Java Code Examples for org.apache.cxf.phase.PhaseInterceptor#handleMessage()

The following examples show how to use org.apache.cxf.phase.PhaseInterceptor#handleMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CryptoCoverageCheckerTest.java    From steady with Apache License 2.0 6 votes vote down vote up
private void runInterceptorAndValidate(
        String document,
        Map<String, String> prefixes, 
        List<XPathExpression> xpaths,
        boolean pass) throws Exception {
    
    final Document doc = this.readDocument(document);
    final SoapMessage msg = this.getSoapMessageForDom(doc);
    final CryptoCoverageChecker checker = new CryptoCoverageChecker(prefixes, xpaths);
    final PhaseInterceptor<SoapMessage> wss4jInInterceptor = this.getWss4jInInterceptor();
    
    wss4jInInterceptor.handleMessage(msg);
    
    try {
        checker.handleMessage(msg);
        if (!pass) {
            fail("Passed interceptor erroneously.");
        }
    } catch (Fault e) {
        if (pass) {
            fail("Failed interceptor erroneously.");
        }
        
        assertTrue(e.getMessage().contains("element found matching XPath"));
    }
}
 
Example 2
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 6 votes vote down vote up
@Test
public void testEncrypt() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);
    
    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//s:Body/xenc:EncryptedData", doc);
}
 
Example 3
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 6 votes vote down vote up
@Test
public void testEncrypt() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);
    
    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//s:Body/xenc:EncryptedData", doc);
}
 
Example 4
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testAddCustomAction() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);
    
    CountingUsernameTokenAction action = new CountingUsernameTokenAction();
    Map<Object, Object> customActions = new HashMap<Object, Object>(1);
    customActions.put(12345, action);
            
    msg.put(WSHandlerConstants.ACTION, "12345");
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
    assertEquals(1, action.getExecutions());
}
 
Example 5
Source File: DefaultCryptoCoverageCheckerTest.java    From steady with Apache License 2.0 5 votes vote down vote up
private void runInterceptorAndValidate(
        String document,
        Map<String, String> prefixes, 
        List<XPathExpression> xpaths,
        boolean pass) throws Exception {
    
    final Document doc = this.readDocument(document);
    final SoapMessage msg = this.getSoapMessageForDom(doc);
    final CryptoCoverageChecker checker = new DefaultCryptoCoverageChecker();
    checker.addPrefixes(prefixes);
    checker.addXPaths(xpaths);
    final PhaseInterceptor<SoapMessage> wss4jInInterceptor = this.getWss4jInInterceptor();
    
    wss4jInInterceptor.handleMessage(msg);
    
    try {
        checker.handleMessage(msg);
        if (!pass) {
            fail("Passed interceptor erroneously.");
        }
    } catch (Fault e) {
        if (pass) {
            fail("Failed interceptor erroneously.");
        }
        
        assertTrue(e.getMessage().contains("element found matching XPath"));
    }
}
 
Example 6
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testUsernameTokenText() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
}
 
Example 7
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testAddCustomAction() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);
    
    CountingUsernameTokenAction action = new CountingUsernameTokenAction();
    Map<Object, Object> customActions = new HashMap<Object, Object>(1);
    customActions.put(12345, action);
            
    msg.put(WSHandlerConstants.ACTION, "12345");
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
    assertEquals(1, action.getExecutions());
}
 
Example 8
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testUsernameTokenText() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
}
 
Example 9
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testUsernameTokenText() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
}
 
Example 10
Source File: SignatureConfirmationTest.java    From steady with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testSignatureConfirmationRequest() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    msg.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");
    //
    // This is necessary to convince the WSS4JOutInterceptor that we're
    // functioning as a requestor
    //
    msg.put(org.apache.cxf.message.Message.REQUESTOR_ROLE, true);

    handler.handleMessage(msg);
    doc = part;
    
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/ds:Signature", doc);

    byte[] docbytes = getMessageBytes(doc);
    //
    // Save the signature for future confirmation
    //
    List<WSHandlerResult> sigv = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.SEND_SIGV));
    assertNotNull(sigv);
    assertTrue(sigv.size() != 0);
    
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
    inHandler.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");

    inHandler.handleMessage(inmsg);
    
    //
    // Check that the inbound signature result was saved
    //
    WSSecurityEngineResult result = 
        (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
    assertNotNull(result);
    
