest request =
76                                  (SignatureKeyCallback.AliasPrivKeyCertRequest) keyCallback.getRequest();
77                          assertEquals("Invalid alias", "alias", request.getAlias());
78                          request.setX509Certificate(certificate);
79                          request.setPrivateKey(privateKey);
80                      }
81                      else {
82                          fail("Unexpected request");
83                      }
84                  }
85                  else {
86                      fail("Unexpected callback");
87                  }
88              }
89          };
90          interceptor.setCallbackHandler(handler);
91          interceptor.afterPropertiesSet();
92          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
93          interceptor.secureMessage(message, null);
94          SOAPMessage result = message.getSaajMessage();
95          assertNotNull("No result returned", result);
96          assertXpathExists("BinarySecurityToken does not exist",
97                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
98          assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
99                  result);
100     }
101 
102     public void testValidateCertificate() throws Exception {
103         interceptor.setPolicyConfiguration(new ClassPathResource("requireSignature-config.xml", getClass()));
104         CallbackHandler handler = new AbstractCallbackHandler() {
105 
106             protected void handleInternal(Callback callback) {
107                 if (callback instanceof CertificateValidationCallback) {
108                     CertificateValidationCallback validationCallback = (CertificateValidationCallback) callback;
109                     validationCallback.setValidator(new CertificateValidationCallback.CertificateValidator() {
110                         public boolean validate(X509Certificate passedCertificate) {
111                             assertEquals("Invalid certificate", certificate, passedCertificate);
112                             return true;
113                         }
114                     });
115                 }
116                 else {
117                     fail("Unexpected callback");
118                 }
119             }
120         };
121         interceptor.setCallbackHandler(handler);
122         interceptor.afterPropertiesSet();
123         SaajSoapMessage message = loadSaajMessage("signed-soap.xml");
124         interceptor.validateMessage(message, null);
125         SOAPMessage result = message.getSaajMessage();
126         assertNotNull("No result returned", result);
127         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
128     }
129 
130 }