Repository: cxf Updated Branches: refs/heads/master 1f038da1a -> 25b8c0e57
Security test refactor Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/25b8c0e5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/25b8c0e5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/25b8c0e5 Branch: refs/heads/master Commit: 25b8c0e575f1f62a2746d2574fdea5772858fc60 Parents: 32f21e5 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue May 17 16:00:42 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue May 17 16:01:14 2016 +0100 ---------------------------------------------------------------------- .../wss4j/AbstractPolicySecurityTest.java | 5 +- .../ws/security/wss4j/AbstractSecurityTest.java | 87 +++++++++-- .../security/wss4j/SecurityActionTokenTest.java | 96 +----------- .../wss4j/SignatureConfirmationTest.java | 52 ++----- .../ws/security/wss4j/WSS4JFaultCodeTest.java | 80 ++-------- .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 156 ++++--------------- .../security/wss4j/WSS4JOutInterceptorTest.java | 82 +++------- .../security/wss4j/saml/DOMToStaxSamlTest.java | 20 +-- .../ws/security/wss4j/saml/SamlTokenTest.java | 87 +++-------- 9 files changed, 179 insertions(+), 486 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java index 4dd9410..5702b5e 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java @@ -109,8 +109,7 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest { final Element inPolicyElement; if (inPolicyDocument != null) { - inPolicyElement = this.readDocument(inPolicyDocument) - .getDocumentElement(); + inPolicyElement = this.readDocument(inPolicyDocument).getDocumentElement(); } else { inPolicyElement = outPolicyElement; } @@ -410,7 +409,7 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest { SoapMessage msg = this.getSoapMessageForDom(doc, aim); msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "outsecurity.properties"); msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "outsecurity.properties"); - msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName()); + msg.put(SecurityConstants.CALLBACK_HANDLER, new TestPwdCallback()); msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias"); msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias"); http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java index 22b09b4..e5e531d 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java @@ -18,29 +18,36 @@ */ package org.apache.cxf.ws.security.wss4j; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.File; -import java.io.IOException; import java.io.InputStream; +import java.util.List; +import java.util.Map; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; -import org.xml.sax.SAXException; - import org.apache.cxf.binding.soap.Soap11; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.helpers.DOMUtils.NullResolver; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.test.AbstractCXFTest; import org.apache.wss4j.dom.WSConstants; @@ -71,16 +78,6 @@ public abstract class AbstractSecurityTest extends AbstractCXFTest { } /** - * Reads a classpath resource into a SAAJ structure. - * @param name the name of the classpath resource - */ - protected SOAPMessage readSAAJDocument(String name) throws SAXException, IOException, - ParserConfigurationException, SOAPException { - InputStream inStream = getClass().getResourceAsStream(name); - return MessageFactory.newInstance().createMessage(null, inStream); - } - - /** * Creates a {@link SoapMessage} from the contents of a document. * @param doc the document containing the SOAP content. */ @@ -90,17 +87,75 @@ public abstract class AbstractSecurityTest extends AbstractCXFTest { part.setContent(new DOMSource(doc)); saajMsg.saveChanges(); - // Hack to create the context map MessageImpl message = new MessageImpl(); - message.getContextualProperty("XYZ"); - SoapMessage msg = new SoapMessage(message); Exchange ex = new ExchangeImpl(); ex.setInMessage(msg); msg.setContent(SOAPMessage.class, saajMsg); + return msg; } + protected byte[] getMessageBytes(Document doc) throws Exception { + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); + StaxUtils.writeDocument(doc, byteArrayWriter, false); + byteArrayWriter.flush(); + return outputStream.toByteArray(); + } + + protected SoapMessage makeInvocation( + Map<String, Object> outProperties, + List<String> xpaths, + Map<String, Object> inProperties + ) throws Exception { + Document doc = readDocument("wsse-request-clean.xml"); + + WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); + PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); + + SoapMessage msg = getSoapMessageForDom(doc); + + for (String key : outProperties.keySet()) { + msg.put(key, outProperties.get(key)); + } + + handler.handleMessage(msg); + + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); + + for (String xpath : xpaths) { + assertValid(xpath, doc); + } + + byte[] docbytes = getMessageBytes(doc); + XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + dbf.setValidating(false); + dbf.setIgnoringComments(false); + dbf.setIgnoringElementContentWhitespace(true); + dbf.setNamespaceAware(true); + + DocumentBuilder db = dbf.newDocumentBuilder(); + db.setEntityResolver(new NullResolver()); + doc = StaxUtils.read(db, reader, false); + + WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties); + + SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); + ex.setInMessage(inmsg); + inmsg.setContent(SOAPMessage.class, saajMsg); + + + inHandler.handleMessage(inmsg); + + return inmsg; + } + protected static boolean checkUnrestrictedPoliciesInstalled() { try { byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java index 28c7cf3..549e8bf 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java @@ -18,8 +18,6 @@ */ package org.apache.cxf.ws.security.wss4j; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; @@ -27,23 +25,10 