Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package wssec; import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; import org.apache.axis.Message; import org.apache.axis.MessageContext; import org.apache.axis.client.AxisClient; import org.apache.axis.configuration.NullProvider; import org.apache.axis.message.SOAPEnvelope; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ws.security.WSPasswordCallback; import org.apache.ws.security.WSSecurityEngine; import org.apache.ws.security.WSConstants; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; import org.apache.ws.security.message.WSSecEncrypt; import org.apache.ws.security.message.WSSecSignature; import org.apache.ws.security.message.WSSecHeader; import org.w3c.dom.Document; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; /** * This is a test for WSS-86 - "CryptoBase.splitAndTrim does not take into account the format of a * DN constructed by different providers": * http://issues.apache.org/jira/browse/WSS-86 * * Keystore: keys\wss86.keystore * Password: security * Generated by: * * keytool -genkey -validity 3650 -alias wss86 -keyalg RSA -keystore wss86.keystore * -dname "1.2.840.113549.1.9.1=#16125765726e6572406578616d706c652e636f6d,CN=Werner, * OU=WSS4J,O=Apache,L=Munich,ST=Bayern,C=DE" */ public class TestWSSecurityWSS86 extends TestCase implements CallbackHandler { private static final Log LOG = LogFactory.getLog(TestWSSecurityWSS86.class); private static final String SOAPMSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<SOAP-ENV:Envelope " + "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" " + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" " + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" + "<SOAP-ENV:Body>" + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">" + "<value xmlns=\"\">15</value>" + "</add>" + "</SOAP-ENV:Body>" + "</SOAP-ENV:Envelope>"; private WSSecurityEngine secEngine = new WSSecurityEngine(); private Crypto crypto = CryptoFactory.getInstance("wss86.properties"); private MessageContext msgContext; private Message message; /** * TestWSSecurity constructor * <p/> * * @param name name of the test */ public TestWSSecurityWSS86(String name) { super(name); } /** * JUnit suite * <p/> * * @return a junit test suite */ public static Test suite() { return new TestSuite(TestWSSecurityWSS86.class); } /** * Setup method * <p/> * * @throws Exception Thrown when there is a problem in setup */ protected void setUp() throws Exception { AxisClient tmpEngine = new AxisClient(new NullProvider()); msgContext = new MessageContext(tmpEngine); message = getSOAPMessage(); secEngine.getWssConfig(); //make sure BC gets registered } /** * Constructs a soap envelope * <p/> * * @return soap envelope * @throws Exception if there is any problem constructing the soap envelope */ protected Message getSOAPMessage() throws Exception { InputStream in = new ByteArrayInputStream(SOAPMSG.getBytes()); Message msg = new Message(in); msg.setMessageContext(msgContext); return msg; } /** * A unit test... */ public void testGetAliasWithPlainIssuer() throws Exception { String issuer = "EMAILADDRESS=Werner@example.com,CN=Werner,OU=WSS4J,O=Apache,L=Munich,ST=Bayern,C=DE"; String alias = crypto.getAliasForX509Cert(issuer); assertNotNull("Alias not found using plain issuer only", alias); } /** * A unit test... */ public void testGetAliasWithEncodedIssuer() throws Exception { String issuer = "1.2.840.113549.1.9.1=#16125765726e6572406578616d706c652e636f6d,CN=Werner,OU=WSS4J,O=Apache,L=Munich,ST=Bayern,C=DE"; String alias = crypto.getAliasForX509Cert(issuer); assertNotNull("Alias not found using encoded issuer only", alias); } /** * A unit test... */ public void