This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new 30b3f2c54 Moving SAML tests from dom into saml module
30b3f2c54 is described below
commit 30b3f2c54840fb4389b4dec1e5392a739b3febf7
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Jun 27 15:58:44 2025 +0100
Moving SAML tests from dom into saml module
---
.../common/crypto}/KeystoreCallbackHandler.java | 2 +-
ws-security-dom/pom.xml | 6 -
.../components/crypto/CertificateStoreTest.java | 2 +-
.../dom/components/crypto/CryptoProviderTest.java | 2 +-
.../wss4j/dom/handler/SecurityActionTokenTest.java | 2 +-
.../dom/handler/SignatureConfirmationTest.java | 73 +-----
.../wss4j/dom/handler/UseReqSigCertTest.java | 2 +-
.../apache/wss4j/dom/message/AttachmentTest.java | 2 +-
.../wss4j/dom/message/DerivedKeyActionTest.java | 2 +-
.../apache/wss4j/dom/message/DerivedKeyTest.java | 2 +-
.../dom/message/EncryptedDataInHeaderTest.java | 2 +-
.../dom/message/EncryptionAlgorithmSuiteTest.java | 2 +-
.../wss4j/dom/message/EncryptionCRLTest.java | 2 +-
.../wss4j/dom/message/EncryptionGCMTest.java | 2 +-
.../wss4j/dom/message/EncryptionPartsTest.java | 2 +-
.../apache/wss4j/dom/message/EncryptionTest.java | 2 +-
.../wss4j/dom/message/ModifiedRequestTest.java | 54 +----
.../wss4j/dom/message/PasswordEncryptorTest.java | 2 +-
.../org/apache/wss4j/dom/message/ReplayTest.java | 128 +----------
.../RequireSignedEncryptedDataElementsTest.java | 2 +-
.../wss4j/dom/message/SignatureCertTest.java | 2 +-
.../wss4j/dom/message/SignatureEncryptionTest.java | 2 +-
.../wss4j/dom/message/SignaturePartsTest.java | 94 +-------
.../wss4j/dom/message/SignatureProviderTest.java | 2 +-
.../apache/wss4j/dom/message/SignatureTest.java | 2 +-
.../apache/wss4j/dom/message/SignedBSTTest.java | 2 +-
.../wss4j/dom/message/SymmetricSignatureTest.java | 2 +-
.../wss4j/dom/message/XOPAttachmentTest.java | 2 +-
.../wss4j/dom/message/token/BSTKerberosTest.java | 2 +-
.../org/apache/wss4j/dom/misc/PrincipalTest.java | 249 +--------------------
.../dom/processor/EncryptedKeyDataRefTest.java | 2 +-
.../wss4j/dom/processor/RecipientKeyInfoTest.java | 2 +-
.../dom/processor/ReferenceListDataRefTest.java | 2 +-
.../apache/wss4j/dom/validate/ValidatorTest.java | 145 ------------
ws-security-saml/pom.xml | 18 ++
.../saml/dom}/AbstractSAMLCallbackHandler.java | 2 +-
.../wss4j/common/saml/dom/CustomHandler.java | 84 +++++++
.../saml/dom}/CustomSamlAssertionValidator.java | 2 +-
.../wss4j/common/saml/dom/ModifiedRequestTest.java | 122 ++++++++++
.../wss4j/common/saml/dom}/PrincipalTest.java | 102 +++------
.../apache/wss4j/common/saml/dom/ReplayTest.java | 215 ++++++++++++++++++
.../common/saml/dom}/SAML1AuthnHOKHandler.java | 2 +-
.../common/saml/dom}/SAML1CallbackHandler.java | 2 +-
.../common/saml/dom}/SAML2CallbackHandler.java | 2 +-
.../saml/dom}/SAMLElementCallbackHandler.java | 2 +-
.../common/saml/dom}/SamlAlgorithmSuiteTest.java | 3 +-
.../wss4j/common/saml/dom}/SamlAuthnTest.java | 5 +-
.../wss4j/common/saml/dom}/SamlConditionsTest.java | 5 +-
.../wss4j/common/saml/dom}/SamlNegativeTest.java | 7 +-
.../wss4j/common/saml/dom}/SamlReferenceTest.java | 6 +-
.../common/saml/dom}/SamlTokenActionTest.java | 8 +-
.../saml/dom}/SamlTokenCustomSignatureTest.java | 6 +-
.../common/saml/dom}/SamlTokenDerivedTest.java | 5 +-
.../wss4j/common/saml/dom}/SamlTokenHOKTest.java | 6 +-
.../wss4j/common/saml/dom}/SamlTokenSVTest.java | 7 +-
.../wss4j/common/saml/dom}/SamlTokenTest.java | 10 +-
.../common/saml/dom/SignatureConfirmationTest.java | 148 ++++++++++++
.../wss4j/common/saml/dom/SignaturePartsTest.java | 160 +++++++++++++
.../common/saml/dom}/SignedSamlTokenHOKTest.java | 6 +-
.../wss4j/common/saml/dom}/ValidatorTest.java | 121 +---------
.../common/saml/dom}/ext/AssertionSigningTest.java | 4 +-
ws-security-stax/pom.xml | 7 +
.../apache/wss4j/stax/test/SignatureCRLTest.java | 2 +-
.../stax/test/SignatureCertConstaintsTest.java | 2 +-
.../test/SignatureIssuerCertConstaintsTest.java | 2 +-
.../wss4j/stax/test/saml/SAML1CallbackHandler.java | 2 +-
.../wss4j/stax/test/saml/SAML2CallbackHandler.java | 2 +-
.../apache/wss4j/stax/test/saml/SAMLTokenTest.java | 2 +-
68 files changed, 855 insertions(+), 1027 deletions(-)
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java
b/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/KeystoreCallbackHandler.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java
rename to
ws-security-common/src/test/java/org/apache/wss4j/common/crypto/KeystoreCallbackHandler.java
