Author: coheigea
Date: Tue Apr 2 14:35:45 2013
New Revision: 1463565
URL: http://svn.apache.org/r1463565
Log:
Refactored how Crypto keystores etc. are loaded in the StaX layer + added the
ability to load keystores via Crypto properties files
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
Tue Apr 2 14:35:45 2013
@@ -258,7 +258,7 @@ public abstract class CryptoFactory {
* @return
* @throws WSSecurityException if there is an error in loading the crypto
properties
*/
- private static Properties getProperties(
+ public static Properties getProperties(
String propFilename,
ClassLoader loader
) throws WSSecurityException {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Tue Apr 2 14:35:45 2013
@@ -124,7 +124,8 @@ public class WSSec {
securityProperties.setTimestampTTL(300);
}
} else if (WSSConstants.SIGNATURE.equals(action)) {
- if (securityProperties.getSignatureKeyStore() == null) {
+ if (securityProperties.getSignatureKeyStore() == null
+ && securityProperties.getSignatureCryptoProperties() ==
null) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureKeyStoreNotSet");
}
if (securityProperties.getSignatureUser() == null) {
@@ -148,6 +149,7 @@ public class WSSec {
} else if (WSSConstants.ENCRYPT.equals(action)) {
if (securityProperties.getEncryptionUseThisCertificate() ==
null
&& securityProperties.getEncryptionKeyStore() == null
+ && securityProperties.getEncryptionCryptoProperties()
== null
&& !securityProperties.isUseReqSigCertForEncryption())
{
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
}
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java?rev=1463565&view=auto
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
(added)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
Tue Apr 2 14:35:45 2013
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.ext;
+
+import java.lang.reflect.Constructor;
+import java.security.KeyStore;
+import java.security.cert.CertStore;
+import java.util.Properties;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.xml.security.stax.config.ConfigurationProperties;
+
+
+/**
+ */
+class WSSCrypto {
+
+ protected static final transient org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(WSSCrypto.class);
+
+ private Class<? extends Merlin> cryptoClass =
org.apache.wss4j.common.crypto.Merlin.class;
+ private Properties cryptoProperties;
+ private Crypto cachedCrypto;
+ private KeyStore cachedKeyStore;
+ private KeyStore keyStore;
+ private CertStore crlCertStore;
+
+ public Crypto getCrypto() throws WSSConfigurationException {
+
+ if ((keyStore == cachedKeyStore) && cachedCrypto != null) {
+ return cachedCrypto;
+ }
+
+ Merlin crypto = null;
+ if (cryptoProperties != null) {
+ try {
+ Constructor<?> ctor =
cryptoClass.getConstructor(Properties.class);
+ crypto = (Merlin)ctor.newInstance(cryptoProperties);
+ keyStore = crypto.getKeyStore();
+ } catch (Exception e) {
+ throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
+ }
+ } else {
+ try {
+ crypto = cryptoClass.newInstance();
+
crypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
+
crypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
+ crypto.setKeyStore(this.getKeyStore());
+ crypto.setCRLCertStore(this.getCrlCertStore());
+ } catch (Exception e) {
+ throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
+ }
+ }
+
+ cachedCrypto = crypto;
+ cachedKeyStore = crypto.getKeyStore();
+ return crypto;
+ }
+
+ public Class<? extends Merlin> getCryptoClass() {
+ return cryptoClass;
+ }
+
+ public void setCryptoClass(Class<? extends Merlin> cryptoClass) {
+ this.cryptoClass = cryptoClass;
+ }
+
+ public Properties getCryptoProperties() {
+ return cryptoProperties;
+ }
+
+ public void setCryptoProperties(Properties cryptoProperties) {
+ this.cryptoProperties = cryptoProperties;
+ }
+
+ public KeyStore getKeyStore() {
+ return keyStore;
+ }
+
+ public void setKeyStore(KeyStore keyStore) {
+ this.keyStore = keyStore;
+ }
+
+ public CertStore getCrlCertStore() {
+ return crlCertStore;
+ }
+
+ public void setCrlCertStore(CertStore crlCertStore) {
+ this.crlCertStore = crlCertStore;
+ }
+}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Tue Apr 2 14:35:45 2013
@@ -24,19 +24,23 @@ import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509CRL;
-import java.util.*;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.validate.Validator;
-import org.apache.xml.security.stax.config.ConfigurationProperties;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.QName;
-
/**
* Main configuration class to supply keys etc.
