1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss;
18
19 import java.security.cert.X509Certificate;
20 import javax.security.auth.callback.Callback;
21 import javax.security.auth.callback.CallbackHandler;
22 import javax.xml.soap.SOAPMessage;
23
24 import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
25 import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
26
27 import org.springframework.core.io.ClassPathResource;
28 import org.springframework.ws.soap.saaj.SaajSoapMessage;
29 import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
30
31 public class XwssMessageInterceptorSignTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
32
33 public void testSignDefaultCertificate() throws Exception {
34 interceptor.setPolicyConfiguration(new ClassPathResource("sign-config.xml", getClass()));
35 CallbackHandler handler = new AbstractCallbackHandler() {
36
37 protected void handleInternal(Callback callback) {
38 if (callback instanceof SignatureKeyCallback) {
39 SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
40 if (keyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
41 SignatureKeyCallback.DefaultPrivKeyCertRequest request =
42 (SignatureKeyCallback.DefaultPrivKeyCertRequest) keyCallback.getRequest();
43 request.setX509Certificate(certificate);
44 request.setPrivateKey(privateKey);
45 }
46 else {
47 fail("Unexpected request");
48 }
49 }
50 else {
51 fail("Unexpected callback");
52 }
53 }
54 };
55 interceptor.setCallbackHandler(handler);
56 interceptor.afterPropertiesSet();
57 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
58 interceptor.secureMessage(message, null);
59 SOAPMessage result = message.getSaajMessage();
60 assertNotNull("No result returned", result);
61 assertXpathExists("BinarySecurityToken does not exist",
62 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
63 assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
64 result);
65 }
66
67 public void testSignAlias() throws Exception {
68 interceptor.setPolicyConfiguration(new ClassPathResource("sign-alias-config.xml", getClass()));
69 CallbackHandler handler = new AbstractCallbackHandler() {
70
71 protected void handleInternal(Callback callback) {
72 if (callback instanceof SignatureKeyCallback) {
73 SignatureKeyCallback keyCallback = (SignatureKeyCallback) callback;
74 if (keyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest) {
75 SignatureKeyCallback.AliasPrivKeyCertRequest request =
76 (SignatureKeyCallback.AliasPrivKeyCertRequest) keyCallback.getRequest();
77 assertEquals("Invalid alias", "alias", request.getAlias());
78 request.setX509Certificate(certificate);
79 request.setPrivateKey(privateKey);
80 }
81 else {
82 fail("Unexpected request");
83 }
84 }
85 else {
86 fail("Unexpected callback");
87 }
88 }
89 };
90 interceptor.setCallbackHandler(handler);
91 interceptor.afterPropertiesSet();
92 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
93 interceptor.secureMessage(message, null);
94 SOAPMessage result = message.getSaajMessage();
95 assertNotNull("No result returned", result);
96 assertXpathExists("BinarySecurityToken does not exist",
97 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
98 assertXpathExists("Signature does not exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature",
99 result);
100 }
101
102 public void testValidateCertificate() throws Exception {
103 interceptor.setPolicyConfiguration(new ClassPathResource("requireSignature-config.xml", getClass()));
104 CallbackHandler handler = new AbstractCallbackHandler() {
105
106 protected void handleInternal(Callback callback) {
107 if (callback instanceof CertificateValidationCallback) {
108 CertificateValidationCallback validationCallback = (CertificateValidationCallback) callback;
109 validationCallback.setValidator(new CertificateValidationCallback.CertificateValidator() {
110 public boolean validate(X509Certificate passedCertificate) {
111 assertEquals("Invalid certificate", certificate, passedCertificate);
112 return true;
113 }
114 });
115 }
116 else {
117 fail("Unexpected callback");
118 }
119 }
120 };
121 interceptor.setCallbackHandler(handler);
122 interceptor.afterPropertiesSet();
123 SaajSoapMessage message = loadSaajMessage("signed-soap.xml");
124 interceptor.validateMessage(message, null);
125 SOAPMessage result = message.getSaajMessage();
126 assertNotNull("No result returned", result);
127 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
128 }
129
130 }