001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: */package org.apache.cxf.ws.security.wss4j;
019:
020: import javax.xml.soap.SOAPMessage;
021: import javax.xml.soap.SOAPPart;
022:
023: import org.apache.cxf.binding.soap.SoapMessage;
024: import org.apache.cxf.message.Exchange;
025: import org.apache.cxf.message.ExchangeImpl;
026: import org.apache.cxf.message.MessageImpl;
027: import org.apache.ws.security.WSConstants;
028: import org.apache.ws.security.handler.WSHandlerConstants;
029: import org.junit.Test;
030:
031: /**
032: * @author <a href="mailto:tsztelak@gmail.com">Tomasz Sztelak</a>
033: */
034: public class WSS4JOutInterceptorTest extends AbstractSecurityTest {
035:
036: @Test
037: public void testUsernameTokenText() throws Exception {
038: SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");
039:
040: WSS4JOutInterceptor handler = new WSS4JOutInterceptor();
041:
042: SoapMessage msg = new SoapMessage(new MessageImpl());
043: Exchange ex = new ExchangeImpl();
044: ex.setInMessage(msg);
045:
046: msg.setContent(SOAPMessage.class, saaj);
047:
048: msg.put(WSHandlerConstants.ACTION,
049: WSHandlerConstants.USERNAME_TOKEN);
050: msg.put(WSHandlerConstants.SIG_PROP_FILE,
051: "META-INF/cxf/outsecurity.properties");
052: msg.put(WSHandlerConstants.USER, "username");
053: msg.put("password", "myAliasPassword");
054: msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
055: handler.handleMessage(msg);
056:
057: SOAPPart doc = saaj.getSOAPPart();
058: assertValid("//wsse:Security", doc);
059: assertValid("//wsse:Security/wsse:UsernameToken", doc);
060: assertValid(
061: "//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']",
062: doc);
063: // Test to see that the plaintext password is used in the header
064: assertValid(
065: "//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']",
066: doc);
067: }
068:
069: @Test
070: public void testUsernameTokenDigest() throws Exception {
071: SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");
072:
073: WSS4JOutInterceptor handler = new WSS4JOutInterceptor();
074:
075: SoapMessage msg = new SoapMessage(new MessageImpl());
076: Exchange ex = new ExchangeImpl();
077: ex.setInMessage(msg);
078:
079: msg.setContent(SOAPMessage.class, saaj);
080:
081: msg.put(WSHandlerConstants.ACTION,
082: WSHandlerConstants.USERNAME_TOKEN);
083: msg.put(WSHandlerConstants.SIG_PROP_FILE,
084: "META-INF/cxf/outsecurity.properties");
085: msg.put(WSHandlerConstants.USER, "username");
086: msg.put("password", "myAliasPassword");
087: msg
088: .put(WSHandlerConstants.PASSWORD_TYPE,
089: WSConstants.PW_DIGEST);
090: handler.handleMessage(msg);
091:
092: SOAPPart doc = saaj.getSOAPPart();
093: assertValid("//wsse:Security", doc);
094: assertValid("//wsse:Security/wsse:UsernameToken", doc);
095: assertValid(
096: "//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']",
097: doc);
098: // Test to see that the password digest is used in the header
099: assertInvalid(
100: "//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']",
101: doc);
102: }
103:
104: @Test
105: public void testEncrypt() throws Exception {
106: SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");
107:
108: WSS4JOutInterceptor handler = new WSS4JOutInterceptor();
109:
110: SoapMessage msg = new SoapMessage(new MessageImpl());
111: Exchange ex = new ExchangeImpl();
112: ex.setInMessage(msg);
113:
114: msg.setContent(SOAPMessage.class, saaj);
115:
116: msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
117: msg.put(WSHandlerConstants.SIG_PROP_FILE,
118: "META-INF/cxf/outsecurity.properties");
119: msg.put(WSHandlerConstants.ENC_PROP_FILE,
120: "META-INF/cxf/outsecurity.properties");
121: msg.put(WSHandlerConstants.USER, "myalias");
122: msg.put("password", "myAliasPassword");
123:
124: handler.handleMessage(msg);
125:
126: SOAPPart doc = saaj.getSOAPPart();
127: assertValid("//wsse:Security", doc);
128: assertValid("//s:Body/xenc:EncryptedData", doc);
129: }
130:
131: @Test
132: public void testSignature() throws Exception {
133: SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");
134:
135: WSS4JOutInterceptor handler = new WSS4JOutInterceptor();
136:
137: SoapMessage msg = new SoapMessage(new MessageImpl());
138: Exchange ex = new ExchangeImpl();
139: ex.setInMessage(msg);
140:
141: msg.setContent(SOAPMessage.class, saaj);
142:
143: msg
144: .put(WSHandlerConstants.ACTION,
145: WSHandlerConstants.SIGNATURE);
146: msg.put(WSHandlerConstants.SIG_PROP_FILE,
147: "META-INF/cxf/outsecurity.properties");
148: msg.put(WSHandlerConstants.USER, "myAlias");
149: msg.put("password", "myAliasPassword");
150:
151: handler.handleMessage(msg);
152:
153: SOAPPart doc = saaj.getSOAPPart();
154: assertValid("//wsse:Security", doc);
155: assertValid("//wsse:Security/ds:Signature", doc);
156: }
157:
158: @Test
159: public void testTimestamp() throws Exception {
160: SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");
161:
162: WSS4JOutInterceptor handler = new WSS4JOutInterceptor();
163:
164: SoapMessage msg = new SoapMessage(new MessageImpl());
165: Exchange ex = new ExchangeImpl();
166: ex.setInMessage(msg);
167:
168: msg.setContent(SOAPMessage.class, saaj);
169:
170: handler.setProperty(WSHandlerConstants.ACTION,
171: WSHandlerConstants.TIMESTAMP);
172: handler.setProperty(WSHandlerConstants.SIG_PROP_FILE,
173: "META-INF/cxf/outsecurity.properties");
174: msg.put(WSHandlerConstants.USER, "myalias");
175: msg.put("password", "myAliasPassword");
176:
177: handler.handleMessage(msg);
178:
179: SOAPPart doc = saaj.getSOAPPart();
180: assertValid("//wsse:Security", doc);
181: assertValid("//wsse:Security/wsu:Timestamp", doc);
182: }
183: }
|