* This class is subject to change in the future.
@@ -70,28 +74,13 @@ public class WSSSecurityProperties exten
private WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier;
private WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference;
- private Class<? extends Merlin> signatureCryptoClass;
- private Crypto cachedSignatureCrypto;
- private KeyStore cachedSignatureKeyStore;
- private KeyStore signatureKeyStore;
+ private WSSCrypto signatureWSSCrypto;
private String signatureUser;
private boolean enableSignatureConfirmationVerification = false;
-
- private Class<? extends Merlin> signatureVerificationCryptoClass;
- private KeyStore signatureVerificationKeyStore;
+ private WSSCrypto signatureVerificationWSSCrypto;
private CertStore crlCertStore;
- private Crypto cachedSignatureVerificationCrypto;
- private KeyStore cachedSignatureVerificationKeyStore;
- private Class<? extends Merlin> decryptionCryptoClass;
-
- private KeyStore decryptionKeyStore;
- private Crypto cachedDecryptionCrypto;
- private KeyStore cachedDecryptionKeyStore;
- private Class<? extends Merlin> encryptionCryptoClass;
-
- private KeyStore encryptionKeyStore;
- private Crypto cachedEncryptionCrypto;
- private KeyStore cachedEncryptionKeyStore;
+ private WSSCrypto decryptionWSSCrypto;
+ private WSSCrypto encryptionWSSCrypto;
private String encryptionUser;
private WSSecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier;
private boolean useReqSigCertForEncryption = false;
@@ -121,30 +110,18 @@ public class WSSSecurityProperties exten
this.tokenUser = wssSecurityProperties.tokenUser;
this.derivedKeyKeyIdentifier =
wssSecurityProperties.derivedKeyKeyIdentifier;
this.derivedKeyTokenReference =
wssSecurityProperties.derivedKeyTokenReference;
- this.signatureCryptoClass = wssSecurityProperties.signatureCryptoClass;
- this.cachedSignatureCrypto =
wssSecurityProperties.cachedSignatureCrypto;
- this.cachedSignatureKeyStore =
wssSecurityProperties.cachedSignatureKeyStore;
- this.signatureKeyStore = wssSecurityProperties.signatureKeyStore;
+ this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
this.signatureUser = wssSecurityProperties.signatureUser;
this.enableSignatureConfirmationVerification =
wssSecurityProperties.enableSignatureConfirmationVerification;
- this.signatureVerificationCryptoClass =
wssSecurityProperties.signatureVerificationCryptoClass;
- this.signatureVerificationKeyStore =
wssSecurityProperties.signatureVerificationKeyStore;
- this.cachedSignatureVerificationCrypto =
wssSecurityProperties.cachedSignatureVerificationCrypto;
- this.cachedSignatureVerificationKeyStore =
wssSecurityProperties.cachedSignatureVerificationKeyStore;
- this.decryptionCryptoClass =
wssSecurityProperties.decryptionCryptoClass;
- this.decryptionKeyStore = wssSecurityProperties.decryptionKeyStore;
- this.cachedDecryptionCrypto =
wssSecurityProperties.cachedDecryptionCrypto;
- this.cachedDecryptionKeyStore =
wssSecurityProperties.cachedDecryptionKeyStore;
- this.encryptionCryptoClass =
wssSecurityProperties.encryptionCryptoClass;
- this.encryptionKeyStore = wssSecurityProperties.encryptionKeyStore;
- this.cachedEncryptionCrypto =
wssSecurityProperties.cachedEncryptionCrypto;
- this.cachedEncryptionKeyStore =
wssSecurityProperties.cachedEncryptionKeyStore;
+ this.signatureVerificationWSSCrypto =
wssSecurityProperties.signatureVerificationWSSCrypto;
+ this.crlCertStore = wssSecurityProperties.crlCertStore;
+ this.decryptionWSSCrypto = wssSecurityProperties.decryptionWSSCrypto;
+ this.encryptionWSSCrypto = wssSecurityProperties.encryptionWSSCrypto;
this.encryptionUser = wssSecurityProperties.encryptionUser;
this.encryptionKeyIdentifier =
wssSecurityProperties.encryptionKeyIdentifier;
this.useReqSigCertForEncryption =
wssSecurityProperties.useReqSigCertForEncryption;
this.encryptionCompressionAlgorithm =
wssSecurityProperties.encryptionCompressionAlgorithm;
this.enableRevocation = wssSecurityProperties.enableRevocation;
- this.crlCertStore = wssSecurityProperties.crlCertStore;
}
/**
@@ -299,60 +276,71 @@ public class WSSSecurityProperties exten
}
public KeyStore getSignatureKeyStore() {
- return signatureKeyStore;
+ if (signatureWSSCrypto != null) {
+ return signatureWSSCrypto.getKeyStore();
+ }
+ return null;
}