    List<WSHandlerResult> sigReceived = 
        CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
    assertNotNull(sigReceived);
    assertTrue(sigReceived.size() != 0);
    
    testSignatureConfirmationResponse(sigv, sigReceived);
}
 
Example 11
Source File: WSS4JInOutTest.java    From steady with Apache License 2.0 4 votes vote down vote up
@Test
public void testCustomProcessorObject() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/ds:Signature", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    final Map<String, Object> properties = new HashMap<String, Object>();
    final Map<QName, Object> customMap = new HashMap<QName, Object>();
    customMap.put(
        new QName(
            WSConstants.SIG_NS,
            WSConstants.SIG_LN
        ),
        CustomProcessor.class
    );
    properties.put(
        WSS4JInInterceptor.PROCESSOR_MAP,
        customMap
    );
    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);

    inHandler.handleMessage(inmsg);
    
    WSSecurityEngineResult result = 
        (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
    assertNotNull(result);
    
    Object obj = result.get("foo");
    assertNotNull(obj);
    assertEquals(obj.getClass().getName(), CustomProcessor.class.getName());
}
 
Example 12
Source File: SignatureConfirmationTest.java    From steady with Apache License 2.0 4 votes vote down vote up
private void testSignatureConfirmationResponse(
    List<WSHandlerResult> sigSaved,
    List<WSHandlerResult> sigReceived
) throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    msg.put(WSHandlerConstants.RECV_RESULTS, sigReceived);
    
    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);
    // assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc);

    byte[] docbytes = getMessageBytes(doc);
    // System.out.println(new String(docbytes));
    
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    inmsg.put(WSHandlerConstants.SEND_SIGV, sigSaved);

    inHandler.handleMessage(inmsg);
}
 
Example 13
Source File: WSS4JFaultCodeTest.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Test that an invalid Timestamp gets mapped to a proper fault code 
 */
@Test
public void testInvalidTimestamp() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    msg.put(WSHandlerConstants.TTL_TIMESTAMP, "1");

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    inHandler.setProperty(WSHandlerConstants.TTL_TIMESTAMP, "1");

    try {
        //
        // Sleep for over a second to make the timestamp invalid
        //
        Thread.sleep(1250);
        inHandler.handleMessage(inmsg);
        fail("Expected failure on an invalid Timestamp");
    } catch (SoapFault fault) {
        assertTrue(fault.getReason().startsWith(
            "The message has expired"));
        QName faultCode = new QName(WSConstants.WSSE_NS, "MessageExpired");
        assertTrue(fault.getFaultCode().equals(faultCode));
    }
}
 
Example 14
Source File: SamlTokenTest.java    From steady with Apache License 2.0 4 votes vote down vote up
private SoapMessage makeInvocation(
    Map<String, Object> outProperties,
    List<String> xpaths,
    Map<String, Object> inProperties,
    Map<String, String> inMessageProperties
) throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    for (String key : outProperties.keySet()) {
        msg.put(key, outProperties.get(key));
    }

    handler.handleMessage(msg);

    doc = part;

    for (String xpath : xpaths) {
        assertValid(xpath, doc);
    }

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    inmsg.put(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, "role");
    for (String inMessageProperty : inMessageProperties.keySet()) {
        inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty));
    }
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.handleMessage(inmsg);

    return inmsg;
}
 
Example 15
Source File: WSS4JFaultCodeTest.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Test that an action mismatch gets mapped to a proper fault code 
 */
@Test
public void testActionMismatch() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, 
        WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.USERNAME_TOKEN);
    inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());

    try {
        inHandler.handleMessage(inmsg);
        fail("Expected failure on an action mismatch");
    } catch (SoapFault fault) {
        assertTrue(fault.getReason().startsWith(
            "An error was discovered processing the <wsse:Security> header"));
        QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurity");
        assertTrue(fault.getFaultCode().equals(faultCode));
    }
}
 