index 252952ed6..d9e90c344 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java
+++
b/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/KeystoreCallbackHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.crypto;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
diff --git a/ws-security-dom/pom.xml b/ws-security-dom/pom.xml
index 03b984140..89dcde781 100644
--- a/ws-security-dom/pom.xml
+++ b/ws-security-dom/pom.xml
@@ -107,12 +107,6 @@
<scope>test</scope>
<classifier>tests</classifier>
</dependency>
- <dependency>
- <groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j-ws-security-saml</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
index 3579bf13f..a4967f5b4 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CertificateStoreTest.java
@@ -21,7 +21,7 @@ package org.apache.wss4j.dom.components.crypto;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
index 733c14788..212663e7c 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
@@ -21,7 +21,7 @@ package org.apache.wss4j.dom.components.crypto;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.crypto.Crypto;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
index 23ed8a07f..936aac6b9 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
@@ -40,7 +40,7 @@ import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CombinedCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
index 453962e7d..d7ac253cd 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
@@ -27,13 +27,11 @@ import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.RequestData;
@@ -368,75 +366,6 @@ public class SignatureConfirmationTest {
assertFalse(outputString.contains("Value"));
}
- @SuppressWarnings("unchecked")
- @Test
- public void
- testSAMLSignatureConfirmationProcessing() throws Exception {
- final RequestData reqData = new RequestData();
-
- SAML2CallbackHandler samlCallbackHandler = new SAML2CallbackHandler();
- samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- samlCallbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
- samlCallbackHandler.setIssuer("www.example.com");
- samlCallbackHandler.setSignAssertion(true);
- samlCallbackHandler.setIssuerCrypto(crypto);
-
samlCallbackHandler.setIssuerName("16c73ab6-b892-458f-abf5-2f875f74882e");
- samlCallbackHandler.setIssuerPassword("security");
-
- java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
- msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
- msgContext.put(WSHandlerConstants.SAML_CALLBACK_REF,
samlCallbackHandler);
- reqData.setMsgContext(msgContext);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- CustomHandler handler = new CustomHandler();
- HandlerAction action = new HandlerAction(WSConstants.ST_UNSIGNED);
- handler.send(
- doc,
- reqData,
- Collections.singletonList(action),
- true
- );
- if (LOG.isDebugEnabled()) {
- LOG.debug("After Signing....");
- String outputString =
- XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- //
- // Verify the inbound request, and create a response with a Signature
Confirmation
- //
- WSHandlerResult results = verify(doc);
- doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
- List<WSHandlerResult> receivedResults = new ArrayList<>();
- receivedResults.add(results);
- msgContext.put(WSHandlerConstants.RECV_RESULTS, receivedResults);
- handler.send(
- doc,
- reqData,
- Collections.singletonList(new
HandlerAction(WSConstants.NO_SECURITY)),
- false
- );
- String outputString =
- XMLUtils.prettyDocumentToString(doc);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Signature Confirmation response....");
- LOG.debug(outputString);
- }
-
- //
- // Verify the SignatureConfirmation response
- //
- results = verify(doc);
- WSSecurityEngineResult scResult =
- results.getActionResults().get(WSConstants.SC).get(0);
- assertNotNull(scResult);
-
assertNotNull(scResult.get(WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION));
- handler.signatureConfirmation(reqData, results);
- }
-
/**
* Verifies the soap envelope
* <p/>
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/UseReqSigCertTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/UseReqSigCertTest.java
index 3644410e0..c0d928d4d 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/UseReqSigCertTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/UseReqSigCertTest.java
@@ -28,7 +28,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
index 485a3e353..cb5bafd1b 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
