Security test refactor # Conflicts: # rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4337e0b5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4337e0b5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4337e0b5 Branch: refs/heads/3.0.x-fixes Commit: 4337e0b5372a88f9c0f0a8822a2eab17a7f95548 Parents: 052c88c Author: Colm O hEigeartaigh <[email protected]> Authored: Tue May 17 16:00:42 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue May 17 16:13:55 2016 +0100 ---------------------------------------------------------------------- .../wss4j/AbstractPolicySecurityTest.java | 5 +- .../ws/security/wss4j/AbstractSecurityTest.java | 87 +++++++++-- .../security/wss4j/SecurityActionTokenTest.java | 98 +----------- .../wss4j/SignatureConfirmationTest.java | 51 ++---- .../ws/security/wss4j/WSS4JFaultCodeTest.java | 80 ++-------- .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 155 ++++--------------- .../security/wss4j/WSS4JOutInterceptorTest.java | 82 +++------- .../security/wss4j/saml/DOMToStaxSamlTest.java | 20 +-- .../ws/security/wss4j/saml/SamlTokenTest.java | 87 +++-------- 9 files changed, 180 insertions(+), 485 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java index b7e06f9..7d62cfe 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java @@ -115,8 +115,7 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest { final Element inPolicyElement; if (inPolicyDocument != null) { - inPolicyElement = this.readDocument(inPolicyDocument) - .getDocumentElement(); + inPolicyElement = this.readDocument(inPolicyDocument).getDocumentElement(); } else { inPolicyElement = outPolicyElement; } @@ -416,7 +415,7 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest { SoapMessage msg = this.getSoapMessageForDom(doc, aim); msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "outsecurity.properties"); msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "outsecurity.properties"); - msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName()); + msg.put(SecurityConstants.CALLBACK_HANDLER, new TestPwdCallback()); msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias"); msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias"); http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java index 22b09b4..e5e531d 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java @@ -18,29 +18,36 @@ */ package org.apache.cxf.ws.security.wss4j; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.File; -import java.io.IOException; import java.io.InputStream; +import java.util.List; +import java.util.Map; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; -import org.xml.sax.SAXException; - import org.apache.cxf.binding.soap.Soap11; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.helpers.DOMUtils.NullResolver; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.test.AbstractCXFTest; import org.apache.wss4j.dom.WSConstants; @@ -71,16 +78,6 @@ public abstract class AbstractSecurityTest extends AbstractCXFTest { } /** - * Reads a classpath resource into a SAAJ structure. - * @param name the name of the classpath resource - */ - protected SOAPMessage readSAAJDocument(String name) throws SAXException, IOException, - ParserConfigurationException, SOAPException { - InputStream inStream = getClass().getResourceAsStream(name); - return MessageFactory.newInstance().createMessage(null, inStream); - } - - /** * Creates a {@link SoapMessage} from the contents of a document. * @param doc the document containing the SOAP content. */ @@ -90,17 +87,75 @@ public abstract class AbstractSecurityTest extends AbstractCXFTest { part.setContent(new DOMSource(doc)); saajMsg.saveChanges(); - // Hack to create the context map MessageImpl message = new MessageImpl(); - message.getContextualProperty("XYZ"); - SoapMessage msg = new SoapMessage(message); Exchange ex = new ExchangeImpl(); ex.setInMessage(msg); msg.setContent(SOAPMessage.class, saajMsg); + return msg; } + protected byte[] getMessageBytes(Document doc) throws Exception { + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); + StaxUtils.writeDocument(doc, byteArrayWriter, false); + byteArrayWriter.flush(); + return outputStream.toByteArray(); + } + + protected SoapMessage makeInvocation( + Map<String, Object> outProperties, + List<String> xpaths, + Map<String, Object> inProperties + ) throws Exception { + Document doc = readDocument("wsse-request-clean.xml"); + + WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); + PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); + + SoapMessage msg = getSoapMessageForDom(doc); + + for (String key : outProperties.keySet()) { + msg.put(key, outProperties.get(key)); + } + + handler.handleMessage(msg); + + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); + + for (String xpath : xpaths) { + assertValid(xpath, doc); + } + + byte[] docbytes = getMessageBytes(doc); + XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + dbf.setValidating(false); + dbf.setIgnoringComments(false); + dbf.setIgnoringElementContentWhitespace(true); + dbf.setNamespaceAware(true); + + DocumentBuilder db = dbf.newDocumentBuilder(); + db.setEntityResolver(new NullResolver()); + doc = StaxUtils.read(db, reader, false); + + WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties); + + SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); + ex.setInMessage(inmsg); + inmsg.setContent(SOAPMessage.class, saajMsg); + + + inHandler.handleMessage(inmsg); + + return