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; -import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; - import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.helpers.DOMUtils.NullResolver; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; -import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.staxutils.StaxUtils; import org.apache.wss4j.common.EncryptionActionToken; import org.apache.wss4j.common.SignatureActionToken; @@ -73,7 +58,7 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions); outProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); - Map<String, String> inProperties = new HashMap<>(); + Map<String, Object> inProperties = new HashMap<>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -102,13 +87,10 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -145,82 +127,12 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { ); } - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - private List<WSHandlerResult> getResults(SoapMessage inmsg) { final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS)); return handlerResults; } - private SoapMessage makeInvocation( - Map<String, Object> outProperties, - List<String> xpaths, - Map<String, String> inProperties - ) throws Exception { - Document doc = readDocument("wsse-request-clean.xml"); - - WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); - PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - - for (String key : outProperties.keySet()) { - msg.put(key, outProperties.get(key)); - } - - handler.handleMessage(msg); - - doc = part; - - for (String xpath : xpaths) { - assertValid(xpath, doc); - } - - byte[] docbytes = getMessageBytes(doc); - XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - - dbf.setValidating(false); - dbf.setIgnoringComments(false); - dbf.setIgnoringElementContentWhitespace(true); - dbf.setNamespaceAware(true); - - DocumentBuilder db = dbf.newDocumentBuilder(); - db.setEntityResolver(new NullResolver()); - doc = StaxUtils.read(db, reader, false); - - WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); - - SoapMessage inmsg = new SoapMessage(new MessageImpl()); - ex.setInMessage(inmsg); - inmsg.setContent(SOAPMessage.class, saajMsg); - - for (String key : inProperties.keySet()) { - inHandler.setProperty(key, inProperties.get(key)); - } - - inHandler.handleMessage(inmsg); - - return inmsg; - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) { return StaxUtils.toString(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java index 3f2e07f..d4caa27 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java @@ -19,20 +19,16 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.util.List; import java.util.Set; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils.NullResolver; @@ -44,7 +40,6 @@ import org.apache.cxf.staxutils.StaxUtils; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; - /** * This a test of the Signature Confirmation functionality that is contained in the * WS-Security 1.1 specification. The requestor signs an outbound SOAP message and saves @@ -65,16 +60,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true"); @@ -88,7 +74,9 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { msg.put(org.apache.cxf.message.Message.REQUESTOR_ROLE, true); handler.handleMessage(msg); - doc = part; + + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -117,6 +105,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -147,23 +136,15 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); msg.put(WSHandlerConstants.RECV_RESULTS, sigReceived); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); // assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc); @@ -187,6 +168,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -196,18 +178,4 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { inHandler.handleMessage(inmsg); } - - private byte[] getMessageBytes(Document doc) throws Exception { - // XMLOutputFactory factory = XMLOutputFactory.newInstance(); - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - - // XMLStreamWriter byteArrayWriter = - // factory.createXMLStreamWriter(outputStream); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - - StaxUtils.writeDocument(doc, byteArrayWriter, false); - - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java index a554c5c..bf1f9c3 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java @@ -19,20 +19,15 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPConstants; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.helpers.DOMUtils.NullResolver; @@ -63,17 +58,9 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { public void testNoSecurity() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - doc = part; + SoapMessage msg = getSoapMessageForDom(doc); + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); byte[] docbytes = getMessageBytes(doc); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); @@ -92,6 +79,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -123,23 +111,15 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); msg.put(WSHandlerConstants.TTL_TIMESTAMP, "1"); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); @@ -160,6 +140,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -192,22 +173,14 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); @@ -228,6 +201,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -254,17 +228,9 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { public void testSignedEncryptedSOAP12Fault() throws Exception { Document doc = readDocument("wsse-response-fault.xml"); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance(SOAPConstants.SOAP_1_2_PROTOCOL).createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - doc = part; + SoapMessage msg = getSoapMessageForDom(doc); + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); byte[] docbytes = getMessageBytes(doc); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); @@ -283,6 +249,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -310,17 +277,4 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { } } - private byte[] getMessageBytes(Document doc) throws Exception { - // XMLOutputFactory factory = XMLOutputFactory.newInstance(); - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - - // XMLStreamWriter byteArrayWriter = - // factory.createXMLStreamWriter(outputStream); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - - StaxUtils.writeDocument(doc, byteArrayWriter, false); - - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java index 9a95315..31debf3 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java @@ -19,7 +19,6 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -32,14 +31,11 @@ import java.util.TreeSet; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; @@ -91,13 +87,13 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -117,14 +113,14 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testDirectReferenceSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -145,19 +141,16 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testEncryption() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); outProperties.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -196,7 +189,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testEncryptedUsernameToken() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT @@ -210,16 +203,13 @@ public class WSS4JInOutTest extends AbstractSecurityTest { "{Content}{" + WSConstants.WSSE_NS + "}UsernameToken" ); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT ); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -251,19 +241,16 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testUsernameToken() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); outProperties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "alicePassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); inProperties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -286,16 +273,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); @@ -304,7 +282,8 @@ public class WSS4JInOutTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -331,6 +310,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -352,16 +332,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); @@ -370,7 +341,8 @@ public class WSS4JInOutTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -405,9 +377,10 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); - + inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inHandler.handleMessage(inmsg); @@ -425,17 +398,15 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testPKIPath() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); - outProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, KeystorePasswordCallback.class.getName() - ); + outProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new KeystorePasswordCallback()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "cxfca.properties"); @@ -456,7 +427,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testUsernameTokenSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.SIGNATURE); @@ -470,7 +441,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { "org.apache.cxf.ws.security.wss4j.TestPwdCallback" ); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.SIGNATURE @@ -490,15 +461,6 @@ public class WSS4JInOutTest extends AbstractSecurityTest { makeInvocation(outProperties, xpaths, inProperties); } - - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - /** * @return a processor map suitable for custom processing of * signatures (in this case, the actual processor is @@ -523,68 +485,6 @@ public class WSS4JInOutTest extends AbstractSecurityTest { return handlerResults; } - private SoapMessage makeInvocation( - Map<String, String> outProperties, - List<String> xpaths, - Map<String, String> inProperties - ) throws Exception { - Document doc = readDocument("wsse-request-clean.xml"); - - WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); - PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - - for (String key : outProperties.keySet()) { - msg.put(key, outProperties.get(key)); - } - - handler.handleMessage(msg); - - doc = part; - - for (String xpath : xpaths) { - assertValid(xpath, doc); - } - - byte[] docbytes = getMessageBytes(doc); - XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - - dbf.setValidating(false); - dbf.setIgnoringComments(false); - dbf.setIgnoringElementContentWhitespace(true); - dbf.setNamespaceAware(true); - - DocumentBuilder db = dbf.newDocumentBuilder(); - db.setEntityResolver(new NullResolver()); - doc = StaxUtils.read(db, reader, false); - - WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); - - SoapMessage inmsg = new SoapMessage(new MessageImpl()); - ex.setInMessage(inmsg); - inmsg.setContent(SOAPMessage.class, saajMsg); - - for (String key : inProperties.keySet()) { - inHandler.setProperty(key, inProperties.get(key)); - } - - inHandler.handleMessage(inmsg); - - return inmsg; - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) { return StaxUtils.toString(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java index 5e5b184..bcb0d95 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java @@ -22,14 +22,11 @@ import java.util.HashMap; import java.util.Map; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; import org.apache.cxf.phase.PhaseInterceptor; import org.apache.wss4j.common.SecurityActionToken; import org.apache.wss4j.common.ext.WSSecurityException; @@ -44,17 +41,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testUsernameTokenText() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "username"); @@ -62,7 +54,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -72,17 +64,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testUsernameTokenDigest() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "username"); @@ -90,7 +77,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -100,17 +87,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testEncrypt() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties"); @@ -119,24 +101,19 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//s:Body/xenc:EncryptedData", doc); } @Test public void testSignature() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "myAlias"); @@ -144,24 +121,19 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); } @Test public void testTimestamp() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - ohandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); ohandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "myalias"); @@ -169,23 +141,18 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsu:Timestamp", doc); } @Test public void testOverrideCustomAction() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); CountingUsernameTokenAction action = new CountingUsernameTokenAction(); Map<Object, Object> customActions = new HashMap<Object, Object>(1); @@ -199,7 +166,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -225,17 +192,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testAddCustomAction() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - CountingUsernameTokenAction action = new CountingUsernameTokenAction(); Map<Object, Object> customActions = new HashMap<Object, Object>(1); customActions.put(12345, action); @@ -248,7 +210,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java index bd6d2e8..50b85dc 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java @@ -100,10 +100,8 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - properties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); + properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); @@ -165,10 +163,8 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - properties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); + properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); @@ -209,9 +205,7 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - properties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); @@ -261,9 +255,7 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - properties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); http://git-wip-us.apache.org/repos/asf/cxf/blob/25b8c0e5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java index 038ef65..1425a34 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.ws.security.wss4j.saml; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -28,12 +28,8 @@ import java.util.Map; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; @@ -88,10 +84,7 @@ public class SamlTokenTest extends AbstractSecurityTest { private SecurityContext testSaml1Token(boolean allowUnsignedPrincipal) throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); @@ -130,10 +123,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml1TokenSignedSenderVouches() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "password"); @@ -176,10 +166,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml2Token() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); @@ -213,10 +200,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml2TokenSignedSenderVouches() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "password"); @@ -270,9 +254,7 @@ public class SamlTokenTest extends AbstractSecurityTest { SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -291,14 +273,14 @@ public class SamlTokenTest extends AbstractSecurityTest { xpaths.add("//wsse:Security/saml1:Assertion"); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected } validator.setRequireSenderVouches(false); - Message message = makeInvocation(outProperties, xpaths, inProperties); + Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); @@ -328,9 +310,7 @@ public class SamlTokenTest extends AbstractSecurityTest { SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -349,7 +329,7 @@ public class SamlTokenTest extends AbstractSecurityTest { xpaths.add("//wsse:Security/saml2:Assertion"); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected @@ -357,14 +337,14 @@ public class SamlTokenTest extends AbstractSecurityTest { validator.setRequireSenderVouches(false); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected } validator.setRequireSAML1Assertion(false); - Message message = makeInvocation(outProperties, xpaths, inProperties); + Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); @@ -397,9 +377,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -457,9 +435,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -516,9 +492,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -561,14 +535,6 @@ public class SamlTokenTest extends AbstractSecurityTest { private SoapMessage makeInvocation( Map<String, Object> outProperties, List<String> xpaths, - Map<String, Object> inProperties - ) throws Exception { - return makeInvocation(outProperties, xpaths, inProperties, new HashMap<String, String>()); - } - - private SoapMessage makeInvocation( - Map<String, Object> outProperties, - List<String> xpaths, Map<String, Object> inProperties, Map<String, String> inMessageProperties ) throws Exception { @@ -577,16 +543,7 @@ public class SamlTokenTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); for (String key : outProperties.keySet()) { msg.put(key, outProperties.get(key)); @@ -594,7 +551,8 @@ public class SamlTokenTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); for (String xpath : xpaths) { assertValid(xpath, doc); @@ -621,6 +579,7 @@ public class SamlTokenTest extends AbstractSecurityTest { for (String inMessageProperty : inMessageProperties.keySet()) { inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty)); } + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -629,14 +588,6 @@ public class SamlTokenTest extends AbstractSecurityTest { return inmsg; } - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) throws Exception { return StaxUtils.toString(doc);