@@ -52,7 +52,7 @@ import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.RequestData;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
index 5b03514f9..ab8f42d20 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
@@ -35,7 +35,7 @@ import
org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
index ec56178e2..5efea90e2 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
@@ -21,7 +21,7 @@ package org.apache.wss4j.dom.message;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
index 7aef5848e..75ac43315 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
@@ -25,7 +25,7 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
index 6c9474f2a..86921ac9d 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
@@ -31,7 +31,7 @@ import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionCRLTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionCRLTest.java
index 7e8008304..b3af4b21f 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionCRLTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionCRLTest.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.w3c.dom.Document;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
index d4ff308d5..e43bb34f3 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
index e1aa3e674..32ff4d804 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
@@ -23,7 +23,7 @@ import org.apache.wss4j.common.SOAPConstants;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.WSDataRef;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
index 55ac2db23..b1452165b 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
@@ -41,7 +41,7 @@ import org.apache.wss4j.common.util.*;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
index 4e91640e6..18cfe10f7 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
@@ -31,17 +31,12 @@ import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
@@ -49,7 +44,6 @@ import
org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.dom.message.WSSecHeader;
import org.apache.wss4j.common.dom.message.WSSecSignature;
import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.common.saml.message.WSSecSignatureSAML;
import org.apache.wss4j.common.dom.message.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -219,52 +213,6 @@ public class ModifiedRequestTest {
}
}
- /**
- * Test a duplicated signed SAML Assertion.
- */
- @Test
- public void testDuplicatedSignedSAMLAssertion() throws Exception {
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
-
callbackHandler.setConfirmationMethod(SAML1Constants.CONF_SENDER_VOUCHES);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
- wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
-
- Document signedDoc =
- wsSign.build(
- null, samlAssertion, crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e", "security"
- );
- Element assertionElement = (Element)
samlAssertion.getElement().cloneNode(true);
- assertionElement.removeChild(assertionElement.getFirstChild());
- secHeader.getSecurityHeaderElement().appendChild(assertionElement);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
-
- try {
- verify(signedDoc);
- fail("Failure expected on duplicate tokens");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getMessage().contains(
- "Multiple security tokens with the same Id have been detected"
- ));
- }
- }
-
/**
* Test a duplicated signed UsernameToken
*/
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
index d3b024d53..09af1c781 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
@@ -38,7 +38,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
index a5af2b959..1916cac65 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
@@ -27,8 +27,7 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
@@ -41,17 +40,10 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.dom.message.WSSecHeader;
import org.apache.wss4j.common.dom.message.WSSecSignature;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.common.saml.message.WSSecSAMLToken;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.common.saml.validate.SamlAssertionValidator;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
@@ -460,124 +452,6 @@ public class ReplayTest {
replayCache.close();
}
- /**
- * Test that creates, sends and processes an unsigned SAML 2
authentication assertion. This
- * is just a sanity test to make sure that it is possible to send the SAML
token twice, as
- * no "OneTimeUse" Element is defined there is no problem with replaying
it.