inmsg; + } + protected static boolean checkUnrestrictedPoliciesInstalled() { try { byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java index 43d9dd3..3789956 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityActionTokenTest.java @@ -18,8 +18,6 @@ */ package org.apache.cxf.ws.security.wss4j; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; @@ -27,23 +25,10 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; -import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; - import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.helpers.DOMUtils.NullResolver; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; -import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.staxutils.StaxUtils; import org.apache.wss4j.common.EncryptionActionToken; import org.apache.wss4j.common.SignatureActionToken; @@ -74,7 +59,11 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions); outProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); +<<<<<<< HEAD Map<String, String> inProperties = new HashMap<String, String>(); +======= + Map<String, Object> inProperties = new HashMap<>(); +>>>>>>> c4c48d0... Security test refactor inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -103,13 +92,10 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -146,82 +132,12 @@ public class SecurityActionTokenTest extends AbstractSecurityTest { ); } - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - private List<WSHandlerResult> getResults(SoapMessage inmsg) { final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS)); return handlerResults; } - private SoapMessage makeInvocation( - Map<String, Object> outProperties, - List<String> xpaths, - Map<String, String> inProperties - ) throws Exception { - Document doc = readDocument("wsse-request-clean.xml"); - - WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); - PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - - for (String key : outProperties.keySet()) { - msg.put(key, outProperties.get(key)); - } - - handler.handleMessage(msg); - - doc = part; - - for (String xpath : xpaths) { - assertValid(xpath, doc); - } - - byte[] docbytes = getMessageBytes(doc); - XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - - dbf.setValidating(false); - dbf.setIgnoringComments(false); - dbf.setIgnoringElementContentWhitespace(true); - dbf.setNamespaceAware(true); - - DocumentBuilder db = dbf.newDocumentBuilder(); - db.setEntityResolver(new NullResolver()); - doc = StaxUtils.read(db, reader, false); - - WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); - - SoapMessage inmsg = new SoapMessage(new MessageImpl()); - ex.setInMessage(inmsg); - inmsg.setContent(SOAPMessage.class, saajMsg); - - for (String key : inProperties.keySet()) { - inHandler.setProperty(key, inProperties.get(key)); - } - - inHandler.handleMessage(inmsg); - - return inmsg; - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) { return StaxUtils.toString(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java index 02418a5..626ab4a 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java @@ -19,17 +19,12 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.util.List; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; @@ -45,7 +40,6 @@ import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; - /** * This a test of the Signature Confirmation functionality that is contained in the * WS-Security 1.1 specification. The requestor signs an outbound SOAP message and saves @@ -66,16 +60,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true"); @@ -89,7 +74,9 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { msg.put(org.apache.cxf.message.Message.REQUESTOR_ROLE, true); handler.handleMessage(msg); - doc = part; + + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -118,6 +105,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -152,23 +140,15 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); msg.put(WSHandlerConstants.RECV_RESULTS, sigReceived); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); // assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc); @@ -192,6 +172,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -201,18 +182,4 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { inHandler.handleMessage(inmsg); } - - private byte[] getMessageBytes(Document doc) throws Exception { - // XMLOutputFactory factory = XMLOutputFactory.newInstance(); - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - - // XMLStreamWriter byteArrayWriter = - // factory.createXMLStreamWriter(outputStream); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - - StaxUtils.writeDocument(doc, byteArrayWriter, false); - - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java index a554c5c..bf1f9c3 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java @@ -19,20 +19,15 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPConstants; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.helpers.DOMUtils.NullResolver; @@ -63,17 +58,9 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { public void testNoSecurity() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - doc = part; + SoapMessage msg = getSoapMessageForDom(doc); + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); byte[] docbytes = getMessageBytes(doc); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); @@ -92,6 +79,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -123,23 +111,15 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); msg.put(WSHandlerConstants.TTL_TIMESTAMP, "1"); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); @@ -160,6 +140,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -192,22 +173,14 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); @@ -228,6 +201,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -254,17 +228,9 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { public void testSignedEncryptedSOAP12Fault() throws Exception { Document doc = readDocument("wsse-response-fault.xml"); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance(SOAPConstants.SOAP_1_2_PROTOCOL).createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - doc = part; + SoapMessage msg = getSoapMessageForDom(doc); + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); byte[] docbytes = getMessageBytes(doc); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); @@ -283,6 +249,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -310,17 +277,4 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest { } } - private byte[] getMessageBytes(Document doc) throws Exception { - // XMLOutputFactory factory = XMLOutputFactory.newInstance(); - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - - // XMLStreamWriter byteArrayWriter = - // factory.createXMLStreamWriter(outputStream); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - - StaxUtils.writeDocument(doc, byteArrayWriter, false); - - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java index eaa9307..8f91fe0 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java @@ -19,7 +19,6 @@ package org.apache.cxf.ws.security.wss4j; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -32,12 +31,8 @@ import java.util.TreeSet; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; @@ -93,13 +88,13 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -119,14 +114,14 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testDirectReferenceSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); @@ -147,19 +142,16 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testEncryption() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); outProperties.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "myalias"); outProperties.put("password", "myAliasPassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -198,7 +190,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testEncryptedUsernameToken() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT @@ -212,16 +204,13 @@ public class WSS4JInOutTest extends AbstractSecurityTest { "{Content}{" + WSConstants.WSSE_NS + "}UsernameToken" ); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT ); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -252,19 +241,16 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testUsernameToken() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); outProperties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "alicePassword"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); inProperties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); - inProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.TestPwdCallback" - ); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback()); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); @@ -287,16 +273,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); @@ -305,7 +282,8 @@ public class WSS4JInOutTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -332,6 +310,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -351,16 +330,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); @@ -369,7 +339,8 @@ public class WSS4JInOutTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); @@ -404,9 +375,10 @@ public class WSS4JInOutTest extends AbstractSecurityTest { WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties); SoapMessage inmsg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); - + inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inHandler.handleMessage(inmsg); @@ -422,17 +394,15 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testPKIPath() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); - outProperties.put( - WSHandlerConstants.PW_CALLBACK_CLASS, KeystorePasswordCallback.class.getName() - ); + outProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new KeystorePasswordCallback()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false"); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "cxfca.properties"); @@ -453,7 +423,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { @Test public void testUsernameTokenSignature() throws Exception { - Map<String, String> outProperties = new HashMap<String, String>(); + Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.SIGNATURE); @@ -467,7 +437,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest { "org.apache.cxf.ws.security.wss4j.TestPwdCallback" ); - Map<String, String> inProperties = new HashMap<String, String>(); + Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.SIGNATURE @@ -487,15 +457,6 @@ public class WSS4JInOutTest extends AbstractSecurityTest { makeInvocation(outProperties, xpaths, inProperties); } - - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - /** * @return a processor map suitable for custom processing of * signatures (in this case, the actual processor is @@ -520,68 +481,6 @@ public class WSS4JInOutTest extends