Example 16
Source File: SamlTokenTest.java    From steady with Apache License 2.0 4 votes vote down vote up
private SoapMessage makeInvocation(
    Map<String, Object> outProperties,
    List<String> xpaths,
    Map<String, Object> inProperties,
    Map<String, String> inMessageProperties
) throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    for (String key : outProperties.keySet()) {
        msg.put(key, outProperties.get(key));
    }

    handler.handleMessage(msg);

    doc = part;

    for (String xpath : xpaths) {
        assertValid(xpath, doc);
    }

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    inmsg.put(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, "role");
    for (String inMessageProperty : inMessageProperties.keySet()) {
        inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty));
    }
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.handleMessage(inmsg);

    return inmsg;
}
 
Example 17
Source File: WSS4JInOutTest.java    From steady with Apache License 2.0 4 votes vote down vote up
@Test
public void testCustomProcessorObject() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/ds:Signature", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    final Map<String, Object> properties = new HashMap<String, Object>();
    final Map<QName, Object> customMap = new HashMap<QName, Object>();
    customMap.put(
        new QName(
            WSConstants.SIG_NS,
            WSConstants.SIG_LN
        ),
        CustomProcessor.class
    );
    properties.put(
        WSS4JInInterceptor.PROCESSOR_MAP,
        customMap
    );
    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);

    inHandler.handleMessage(inmsg);
    
    WSSecurityEngineResult result = 
        (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
    assertNotNull(result);
    
    Object obj = result.get("foo");
    assertNotNull(obj);
    assertEquals(obj.getClass().getName(), CustomProcessor.class.getName());
}
 
Example 18
Source File: SignatureConfirmationTest.java    From steady with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testSignatureConfirmationRequest() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    msg.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");
    //
    // This is necessary to convince the WSS4JOutInterceptor that we're
    // functioning as a requestor
    //
    msg.put(org.apache.cxf.message.Message.REQUESTOR_ROLE, true);

    handler.handleMessage(msg);
    doc = part;
    
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/ds:Signature", doc);

    byte[] docbytes = getMessageBytes(doc);
    //
    // Save the signature for future confirmation
    //
    List<WSHandlerResult> sigv = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.SEND_SIGV));
    assertNotNull(sigv);
    assertTrue(sigv.size() != 0);
    
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
    inHandler.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");

    inHandler.handleMessage(inmsg);
    
    //
    // Check that the inbound signature result was saved
    //
    WSSecurityEngineResult result = 
        (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
    assertNotNull(result);
    
    List<WSHandlerResult> sigReceived = 
        CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
    assertNotNull(sigReceived);
    assertTrue(sigReceived.size() != 0);
    
    testSignatureConfirmationResponse(sigv, sigReceived);
}
 
Example 19
Source File: WSS4JInOutTest.java    From steady with Apache License 2.0 4 votes vote down vote up
@Test
public void testCustomProcessorObject() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/ds:Signature", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    final Map<String, Object> properties = new HashMap<String, Object>();
    final Map<QName, Object> customMap = new HashMap<QName, Object>();
    customMap.put(
        new QName(
            WSConstants.SIG_NS,
            WSConstants.SIG_LN
        ),
        CustomProcessor.class
    );
    properties.put(
        WSS4JInInterceptor.PROCESSOR_MAP,
        customMap
    );
    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);

    inHandler.handleMessage(inmsg);
    
    WSSecurityEngineResult result = 
        (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
    assertNotNull(result);
    
    Object obj = result.get("foo");
    assertNotNull(obj);
    assertEquals(obj.getClass().getName(), CustomProcessor.class.getName());
}
 
Example 20
Source File: WSS4JFaultCodeTest.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Test that an action mismatch gets mapped to a proper fault code 
 */
@Test
public void testActionMismatch() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);
    
    SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
    SOAPPart part = saajMsg.getSOAPPart();
    part.setContent(new DOMSource(doc));
    saajMsg.saveChanges();

    msg.setContent(SOAPMessage.class, saajMsg);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);

    handler.handleMessage(msg);

    doc = part;
    
    assertValid("//wsse:Security", doc);

    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);

    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    doc = StaxUtils.read(db, reader, false);

    WSS4JInInterceptor inHandler = new WSS4JInInterceptor();

    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);

    inHandler.setProperty(WSHandlerConstants.ACTION, 
        WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.USERNAME_TOKEN);
    inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());

    try {
        inHandler.handleMessage(inmsg);
        fail("Expected failure on an action mismatch");
    } catch (SoapFault fault) {
        assertTrue(fault.getReason().startsWith(
            "An error was discovered processing the <wsse:Security> header"));
        QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurity");
        assertTrue(fault.getFaultCode().equals(faultCode));
    }
}