- * with a OneTimeUse Element
- */
- @Test
- public void testEhCacheReplayedSAML2() throws Exception {
- SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
- callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
- callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
-
- ConditionsBean conditions = new ConditionsBean();
- conditions.setTokenPeriodMinutes(5);
-
- callbackHandler.setConditions(conditions);
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
-
- Document unsignedDoc = wsSign.build(samlAssertion);
-
- if (LOG.isDebugEnabled()) {
- String outputString = XMLUtils.prettyDocumentToString(unsignedDoc);
- LOG.debug(outputString);
- }
-
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- SamlAssertionValidator assertionValidator = new
SamlAssertionValidator();
- assertionValidator.setRequireBearerSignature(false);
- wssConfig.setValidator(WSConstants.SAML_TOKEN, assertionValidator);
- wssConfig.setValidator(WSConstants.SAML2_TOKEN, assertionValidator);
-
- RequestData data = new RequestData();
- data.setWssConfig(wssConfig);
- data.setCallbackHandler(callbackHandler);
- ReplayCache replayCache =
createCache("wss4j.saml.one.time.use.cache-");
- data.setSamlOneTimeUseReplayCache(replayCache);
-
- // Successfully verify SAML Token
- verify(unsignedDoc, wssConfig, data);
-
- // Now try again - this should work fine as well
- verify(unsignedDoc, wssConfig, data);
-
- replayCache.close();
- }
-
- /**
- * Test that creates, sends and processes an unsigned SAML 2
authentication assertion
- * with a OneTimeUse Element
- */
- @Test
- public void testEhCacheReplayedSAML2OneTimeUse() throws Exception {
- SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
- callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
- callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
-
- ConditionsBean conditions = new ConditionsBean();
- conditions.setTokenPeriodMinutes(5);
- conditions.setOneTimeUse(true);
-
- callbackHandler.setConditions(conditions);
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
-
- Document unsignedDoc = wsSign.build(samlAssertion);
-
- String outputString =
- XMLUtils.prettyDocumentToString(unsignedDoc);
- assertTrue(outputString.contains("OneTimeUse"));
- if (LOG.isDebugEnabled()) {
- LOG.debug(outputString);
- }
-
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- SamlAssertionValidator assertionValidator = new
SamlAssertionValidator();
- assertionValidator.setRequireBearerSignature(false);
- wssConfig.setValidator(WSConstants.SAML_TOKEN, assertionValidator);
- wssConfig.setValidator(WSConstants.SAML2_TOKEN, assertionValidator);
-
- RequestData data = new RequestData();
- data.setWssConfig(wssConfig);
- data.setCallbackHandler(callbackHandler);
- ReplayCache replayCache =
createCache("wss4j.saml.one.time.use.cache-");
- data.setSamlOneTimeUseReplayCache(replayCache);
-
- // Successfully verify SAML Token
- verify(unsignedDoc, wssConfig, data);
-
- // Now try again - a replay attack should be detected
- try {
- verify(unsignedDoc, wssConfig, data);
- fail("Expected failure on a replay attack");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.INVALID_SECURITY);
- }
-
- replayCache.close();
- }
-
/**
* Verifies the soap envelope
*
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
index c88f15e7d..cc5a51851 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
@@ -31,7 +31,7 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
index ffe8fb584..952eddcba 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
@@ -22,7 +22,7 @@ package org.apache.wss4j.dom.message;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
index dd9f88dcc..ec2066c32 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
@@ -23,7 +23,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
index 5ea31f5c6..59a06bf7f 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
@@ -21,13 +21,11 @@ package org.apache.wss4j.dom.message;
import org.apache.wss4j.common.SOAPConstants;
import org.apache.wss4j.common.WSEncryptionPart;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.WSDataRef;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
@@ -40,22 +38,14 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.builder.SAML1Constants;
-import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
-import org.apache.wss4j.common.saml.message.WSSecSignatureSAML;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import java.io.InputStream;
-import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
@@ -270,88 +260,6 @@ public class SignaturePartsTest {
}
}
- /**
- * Test signing of a header through a STR Dereference Transform
- */
- @SuppressWarnings("unchecked")
- @Test
- public void testSOAPHeaderSTRTransform() throws Exception {
- // Construct issuer and user crypto instances
- Crypto issuerCrypto = new Merlin();
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- ClassLoader loader = Loader.getClassLoader(SignaturePartsTest.class);
- InputStream input = Merlin.loadInputStream(loader,
"keys/wss40_server.jks");
- keyStore.load(input, "security".toCharArray());
- input.close();
- ((Merlin)issuerCrypto).setKeyStore(keyStore);
-
- Crypto userCrypto = CryptoFactory.getInstance("wss40.properties");
-
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
-
- samlCallback.setIssuer("www.example.com");
-
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
- samlAssertion.signAssertion("wss40_server", "security", issuerCrypto,
false);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
- wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
- wsSign.setUserInfo("wss40", "security");
-
- WSEncryptionPart encP =
- new WSEncryptionPart("STRTransform", "", "Element");
- wsSign.getParts().add(encP);
-
- //
- // set up for keyHolder
- //
- Document signedDoc = wsSign.build(userCrypto, samlAssertion, null,
null, null);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Signed SAML message (key holder):");