AbstractSecurityTest { return handlerResults; } - private SoapMessage makeInvocation( - Map<String, String> outProperties, - List<String> xpaths, - Map<String, String> inProperties - ) throws Exception { - Document doc = readDocument("wsse-request-clean.xml"); - - WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); - PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); - - for (String key : outProperties.keySet()) { - msg.put(key, outProperties.get(key)); - } - - handler.handleMessage(msg); - - doc = part; - - for (String xpath : xpaths) { - assertValid(xpath, doc); - } - - byte[] docbytes = getMessageBytes(doc); - XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - - dbf.setValidating(false); - dbf.setIgnoringComments(false); - dbf.setIgnoringElementContentWhitespace(true); - dbf.setNamespaceAware(true); - - DocumentBuilder db = dbf.newDocumentBuilder(); - db.setEntityResolver(new NullResolver()); - doc = StaxUtils.read(db, reader, false); - - WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); - - SoapMessage inmsg = new SoapMessage(new MessageImpl()); - ex.setInMessage(inmsg); - inmsg.setContent(SOAPMessage.class, saajMsg); - - for (String key : inProperties.keySet()) { - inHandler.setProperty(key, inProperties.get(key)); - } - - inHandler.handleMessage(inmsg); - - return inmsg; - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) { return StaxUtils.toString(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java index 5e5b184..bcb0d95 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java @@ -22,14 +22,11 @@ import java.util.HashMap; import java.util.Map; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import org.w3c.dom.Document; + import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; import org.apache.cxf.phase.PhaseInterceptor; import org.apache.wss4j.common.SecurityActionToken; import org.apache.wss4j.common.ext.WSSecurityException; @@ -44,17 +41,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testUsernameTokenText() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "username"); @@ -62,7 +54,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -72,17 +64,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testUsernameTokenDigest() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "username"); @@ -90,7 +77,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -100,17 +87,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testEncrypt() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties"); @@ -119,24 +101,19 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//s:Body/xenc:EncryptedData", doc); } @Test public void testSignature() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "myAlias"); @@ -144,24 +121,19 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/ds:Signature", doc); } @Test public void testTimestamp() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - ohandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP); ohandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties"); msg.put(WSHandlerConstants.USER, "myalias"); @@ -169,23 +141,18 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsu:Timestamp", doc); } @Test public void testOverrideCustomAction() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); CountingUsernameTokenAction action = new CountingUsernameTokenAction(); Map<Object, Object> customActions = new HashMap<Object, Object>(1); @@ -199,7 +166,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); @@ -225,17 +192,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { @Test public void testAddCustomAction() throws Exception { - SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml"); + Document doc = readDocument("wsse-request-clean.xml"); + SoapMessage msg = getSoapMessageForDom(doc); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - msg.setContent(SOAPMessage.class, saaj); - CountingUsernameTokenAction action = new CountingUsernameTokenAction(); Map<Object, Object> customActions = new HashMap<Object, Object>(1); customActions.put(12345, action); @@ -248,7 +210,7 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest { msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions); handler.handleMessage(msg); - SOAPPart doc = saaj.getSOAPPart(); + doc = msg.getContent(SOAPMessage.class).getSOAPPart(); assertValid("//wsse:Security", doc); assertValid("//wsse:Security/wsse:UsernameToken", doc); assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java index 39cd72a..d6b14a9 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java @@ -100,10 +100,8 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - properties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); + properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); @@ -165,10 +163,8 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - properties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); + properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); @@ -209,9 +205,7 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - properties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); @@ -261,9 +255,7 @@ public class DOMToStaxSamlTest extends AbstractSecurityTest { SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - properties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); http://git-wip-us.apache.org/repos/asf/cxf/blob/4337e0b5/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java index 1e021ea..a70fe51 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.ws.security.wss4j.saml; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -28,12 +28,8 @@ import java.util.Map; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.XMLStreamWriter; -import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; @@ -90,10 +86,7 @@ public class SamlTokenTest extends AbstractSecurityTest { private SecurityContext testSaml1Token(boolean allowUnsignedPrincipal) throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); @@ -132,10 +125,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml1TokenSignedSenderVouches() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML1CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "password"); @@ -178,10 +168,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml2Token() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); @@ -215,10 +202,7 @@ public class SamlTokenTest extends AbstractSecurityTest { public void testSaml2TokenSignedSenderVouches() throws Exception { Map<String, Object> outProperties = new HashMap<String, Object>(); outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_CLASS, - "org.apache.cxf.ws.security.wss4j.saml.SAML2CallbackHandler" - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()); outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "password"); @@ -272,9 +256,7 @@ public class SamlTokenTest extends AbstractSecurityTest { SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -293,14 +275,14 @@ public class SamlTokenTest extends AbstractSecurityTest { xpaths.add("//wsse:Security/saml1:Assertion"); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected } validator.setRequireSenderVouches(false); - Message message = makeInvocation(outProperties, xpaths, inProperties); + Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); @@ -331,9 +313,7 @@ public class SamlTokenTest extends AbstractSecurityTest { SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -352,7 +332,7 @@ public class SamlTokenTest extends AbstractSecurityTest { xpaths.add("//wsse:Security/saml2:Assertion"); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected @@ -360,14 +340,14 @@ public class SamlTokenTest extends AbstractSecurityTest { validator.setRequireSenderVouches(false); try { - makeInvocation(outProperties, xpaths, inProperties); + makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); fail("Failure expected in SAML Validator"); } catch (Fault ex) { // expected } validator.setRequireSAML1Assertion(false); - Message message = makeInvocation(outProperties, xpaths, inProperties); + Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap()); final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS)); @@ -401,9 +381,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -461,9 +439,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -520,9 +496,7 @@ public class SamlTokenTest extends AbstractSecurityTest { callbackHandler.setStatement(Statement.ATTR); callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER); - outProperties.put( - WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler - ); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); Map<String, Object> inProperties = new HashMap<String, Object>(); inProperties.put( @@ -565,14 +539,6 @@ public class SamlTokenTest extends AbstractSecurityTest { private SoapMessage makeInvocation( Map<String, Object> outProperties, List<String> xpaths, - Map<String, Object> inProperties - ) throws Exception { - return makeInvocation(outProperties, xpaths, inProperties, new HashMap<String, String>()); - } - - private SoapMessage makeInvocation( - Map<String, Object> outProperties, - List<String> xpaths, Map<String, Object> inProperties, Map<String, String> inMessageProperties ) throws Exception { @@ -581,16 +547,7 @@ public class SamlTokenTest extends AbstractSecurityTest { WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); - SoapMessage msg = new SoapMessage(new MessageImpl()); - Exchange ex = new ExchangeImpl(); - ex.setInMessage(msg); - - SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); - SOAPPart part = saajMsg.getSOAPPart(); - part.setContent(new DOMSource(doc)); - saajMsg.saveChanges(); - - msg.setContent(SOAPMessage.class, saajMsg); + SoapMessage msg = getSoapMessageForDom(doc); for (String key : outProperties.keySet()) { msg.put(key, outProperties.get(key)); @@ -598,7 +555,8 @@ public class SamlTokenTest extends AbstractSecurityTest { handler.handleMessage(msg); - doc = part; + SOAPMessage saajMsg = msg.getContent(SOAPMessage.class); + doc = saajMsg.getSOAPPart(); for (String xpath : xpaths) { assertValid(xpath, doc); @@ -625,6 +583,7 @@ public class SamlTokenTest extends AbstractSecurityTest { for (String inMessageProperty : inMessageProperties.keySet()) { inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty)); } + Exchange ex = new ExchangeImpl(); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); @@ -633,14 +592,6 @@ public class SamlTokenTest extends AbstractSecurityTest { return inmsg; } - private byte[] getMessageBytes(Document doc) throws Exception { - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream); - StaxUtils.writeDocument(doc, byteArrayWriter, false); - byteArrayWriter.flush(); - return outputStream.toByteArray(); - } - // FOR DEBUGGING ONLY /*private*/ static String serialize(Document doc) throws Exception { return StaxUtils.toString(doc);
