Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java?rev=1073823&view=auto ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java (added) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java Wed Feb 23 16:48:04 2011 @@ -0,0 +1,273 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ws.security.components.crypto; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ws.security.WSSecurityEngine; +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityEngineResult; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.common.KeystoreCallbackHandler; +import org.apache.ws.security.common.SOAPUtil; +import org.apache.ws.security.components.crypto.Crypto; +import org.apache.ws.security.components.crypto.CryptoType; +import org.apache.ws.security.components.crypto.CryptoFactory; +import org.apache.ws.security.message.WSSecHeader; +import org.apache.ws.security.message.WSSecSignature; +import org.apache.ws.security.util.WSSecurityUtil; +import org.w3c.dom.Document; + +import java.security.cert.X509Certificate; +import java.util.List; + +import javax.security.auth.callback.CallbackHandler; + +/** + * This is a test for the CertificateStore Crypto instance. This class does not know anything + * about Java KeyStores, but just wraps a list of trusted certificates. + */ +public class CertificateStoreTest extends org.junit.Assert { + private static final Log LOG = LogFactory.getLog(CertificateStoreTest.class); + private WSSecurityEngine secEngine = new WSSecurityEngine(); + private Crypto senderCrypto = CryptoFactory.getInstance("wss40.properties"); + private Crypto receiverCrypto = null; + private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler(); + + public CertificateStoreTest() throws Exception { + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + X509Certificate[] certs = senderCrypto.getX509Certificates(cryptoType); + receiverCrypto = new CertificateStore(certs); + } + + /** + * Test signing a SOAP message using a BST. + */ + @org.junit.Test + public void testSignatureDirectReference() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("wss40", "security"); + sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, senderCrypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + // + // Verify the signature + // + List<WSSecurityEngineResult> results = verify(signedDoc, receiverCrypto); + WSSecurityEngineResult result = + WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + assertTrue (cert != null); + } + + /** + * Test signing a SOAP message using an X.509 Key Identifier. + */ + @org.junit.Test + public void testSignatureX509() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("wss40", "security"); + sign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, senderCrypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + // + // Verify the signature + // + List<WSSecurityEngineResult> results = verify(signedDoc, receiverCrypto); + WSSecurityEngineResult result = + WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + assertTrue (cert != null); + } + + /** + * Test signing a SOAP message using Issuer Serial. + */ + @org.junit.Test + public void testSignatureIssuerSerial() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("wss40", "security"); + sign.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, senderCrypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + + // + // Verify the signature + // + List<WSSecurityEngineResult> results = verify(signedDoc, receiverCrypto); + WSSecurityEngineResult result = + WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + assertTrue (cert != null); + } + + /** + * Test signing a SOAP message using a Thumbprint + */ + @org.junit.Test + public void testSignatureThumbprint() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("wss40", "security"); + sign.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, senderCrypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + + // + // Verify the signature + // + List<WSSecurityEngineResult> results = verify(signedDoc, receiverCrypto); + WSSecurityEngineResult result = + WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + assertTrue (cert != null); + } + + /** + * Test signing a SOAP message using a SKI Key Identifier + */ + @org.junit.Test + public void testSignatureSKI() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("wss40", "security"); + sign.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, senderCrypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + + // + // Verify the signature + // + List<WSSecurityEngineResult> results = verify(signedDoc, receiverCrypto); + WSSecurityEngineResult result = + WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); + X509Certificate cert = + (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); + assertTrue (cert != null); + } + + /** + * Test signing a SOAP message using a BST. The certificate is not known to the + * CertificateStore and so should throw an exception. + */ + @org.junit.Test + public void testSignatureDirectReferenceUntrusted() throws Exception { + WSSecSignature sign = new WSSecSignature(); + sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security"); + sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document signedDoc = sign.build(doc, CryptoFactory.getInstance(), secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); + LOG.debug(outputString); + } + // + // Verify the signature + // + try { + verify(signedDoc, receiverCrypto); + fail("Failure expected on an unknown certificate"); + } catch (WSSecurityException ex) { + // expected + } + } + + /** + * Verifies the soap envelope + * <p/> + * + * @param doc + * @throws Exception Thrown when there is a problem in verification + */ + private List<WSSecurityEngineResult> + verify(Document doc, Crypto crypto) throws WSSecurityException { + List<WSSecurityEngineResult> results = secEngine.processSecurityHeader( + doc, null, keystoreCallbackHandler, crypto + ); + if (LOG.isDebugEnabled()) { + LOG.debug("Verfied and decrypted message:"); + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); + LOG.debug(outputString); + } + return results; + } + + +}
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java Wed Feb 23 16:48:04 2011 @@ -94,7 +94,7 @@ public class CryptoTest extends org.juni ClassLoader loader = Loader.getClassLoader(CryptoTest.class); InputStream input = Merlin.loadInputStream(loader, "keys/wss40.jks"); keyStore.load(input, "security".toCharArray()); - crypto.setKeyStore(keyStore); + ((Merlin)crypto).setKeyStore(keyStore); Document signedDoc = builder.build(doc, crypto, secHeader); // Load the truststore @@ -102,7 +102,7 @@ public class CryptoTest extends org.juni KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40CA.jks"); trustStore.load(input, "security".toCharArray()); - processCrypto.setTrustStore(trustStore); + ((Merlin)processCrypto).setTrustStore(trustStore); WSSecurityEngine secEngine = new WSSecurityEngine(); secEngine.processSecurityHeader(signedDoc, null, null, processCrypto); @@ -112,7 +112,7 @@ public class CryptoTest extends org.juni trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40badca.jks"); trustStore.load(input, "security".toCharArray()); - processCrypto.setTrustStore(trustStore); + ((Merlin)processCrypto).setTrustStore(trustStore); try { secEngine.processSecurityHeader(signedDoc, null, null, processCrypto); Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java Wed Feb 23 16:48:04 2011 @@ -28,6 +28,7 @@ import org.apache.ws.security.common.Key import org.apache.ws.security.common.SOAPUtil; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; +import org.apache.ws.security.components.crypto.CryptoType; import org.apache.ws.security.message.token.SecurityTokenReference; import org.apache.ws.security.util.WSSecurityUtil; import org.w3c.dom.Document; @@ -176,7 +177,9 @@ public class DerivedKeyTest extends org. secHeader.insertSecurityHeader(doc); SecurityTokenReference secToken = new SecurityTokenReference(doc); - X509Certificate[] certs = crypto.getCertificates("wss40"); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); secToken.setKeyIdentifierThumb(certs[0]); WSSecDKSign sigBuilder = new WSSecDKSign(); @@ -215,7 +218,9 @@ public class DerivedKeyTest extends org. secHeader.insertSecurityHeader(doc); SecurityTokenReference secToken = new SecurityTokenReference(doc); - X509Certificate[] certs = crypto.getCertificates("wss40"); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); secToken.setKeyIdentifierSKI(certs[0], crypto); WSSecDKSign sigBuilder = new WSSecDKSign(); Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignaturePartsTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignaturePartsTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignaturePartsTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignaturePartsTest.java Wed Feb 23 16:48:04 2011 @@ -166,7 +166,7 @@ public class SignaturePartsTest extends ClassLoader loader = Loader.getClassLoader(SignedSamlTokenHOKTest.class); InputStream input = Merlin.loadInputStream(loader, "keys/wss40_server.jks"); keyStore.load(input, "security".toCharArray()); - issuerCrypto.setKeyStore(keyStore); + ((Merlin)issuerCrypto).setKeyStore(keyStore); Crypto userCrypto = CryptoFactory.getInstance("wss40.properties"); @@ -213,7 +213,7 @@ public class SignaturePartsTest extends KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40CA.jks"); trustStore.load(input, "security".toCharArray()); - trustCrypto.setTrustStore(trustStore); + ((Merlin)trustCrypto).setTrustStore(trustStore); List<WSSecurityEngineResult> results = secEngine.processSecurityHeader(doc, null, null, trustCrypto); Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlNegativeTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlNegativeTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlNegativeTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlNegativeTest.java Wed Feb 23 16:48:04 2011 @@ -34,6 +34,7 @@ import org.apache.ws.security.common.SAM import org.apache.ws.security.common.SOAPUtil; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; +import org.apache.ws.security.components.crypto.CryptoType; import org.apache.ws.security.components.crypto.Merlin; import org.apache.ws.security.message.WSSecHeader; import org.apache.ws.security.message.WSSecSAMLToken; @@ -76,14 +77,14 @@ public class SamlNegativeTest extends or ClassLoader loader = Loader.getClassLoader(SamlNegativeTest.class); InputStream input = Merlin.loadInputStream(loader, "keys/wss40_server.jks"); keyStore.load(input, "security".toCharArray()); - issuerCrypto.setKeyStore(keyStore); + ((Merlin)issuerCrypto).setKeyStore(keyStore); // Load the server truststore trustCrypto = new Merlin(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40CA.jks"); trustStore.load(input, "security".toCharArray()); - trustCrypto.setTrustStore(trustStore); + ((Merlin)trustCrypto).setTrustStore(trustStore); } /** @@ -393,7 +394,9 @@ public class SamlNegativeTest extends or public SAML1HOKNoKeyInfoCallbackHandler() throws Exception { Crypto crypto = CryptoFactory.getInstance("wss40.properties"); - certs = crypto.getCertificates("wss40"); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + certs = crypto.getX509Certificates(cryptoType); subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com"; subjectQualifier = "www.example.com"; Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java Wed Feb 23 16:48:04 2011 @@ -73,14 +73,14 @@ public class SamlReferenceTest extends o ClassLoader loader = Loader.getClassLoader(SignedSamlTokenHOKTest.class); InputStream input = Merlin.loadInputStream(loader, "keys/wss40_server.jks"); keyStore.load(input, "security".toCharArray()); - issuerCrypto.setKeyStore(keyStore); + ((Merlin)issuerCrypto).setKeyStore(keyStore); // Load the server truststore trustCrypto = new Merlin(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40CA.jks"); trustStore.load(input, "security".toCharArray()); - trustCrypto.setTrustStore(trustStore); + ((Merlin)trustCrypto).setTrustStore(trustStore); } /** Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenHOKTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenHOKTest.java?rev=1073823&r1=1073822&r2=1073823&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenHOKTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenHOKTest.java Wed Feb 23 16:48:04 2011 @@ -69,14 +69,14 @@ public class SignedSamlTokenHOKTest exte ClassLoader loader = Loader.getClassLoader(SignedSamlTokenHOKTest.class); InputStream input = Merlin.loadInputStream(loader, "keys/wss40_server.jks"); keyStore.load(input, "security".toCharArray()); - issuerCrypto.setKeyStore(keyStore); + ((Merlin)issuerCrypto).setKeyStore(keyStore); // Load the server truststore trustCrypto = new Merlin(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); input = Merlin.loadInputStream(loader, "keys/wss40CA.jks"); trustStore.load(input, "security".toCharArray()); - trustCrypto.setTrustStore(trustStore); + ((Merlin)trustCrypto).setTrustStore(trustStore); } /**