public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws
Exception {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(url.openStream(), keyStorePassword);
- this.signatureKeyStore = keyStore;
+ if (signatureWSSCrypto == null) {
+ signatureWSSCrypto = new WSSCrypto();
+ }
+ signatureWSSCrypto.setKeyStore(keyStore);
+ }
+
+ public Properties getSignatureCryptoProperties() {
+ if (signatureWSSCrypto != null) {
+ return signatureWSSCrypto.getCryptoProperties();
+ }
+ return null;
+ }
+
+ public void setSignatureCryptoProperties(Properties cryptoProperties) {
+ if (signatureWSSCrypto == null) {
+ signatureWSSCrypto = new WSSCrypto();
+ }
+ signatureWSSCrypto.setCryptoProperties(cryptoProperties);
}
public Class<? extends Merlin> getSignatureCryptoClass() {
- if (signatureCryptoClass != null) {
- return signatureCryptoClass;
+ if (signatureWSSCrypto != null) {
+ return signatureWSSCrypto.getCryptoClass();
}
- signatureCryptoClass = org.apache.wss4j.common.crypto.Merlin.class;
- return signatureCryptoClass;
+ return org.apache.wss4j.common.crypto.Merlin.class;
}
public void setSignatureCryptoClass(Class<? extends Merlin>
signatureCryptoClass) {
- this.signatureCryptoClass = signatureCryptoClass;
+ if (signatureWSSCrypto == null) {
+ signatureWSSCrypto = new WSSCrypto();
+ }
+ this.signatureWSSCrypto.setCryptoClass(signatureCryptoClass);
}
public Crypto getSignatureCrypto() throws WSSConfigurationException {
-
- if (this.getSignatureKeyStore() == null) {
+ if (signatureWSSCrypto == null) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureKeyStoreNotSet");
}
- if (this.getSignatureKeyStore() == cachedSignatureKeyStore) {
- return cachedSignatureCrypto;
- }
-
- Class<? extends Merlin> signatureCryptoClass =
this.getSignatureCryptoClass();
-
- try {
- Merlin signatureCrypto = signatureCryptoClass.newInstance();
-
signatureCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-
signatureCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
- signatureCrypto.setKeyStore(this.getSignatureKeyStore());
- cachedSignatureCrypto = signatureCrypto;
- cachedSignatureKeyStore = this.getSignatureKeyStore();
- return signatureCrypto;
- } catch (Exception e) {
- throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
- }
+ return signatureWSSCrypto.getCrypto();
}
public KeyStore getSignatureVerificationKeyStore() {
- return signatureVerificationKeyStore;
+ if (signatureVerificationWSSCrypto != null) {
+ return signatureVerificationWSSCrypto.getKeyStore();
+ }
+ return null;
}
public void loadSignatureVerificationKeystore(URL url, char[]
keyStorePassword) throws Exception {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(url.openStream(), keyStorePassword);
- this.signatureVerificationKeyStore = keyStore;
+ if (signatureVerificationWSSCrypto == null) {
+ signatureVerificationWSSCrypto = new WSSCrypto();
+ }
+ signatureVerificationWSSCrypto.setKeyStore(keyStore);
}
public void loadCRLCertStore(URL url) throws Exception {
@@ -364,43 +352,43 @@ public class WSSSecurityProperties exten
new
CollectionCertStoreParameters(Collections.singletonList(crl))
);
}
+
+ public Properties getSignatureVerificationCryptoProperties() {
+ if (signatureVerificationWSSCrypto != null) {
+ return signatureVerificationWSSCrypto.getCryptoProperties();
+ }
+ return null;
+ }
+
+ public void setSignatureVerificationCryptoProperties(Properties
cryptoProperties) {
+ if (signatureVerificationWSSCrypto == null) {
+ signatureVerificationWSSCrypto = new WSSCrypto();
+ }
+ signatureVerificationWSSCrypto.setCryptoProperties(cryptoProperties);
+ }
public Class<? extends Merlin> getSignatureVerificationCryptoClass() {
- if (signatureVerificationCryptoClass != null) {
- return signatureVerificationCryptoClass;
+ if (signatureVerificationWSSCrypto != null) {
+ return signatureVerificationWSSCrypto.getCryptoClass();
}
- signatureVerificationCryptoClass = Merlin.class;
- return signatureVerificationCryptoClass;
+ return org.apache.wss4j.common.crypto.Merlin.class;
}
public void setSignatureVerificationCryptoClass(Class<? extends Merlin>
signatureVerificationCryptoClass) {
- this.signatureVerificationCryptoClass =
signatureVerificationCryptoClass;
+ if (signatureVerificationWSSCrypto == null) {
+ signatureVerificationWSSCrypto = new WSSCrypto();
+ }
+