testGetAliasWithMicrosoftState() throws Exception { String issuer = "EMAILADDRESS=Werner@example.com,CN=Werner,OU=WSS4J,O=Apache,L=Munich,S=Bayern,C=DE"; String alias = crypto.getAliasForX509Cert(issuer); assertNotNull("Alias not found using Microsoft style states (S= instead of ST=)", alias); } /** * A unit test... */ public void testGetAliasWithReversedDN() throws Exception { String issuer = "C=DE,ST=Bayern,L=Munich,O=Apache,OU=WSS4J,CN=Werner,E=Werner@example.com"; String alias = crypto.getAliasForX509Cert(issuer); assertNotNull("Alias not found using a reversed DN", alias); String[] aliases = crypto.getAliasesForDN(issuer); assertNotNull("Alias not found using a reversed DN", aliases[0]); } /** * Test signing a SOAP message using a cert with an OID */ public void testSignatureOID() throws Exception { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); WSSecSignature sign = new WSSecSignature(); sign.setUserInfo("wss86", "security"); sign.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); Document signedDoc = sign.build(doc, crypto, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } verify(signedDoc); } /** * Test loading a certificate using BouncyCastle, and using it to encrypt a message, but * decrypt the message using the Java Keystore provider */ public void testInterop() throws Exception { // // This cert corresponds to the cert in wss86.keystore // Extracted with: // keytool -export -rfc -keystore wss86.keystore -alias wss86 -file wss86.cer // byte[] certBytes = org.apache.ws.security.util.Base64 .decode("MIICfDCCAeUCBEnHoGMwDQYJKoZIhvcNAQEEBQAwgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC" + "YXllcm4xDzANBgNVBAcTBk11bmljaDEPMA0GA1UEChMGQXBhY2hlMQ4wDAYDVQQLEwVXU1M0SjEP" + "MA0GA1UEAxMGV2VybmVyMSEwHwYJKoZIhvcNAQkBFhJXZXJuZXJAZXhhbXBsZS5jb20wHhcNMDkw" + "MzIzMTQ0NDUxWhcNMTkwMzIxMTQ0NDUxWjCBhDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVy" + "bjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNVBAsTBVdTUzRKMQ8wDQYD" + "VQQDEwZXZXJuZXIxITAfBgkqhkiG9w0BCQEWEldlcm5lckBleGFtcGxlLmNvbTCBnzANBgkqhkiG" + "9w0BAQEFAAOBjQAwgYkCgYEA3uRplw7q8y/sIR541uCrlbIMzJHXCRU3nQreGNr6dM49/LxHYffQ" + "Ex99chQh+wR6fwArFlziDRNnqslOy8zKMfGbaBaR41ZZrxvkSsIwzOhD6yAPgKVQL2vTmJAbdZ35" + "GwcOW8oe7l+NV9qmv7yrr5OhqDhFh36WhgjVLiwmP/cCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBP" + "PnR2BYn7DKn/SkU8XTgf9g2NoYcMyvQOB+Uo25/QzDdMk6HKmHl0+7mh7RAtXcBz2YqC3WbQW5U3" + "KmOH6fVxB8hw6xalBjs2YpnBx4gaHAws35KlAfkGVVe5wqnrI7ER7RBYO/7Gr7uCUq11QrGyEG8/" + "yIXktaFLxgD2R4hpfA=="); CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC"); X509Certificate cert = (X509Certificate) factory .generateCertificate(new java.io.ByteArrayInputStream(certBytes)); SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); WSSecEncrypt encrypt = new WSSecEncrypt(); encrypt.setUseThisCert(cert); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); Document encryptedDoc = encrypt.build(doc, crypto, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc); LOG.debug(outputString); } verify(encryptedDoc); } /** * Verifies the soap envelope * <p/> * * @param doc * @throws Exception Thrown when there is a problem in verification */ private void verify(Document doc) throws Exception { secEngine.processSecurityHeader(doc, null, this, crypto); if (LOG.isDebugEnabled()) { LOG.debug("Verfied and decrypted message:"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; /* * here call a function/method to lookup the password for * the given identifier (e.g. a user name or keystore alias) * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier)) * for Testing we supply a fixed name here. */ pc.setPassword("security"); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } } }