1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.wss4j;
18
19 import java.io.ByteArrayInputStream;
20 import java.io.ByteArrayOutputStream;
21 import java.util.Iterator;
22 import javax.xml.namespace.QName;
23 import javax.xml.soap.MimeHeaders;
24 import javax.xml.soap.SOAPHeader;
25 import javax.xml.soap.SOAPHeaderElement;
26 import javax.xml.soap.SOAPMessage;
27 import javax.xml.transform.Transformer;
28 import javax.xml.transform.TransformerFactory;
29 import javax.xml.transform.dom.DOMResult;
30
31 import org.springframework.ws.context.DefaultMessageContext;
32 import org.springframework.ws.context.MessageContext;
33 import org.springframework.ws.soap.SoapMessage;
34 import org.springframework.ws.soap.saaj.SaajSoapMessage;
35 import org.springframework.ws.soap.saaj.SaajSoapMessageFactory;
36 import org.springframework.xml.transform.StringSource;
37
38 import org.junit.Test;
39
40 import static org.junit.Assert.assertTrue;
41
42 public class SaajWss4jMessageInterceptorSignTest extends Wss4jMessageInterceptorSignTestCase {
43
44 private static final String PAYLOAD =
45 "<tru:StockSymbol xmlns:tru=\"http://fabrikam123.com/payloads\">QQQ</tru:StockSymbol>";
46
47 @Test
48 public void testSignAndValidate() throws Exception {
49 Transformer transformer = TransformerFactory.newInstance().newTransformer();
50 interceptor.setSecurementActions("Signature");
51 interceptor.setEnableSignatureConfirmation(false);
52 interceptor.setSecurementPassword("123456");
53 interceptor.setSecurementUsername("rsaKey");
54 SOAPMessage saajMessage = saajSoap11MessageFactory.createMessage();
55 transformer.transform(new StringSource(PAYLOAD), new DOMResult(saajMessage.getSOAPBody()));
56 SoapMessage message = new SaajSoapMessage(saajMessage, saajSoap11MessageFactory);
57 MessageContext messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
58
59 interceptor.secureMessage(message, messageContext);
60
61 SOAPHeader header = ((SaajSoapMessage) message).getSaajMessage().getSOAPHeader();
62 Iterator<?> iterator = header.getChildElements(new QName(
63 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
64 assertTrue("No security header", iterator.hasNext());
65 SOAPHeaderElement securityHeader = (SOAPHeaderElement) iterator.next();
66 iterator = securityHeader.getChildElements(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"));
67 assertTrue("No signature header", iterator.hasNext());
68
69 ByteArrayOutputStream bos = new ByteArrayOutputStream();
70 message.writeTo(bos);
71
72 MimeHeaders mimeHeaders = new MimeHeaders();
73 mimeHeaders.addHeader("Content-Type", "text/xml");
74 ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
75
76 SOAPMessage signed = saajSoap11MessageFactory.createMessage(mimeHeaders, bis);
77 message = new SaajSoapMessage(signed, saajSoap11MessageFactory);
78 messageContext = new DefaultMessageContext(message, new SaajSoapMessageFactory(saajSoap11MessageFactory));
79
80 interceptor.validateMessage(message, messageContext);
81 }
82
83 }