this.signatureVerificationWSSCrypto.setCryptoClass(signatureVerificationCryptoClass);
+
}
public Crypto getSignatureVerificationCrypto() throws
WSSConfigurationException {
- if (this.getSignatureVerificationKeyStore() == null) {
+ if (signatureVerificationWSSCrypto == null) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureVerificationKeyStoreNotSet");
}
-
- if (this.getSignatureVerificationKeyStore() ==
cachedSignatureVerificationKeyStore) {
- return cachedSignatureVerificationCrypto;
- }
-
- Class<? extends Merlin> signatureVerificationCryptoClass =
this.getSignatureVerificationCryptoClass();
-
- try {
- Merlin signatureVerificationCrypto =
signatureVerificationCryptoClass.newInstance();
-
signatureVerificationCrypto.setKeyStore(this.getSignatureVerificationKeyStore());
-
signatureVerificationCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-
signatureVerificationCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
-
signatureVerificationCrypto.setCRLCertStore(this.getCrlCertStore());
- cachedSignatureVerificationCrypto = signatureVerificationCrypto;
- cachedSignatureVerificationKeyStore =
this.getSignatureVerificationKeyStore();
- return signatureVerificationCrypto;
- } catch (Exception e) {
- throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureVerificationCryptoFailure", e);
- }
+ signatureVerificationWSSCrypto.setCrlCertStore(crlCertStore);
+ return signatureVerificationWSSCrypto.getCrypto();
}
/**
@@ -409,7 +397,10 @@ public class WSSSecurityProperties exten
* @return A keystore for decryption operation
*/
public KeyStore getDecryptionKeyStore() {
- return decryptionKeyStore;
+ if (decryptionWSSCrypto != null) {
+ return decryptionWSSCrypto.getKeyStore();
+ }
+ return null;
}
/**
@@ -422,7 +413,24 @@ public class WSSSecurityProperties exten
public void loadDecryptionKeystore(URL url, char[] keyStorePassword)
throws Exception {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(url.openStream(), keyStorePassword);
- this.decryptionKeyStore = keyStore;
+ if (decryptionWSSCrypto == null) {
+ decryptionWSSCrypto = new WSSCrypto();
+ }
+ decryptionWSSCrypto.setKeyStore(keyStore);
+ }
+
+ public Properties getDecryptionCryptoProperties() {
+ if (decryptionWSSCrypto != null) {
+ return decryptionWSSCrypto.getCryptoProperties();
+ }
+ return null;
+ }
+
+ public void setDecryptionCryptoProperties(Properties cryptoProperties) {
+ if (decryptionWSSCrypto == null) {
+ decryptionWSSCrypto = new WSSCrypto();
+ }
+ decryptionWSSCrypto.setCryptoProperties(cryptoProperties);
}
/**
@@ -431,11 +439,10 @@ public class WSSSecurityProperties exten
* @return
*/
public Class<? extends Merlin> getDecryptionCryptoClass() {
- if (decryptionCryptoClass != null) {
- return decryptionCryptoClass;
+ if (decryptionWSSCrypto != null) {
+ return decryptionWSSCrypto.getCryptoClass();
}
- decryptionCryptoClass = Merlin.class;
- return decryptionCryptoClass;
+ return org.apache.wss4j.common.crypto.Merlin.class;
}
/**
@@ -444,7 +451,10 @@ public class WSSSecurityProperties exten
* @param decryptionCryptoClass
*/
public void setDecryptionCryptoClass(Class<? extends Merlin>
decryptionCryptoClass) {
- this.decryptionCryptoClass = decryptionCryptoClass;
+ if (decryptionWSSCrypto == null) {
+ decryptionWSSCrypto = new WSSCrypto();
+ }
+ decryptionWSSCrypto.setCryptoClass(decryptionCryptoClass);
}
/**
@@ -455,27 +465,11 @@ public class WSSSecurityProperties exten
*/
public Crypto getDecryptionCrypto() throws WSSConfigurationException {
- if (this.getDecryptionKeyStore() == null) {
+ if (decryptionWSSCrypto == null) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"decryptionKeyStoreNotSet");
}
- if (this.getDecryptionKeyStore() == cachedDecryptionKeyStore) {
- return cachedDecryptionCrypto;
- }
-
- Class<? extends Merlin> decryptionCryptoClass =
this.getDecryptionCryptoClass();
-
- try {
- Merlin decryptionCrypto = decryptionCryptoClass.newInstance();
- decryptionCrypto.setKeyStore(this.getDecryptionKeyStore());
-
decryptionCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-
decryptionCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
- cachedDecryptionCrypto = decryptionCrypto;
- cachedDecryptionKeyStore = this.getDecryptionKeyStore();
- return decryptionCrypto;
- } catch (Exception e) {
- throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"decryptionCryptoFailure", e);
- }
+ return decryptionWSSCrypto.getCrypto();
}
/**
@@ -484,7 +478,10 @@ public class WSSSecurityProperties exten
* @return A keystore for encryption operation
*/
public KeyStore getEncryptionKeyStore() {
- return encryptionKeyStore;
+ if (encryptionWSSCrypto != null) {
+ return encryptionWSSCrypto.getKeyStore();
+ }
+ return null;
}
/**
@@ -497,7 +494,24 @@ public class WSSSecurityProperties exten
public void loadEncryptionKeystore(URL url, char[] keyStorePassword)
throws Exception {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(url.openStream(), keyStorePassword);
- this.encryptionKeyStore = keyStore;
+ if (encryptionWSSCrypto == null) {
+ encryptionWSSCrypto = new WSSCrypto();
+ }
+ encryptionWSSCrypto.setKeyStore(keyStore);
+ }
+
+ public Properties getEncryptionCryptoProperties() {
+ if (encryptionWSSCrypto != null) {
+ return encryptionWSSCrypto.getCryptoProperties();
+ }
+ return null;
+ }
+
+ public void setEncryptionCryptoProperties(Properties cryptoProperties) {
+ if (encryptionWSSCrypto == null) {
+ encryptionWSSCrypto = new WSSCrypto();
+ }
+ encryptionWSSCrypto.setCryptoProperties(cryptoProperties);
}
/**
@@ -506,11 +520,10 @@ public class WSSSecurityProperties exten
* @return
*/
public Class<? extends Merlin> getEncryptionCryptoClass() {
- if (encryptionCryptoClass != null) {
- return encryptionCryptoClass;
+ if (encryptionWSSCrypto != null) {
+ return encryptionWSSCrypto.getCryptoClass();
}
- encryptionCryptoClass = Merlin.class;
- return encryptionCryptoClass;
+ return org.apache.wss4j.common.crypto.Merlin.class;
}
/**
@@ -519,7 +532,10 @@ public class WSSSecurityProperties exten
* @param encryptionCryptoClass
*/
public void setEncryptionCryptoClass(Class<? extends Merlin>
encryptionCryptoClass) {
- this.encryptionCryptoClass = encryptionCryptoClass;
+ if (encryptionWSSCrypto == null) {
+ encryptionWSSCrypto = new WSSCrypto();
+ }
+ encryptionWSSCrypto.setCryptoClass(encryptionCryptoClass);
}
/**
@@ -530,28 +546,12 @@ public class WSSSecurityProperties exten
*/
public Crypto getEncryptionCrypto() throws WSSConfigurationException {
- if (this.getEncryptionKeyStore() == null) {
+ if (encryptionWSSCrypto == null) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
}
- if (this.getEncryptionKeyStore() == cachedEncryptionKeyStore) {
- return cachedEncryptionCrypto;
- }
-
- Class<? extends Merlin> encryptionCryptoClass =
this.getEncryptionCryptoClass();
-
- try {
- Merlin encryptionCrypto = encryptionCryptoClass.newInstance();
- encryptionCrypto.setKeyStore(this.getEncryptionKeyStore());
-
encryptionCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-
encryptionCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
- encryptionCrypto.setCRLCertStore(this.getCrlCertStore());
- cachedEncryptionCrypto = encryptionCrypto;
- cachedEncryptionKeyStore = this.getEncryptionKeyStore();
- return encryptionCrypto;
- } catch (Exception e) {
- throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionCryptoFailure", e);
- }
+ encryptionWSSCrypto.setCrlCertStore(this.getCrlCertStore());
+ return encryptionWSSCrypto.getCrypto();
}
/**
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
Tue Apr 2 14:35:45 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.test;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream;
import org.apache.wss4j.common.bsp.BSPRule;
+import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -202,6 +203,151 @@ public class EncDecryptionTest extends A
operationSecurityEvents.size() +
encryptedPartSecurityEvents.size());
}
}
+
+ @Test
+ public void testEncDecryptionCryptoPropertiesOutbound() throws Exception {
+
+ ByteArrayOutputStream baos;
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ WSSConstants.Action[] actions = new
WSSConstants.Action[]{WSSConstants.ENCRYPT};
+ securityProperties.setOutAction(actions);
+ Properties properties =
+ CryptoFactory.getProperties("transmitter-crypto.properties",
this.getClass().getClassLoader());
+ securityProperties.setEncryptionCryptoProperties(properties);
+ securityProperties.setEncryptionUser("receiver");
+
+ InputStream sourceDocument =
this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+ Document document =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ XPathExpression xPathExpression =
getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+ Node node = (Node) xPathExpression.evaluate(document,
XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(),
WSSConstants.TAG_xenc_DataReference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ xPathExpression =
getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
+ node = (Node) xPathExpression.evaluate(document,
XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+
Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(),
"Body");
+ NodeList childNodes =
node.getParentNode().getParentNode().getChildNodes();
+ for (int i = 0; i < childNodes.getLength(); i++) {
+ Node child = childNodes.item(i);
+ if (child.getNodeType() == Node.TEXT_NODE) {
+ Assert.assertEquals(child.getTextContent().trim(), "");
+ } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+ Assert.assertEquals(child, nodeList.item(0));
+ } else {
+ Assert.fail("Unexpected Node encountered");
+ }
+ }
+ }
+
+ //done encryption; now test decryption:
+ {
+ String action = WSHandlerConstants.ENCRYPT;
+
doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @Test
+ public void testEncDecryptionCryptoPropertiesInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ {
+ InputStream sourceDocument =
this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.ENCRYPT;
+ Document securedDocument =
doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
+
+ //some test that we can really sure we get what we want from WSS4J
+ XPathExpression xPathExpression =
getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+ Node node = (Node) xPathExpression.evaluate(securedDocument,
XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ javax.xml.transform.Transformer transformer =
TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new
StreamResult(baos));
+ }
+ //test streaming decryption
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ Properties properties =
+ CryptoFactory.getProperties("receiver-crypto.properties",
this.getClass().getClassLoader());
+ securityProperties.setDecryptionCryptoProperties(properties);
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ WSSecurityEventConstants.Event[] expectedSecurityEvents = new
WSSecurityEventConstants.Event[]{
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.EncryptedPart,
+ WSSecurityEventConstants.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ Document document = doInboundSecurity(securityProperties,
xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), securityEventListener);
+
+ //header element must still be there
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ //no encrypted content
+ nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
+
+ List<SecurityEvent> receivedSecurityEvents =
securityEventListener.getReceivedSecurityEvents();
+ for (int i = 0; i < receivedSecurityEvents.size(); i++) {
+ SecurityEvent securityEvent = receivedSecurityEvents.get(i);
+ if (securityEvent.getSecurityEventType() ==
WSSecurityEventConstants.Operation) {
+ OperationSecurityEvent operationSecurityEvent =
(OperationSecurityEvent) securityEvent;
+ Assert.assertEquals(operationSecurityEvent.getOperation(),
new QName("http://schemas.xmlsoap.org/wsdl/";, "definitions"));
+ } else if (securityEvent.getSecurityEventType() ==
WSSecurityEventConstants.EncryptedPart) {
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent =
(EncryptedPartSecurityEvent) securityEvent;
+
Assert.assertNotNull(encryptedPartSecurityEvent.getXmlSecEvent());
+
Assert.assertNotNull(encryptedPartSecurityEvent.getSecurityToken());
+
Assert.assertNotNull(encryptedPartSecurityEvent.getElementPath());
+ final QName expectedElementName = new
QName("http://schemas.xmlsoap.org/soap/envelope/";, "Body");
+
Assert.assertEquals(encryptedPartSecurityEvent.getXmlSecEvent().asStartElement().getName(),
expectedElementName);
+
Assert.assertEquals(encryptedPartSecurityEvent.getElementPath().size(), 2);
+
Assert.assertEquals(encryptedPartSecurityEvent.getElementPath().get(encryptedPartSecurityEvent.getElementPath().size()
- 1), expectedElementName);
+ }
+ }
+
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent =
securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedPart);
+ OperationSecurityEvent operationSecurityEvent =
