KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > servicemix > soap > handlers > security > WSSecurityHandlerTest


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.servicemix.soap.handlers.security;
18
19 import java.io.File JavaDoc;
20 import java.net.URL JavaDoc;
21 import java.security.Principal JavaDoc;
22 import java.util.List JavaDoc;
23
24 import junit.framework.TestCase;
25
26 import org.apache.servicemix.jbi.jaxp.StringSource;
27 import org.apache.servicemix.jbi.jaxp.W3CDOMStreamWriter;
28 import org.apache.servicemix.jbi.security.auth.impl.JAASAuthenticationService;
29 import org.apache.servicemix.jbi.util.DOMUtil;
30 import org.apache.servicemix.soap.Context;
31 import org.apache.servicemix.soap.SoapFault;
32 import org.apache.servicemix.soap.marshalers.SoapMarshaler;
33 import org.apache.servicemix.soap.marshalers.SoapMessage;
34 import org.apache.servicemix.soap.marshalers.SoapReader;
35 import org.apache.servicemix.soap.marshalers.SoapWriter;
36 import org.apache.ws.security.WSSecurityEngineResult;
37 import org.apache.ws.security.WSUsernameTokenPrincipal;
38 import org.apache.ws.security.handler.WSHandlerConstants;
39 import org.apache.ws.security.handler.WSHandlerResult;
40 import org.springframework.core.io.ClassPathResource;
41 import org.w3c.dom.Document JavaDoc;
42
43 import sun.security.x509.X500Name;
44
45 public class WSSecurityHandlerTest extends TestCase {
46     
47     static {
48         String JavaDoc path = System.getProperty("java.security.auth.login.config");
49         if (path == null) {
50             URL JavaDoc resource = WSSecurityHandlerTest.class.getClassLoader().getResource("login.properties");
51             if (resource != null) {
52                 path = new File JavaDoc(resource.getFile()).getAbsolutePath();
53                 System.setProperty("java.security.auth.login.config", path);
54             }
55         }
56         System.out.println("Path to login config: " + path);
57     }
58
59     public void testUserNameToken() throws Exception JavaDoc {
60         SoapMarshaler marshaler = new SoapMarshaler(true, true);
61         SoapReader reader = marshaler.createReader();
62         SoapMessage msg = reader.read(getClass().getResourceAsStream("sample-wsse-request.xml"));
63         Context ctx = new Context();
64         ctx.setInMessage(msg);
65         
66         WSSecurityHandler handler = new WSSecurityHandler();
67         handler.setAuthenticationService(new JAASAuthenticationService());
68         handler.setReceiveAction(WSHandlerConstants.USERNAME_TOKEN);
69         handler.onReceive(ctx);
70         List JavaDoc l = (List JavaDoc) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
71         assertNotNull(l);
72         assertEquals(1, l.size());
73         WSHandlerResult result = (WSHandlerResult) l.get(0);
74         assertNotNull(result);
75         assertNotNull(result.getResults());
76         assertEquals(1, result.getResults().size());
77         WSSecurityEngineResult engResult = (WSSecurityEngineResult) result.getResults().get(0);
78         assertNotNull(engResult);
79         Principal JavaDoc principal = engResult.getPrincipal();
80         assertNotNull(principal);
81         assertTrue(principal instanceof WSUsernameTokenPrincipal);
82         assertEquals("first", ((WSUsernameTokenPrincipal) principal).getName());
83         assertEquals("secret", ((WSUsernameTokenPrincipal) principal).getPassword());
84         assertNotNull(ctx.getInMessage().getSubject());
85         assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
86         assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
87     }
88     
89     public void testSignatureRoundtrip() throws Exception JavaDoc {
90         SoapMarshaler marshaler = new SoapMarshaler(true, true);
91         SoapMessage msg = new SoapMessage();
92         Context ctx = new Context();
93         ctx.setInMessage(msg);
94         msg.setSource(new StringSource("<hello>world</hello>"));
95         SoapWriter writer = marshaler.createWriter(ctx.getInMessage());
96         W3CDOMStreamWriter domWriter = new W3CDOMStreamWriter();
97         writer.writeSoapEnvelope(domWriter);
98         ctx.getInMessage().setDocument(domWriter.getDocument());
99         
100         StandaloneCrypto crypto = new StandaloneCrypto();
101         crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
102         crypto.setKeyStorePassword("keyStorePassword");
103         WSSecurityHandler handler = new WSSecurityHandler();
104         handler.setAuthenticationService(new JAASAuthenticationService());
105         handler.setCrypto(crypto);
106         handler.setUsername("myalias");
107         crypto.setKeyPassword("myAliasPassword");
108         handler.setSendAction(WSHandlerConstants.SIGNATURE);
109         handler.onSend(ctx);
110         
111         Document JavaDoc doc = ctx.getInMessage().getDocument();
112         System.err.println(DOMUtil.asXML(doc));
113         
114         handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
115         handler.onReceive(ctx);
116         List JavaDoc l = (List JavaDoc) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
117         assertNotNull(l);
118         assertEquals(1, l.size());
119         WSHandlerResult result = (WSHandlerResult) l.get(0);
120         assertNotNull(result);
121         assertNotNull(result.getResults());
122         assertEquals(1, result.getResults().size());
123         WSSecurityEngineResult engResult = (WSSecurityEngineResult) result.getResults().get(0);
124         assertNotNull(engResult);
125         Principal JavaDoc principal = engResult.getPrincipal();
126         assertNotNull(principal);
127         assertTrue(principal instanceof X500Name);
128         assertEquals("CN=myAlias", ((X500Name) principal).getName());
129         assertNotNull(ctx.getInMessage().getSubject());
130         assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
131         assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
132     }
133     
134     public void testSignatureServer() throws Exception JavaDoc {
135         SoapMarshaler marshaler = new SoapMarshaler(true, true);
136         SoapReader reader = marshaler.createReader();
137         SoapMessage msg = reader.read(getClass().getResourceAsStream("signed.xml"));
138         Context ctx = new Context();
139         ctx.setInMessage(msg);
140         
141         StandaloneCrypto crypto = new StandaloneCrypto();
142         crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
143         crypto.setKeyStorePassword("keyStorePassword");
144         WSSecurityHandler handler = new WSSecurityHandler();
145         handler.setAuthenticationService(new JAASAuthenticationService());
146         handler.setCrypto(crypto);
147         handler.setUsername("myalias");
148         crypto.setKeyPassword("myAliasPassword");
149         handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
150         handler.onReceive(ctx);
151         List JavaDoc l = (List JavaDoc) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
152         assertNotNull(l);
153         assertEquals(1, l.size());
154         WSHandlerResult result = (WSHandlerResult) l.get(0);
155         assertNotNull(result);
156         assertNotNull(result.getResults());
157         assertEquals(1, result.getResults().size());
158         WSSecurityEngineResult engResult = (WSSecurityEngineResult) result.getResults().get(0);
159         assertNotNull(engResult);
160         Principal JavaDoc principal = engResult.getPrincipal();
161         assertNotNull(principal);
162         assertTrue(principal instanceof X500Name);
163         assertEquals("CN=myAlias", ((X500Name) principal).getName());
164         assertNotNull(ctx.getInMessage().getSubject());
165         assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
166         assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
167     }
168     
169     public void testBadSignatureServer() throws Exception JavaDoc {
170         SoapMarshaler marshaler = new SoapMarshaler(true, true);
171         SoapReader reader = marshaler.createReader();
172         SoapMessage msg = reader.read(getClass().getResourceAsStream("signed-bad.xml"));
173         Context ctx = new Context();
174         ctx.setInMessage(msg);
175         
176         StandaloneCrypto crypto = new StandaloneCrypto();
177         crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
178         crypto.setKeyStorePassword("keyStorePassword");
179         WSSecurityHandler handler = new WSSecurityHandler();
180         handler.setCrypto(crypto);
181         handler.setUsername("myalias");
182         crypto.setKeyPassword("myAliasPassword");
183         handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
184         try {
185             handler.onReceive(ctx);
186             fail("Signature verification should have failed");
187         } catch (SoapFault f) {
188             // ok
189 }
190     }
191     
192 }
193
Popular Tags