securityEventListener.getSecurityEvent(WSSecurityEventConstants.Operation);
+ String encryptedPartCorrelationID =
encryptedPartSecurityEvent.getCorrelationID();
+ String operationCorrelationID =
operationSecurityEvent.getCorrelationID();
+
+ List<SecurityEvent> operationSecurityEvents = new
ArrayList<SecurityEvent>();
+ List<SecurityEvent> encryptedPartSecurityEvents = new
ArrayList<SecurityEvent>();
+
+ List<SecurityEvent> securityEvents =
securityEventListener.getReceivedSecurityEvents();
+ for (int i = 0; i < securityEvents.size(); i++) {
+ SecurityEvent securityEvent = securityEvents.get(i);
+ if
(securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
+ encryptedPartSecurityEvents.add(securityEvent);
+ } else if
(securityEvent.getCorrelationID().equals(operationCorrelationID)) {
+ operationSecurityEvents.add(securityEvent);
+ }
+ }
+
+ org.junit.Assert.assertEquals(4,
encryptedPartSecurityEvents.size());
+
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
+ operationSecurityEvents.size() +
encryptedPartSecurityEvents.size());
+ }
+ }
@Test
public void testEncDecryptionPartsContentOutbound() throws Exception {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Tue Apr 2 14:35:45 2013
@@ -18,14 +18,35 @@
*/
package org.apache.wss4j.stax.test;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+
import org.apache.wss4j.common.bsp.BSPRule;
+import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.WSSec;
-import org.apache.wss4j.stax.ext.*;
-import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.ext.InboundWSSec;
+import org.apache.wss4j.stax.ext.OutboundWSSec;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.apache.xml.security.stax.ext.SecurePart;
@@ -39,22 +60,6 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamReader;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-
public class SignatureTest extends AbstractTestBase {
@Test
@@ -132,6 +137,86 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
}
}
+
+ @Test
+ public void testSignatureCryptoPropertiesOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ WSSConstants.Action[] actions = new
WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+ Properties properties =
+ CryptoFactory.getProperties("transmitter-crypto.properties",
this.getClass().getClassLoader());
+ securityProperties.setSignatureCryptoProperties(properties);
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut =
WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos,
"UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(),
WSSConstants.TAG_dsig_Reference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11,
WSSConstants.TAG_soap_Body_LocalName);
+ Assert.assertEquals(nodeList.getLength(), 1);
+ String idAttrValue = ((Element)
nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(),
WSSConstants.ATT_wsu_Id.getLocalPart());
+ Assert.assertNotNull(idAttrValue);
+ Assert.assertTrue(idAttrValue.length() > 0);
+
+ nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(),
WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 2);
+ Assert.assertEquals(((Element)
nodeList.item(0)).getAttributeNS(null,
WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
+ Assert.assertEquals(((Element)
nodeList.item(1)).getAttributeNS(null,
WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
+ }
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE;
+
doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @Test
+ public void testSignatureCryptoPropertiesInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument =
this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SIGNATURE;
+ Document securedDocument =
doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties());
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList =
securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ javax.xml.transform.Transformer transformer =
TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new
StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ Properties properties =
+ CryptoFactory.getProperties("receiver-crypto.properties",
this.getClass().getClassLoader());
+
securityProperties.setSignatureVerificationCryptoProperties(properties);
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+ }
@Test
public void testSignaturePartsOutbound() throws Exception {