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
-
- // Construct trust crypto instance
- Crypto trustCrypto = new Merlin();
- KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- input = Merlin.loadInputStream(loader, "keys/wss40CA.jks");
- trustStore.load(input, "security".toCharArray());
- input.close();
- ((Merlin)trustCrypto).setTrustStore(trustStore);
-
- WSHandlerResult results =
- secEngine.processSecurityHeader(doc, null, null, trustCrypto);
- WSSecurityEngineResult stUnsignedActionResult =
- results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
- SamlAssertionWrapper receivedSamlAssertion =
- (SamlAssertionWrapper)
stUnsignedActionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- assertNotNull(receivedSamlAssertion);
- assertTrue(receivedSamlAssertion.isSigned());
-
- WSSecurityEngineResult signActionResult =
- results.getActionResults().get(WSConstants.SIGN).get(0);
- assertNotNull(signActionResult);
- assertFalse(signActionResult.isEmpty());
- final List<WSDataRef> refs =
- (List<WSDataRef>)
signActionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-
- WSDataRef wsDataRef = refs.get(0);
- String xpath = wsDataRef.getXpath();
-
assertEquals("/soapenv:Envelope/soapenv:Header/wsse:Security/saml1:Assertion",
xpath);
- }
-
/**
* Test signing a custom SOAP header with a bad localname
*/
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
index 2cdd43595..beb4dbce6 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
index bf8224830..98ada4d6e 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
@@ -47,7 +47,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
index d2f8208df..c456baf84 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
@@ -34,7 +34,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.HandlerAction;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
index 50a1e6292..5a7f5171b 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
@@ -32,7 +32,7 @@ import javax.xml.crypto.dsig.SignatureMethod;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
index a964fef04..f2044b263 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
@@ -46,7 +46,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.HandlerAction;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
index 7973e46b2..3a72984b4 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
@@ -21,7 +21,7 @@ package org.apache.wss4j.dom.message.token;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
index 46857de20..6db592df6 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
@@ -20,28 +20,16 @@
package org.apache.wss4j.dom.misc;
import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.List;
+
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.token.BinarySecurity;
-import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
@@ -50,9 +38,7 @@ import
org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.dom.message.WSSecHeader;
-import org.apache.wss4j.common.saml.message.WSSecSAMLToken;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
-import org.apache.wss4j.common.dom.validate.Credential;
import org.apache.wss4j.common.dom.validate.Validator;
import org.junit.jupiter.api.Test;
@@ -102,209 +88,6 @@ public class PrincipalTest {
assertTrue(WSConstants.PASSWORD_DIGEST.equals(userPrincipal.getPasswordType()));
}
- /**
- * Test the principal that is created after processing a Username Token,
which has been
- * transformed into a SAML Assertion.
- */
- @Test
- public void testTransformedUsernameToken() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecUsernameToken builder = new WSSecUsernameToken(secHeader);
- builder.setUserInfo("wernerd", "verySecret");
- Document signedDoc = builder.build();
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
- WSHandlerResult results =
- verify(signedDoc, new DummyValidator(),
WSConstants.USERNAME_TOKEN, null);
-
- Principal principal =
-
(Principal)results.getResults().get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
-
- /**
- * Test the principal that is created after processing a SAML Token
- */
- @Test
- public void testSAMLToken() throws Exception {
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
-
- Document unsignedDoc = wsSign.build(samlAssertion);
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(unsignedDoc);
- LOG.debug(outputString);
- }
-
- WSHandlerResult results = verify(unsignedDoc, null);
-
- List<WSSecurityEngineResult> samlResults =
- results.getActionResults().get(WSConstants.ST_UNSIGNED);
- WSSecurityEngineResult actionResult = samlResults.get(0);
-
- SamlAssertionWrapper receivedSamlAssertion =
- (SamlAssertionWrapper)
actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- assertNotNull(receivedSamlAssertion);
-
- Principal principal =
(Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
-
- /**
- * Test the principal that is created after processing a SAML2 Token
- */
- @Test
- public void testSAML2Token() throws Exception {
- SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
- callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
-
- Document unsignedDoc = wsSign.build(samlAssertion);
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(unsignedDoc);
- LOG.debug(outputString);
- }
-
- WSHandlerResult results = verify(unsignedDoc, null);
-
- List<WSSecurityEngineResult> samlResults =
- results.getActionResults().get(WSConstants.ST_UNSIGNED);
- WSSecurityEngineResult actionResult = samlResults.get(0);
-
- SamlAssertionWrapper receivedSamlAssertion =
- (SamlAssertionWrapper)
actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- assertNotNull(receivedSamlAssertion);
-
- Principal principal =
(Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
-
- /**
- * Test the principal that is created after processing a SAML Token, which
has been
- * transformed into another SAML Token.
- */
- @Test
- public void testTransformedSAMLToken() throws Exception {
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
-
- Document unsignedDoc = wsSign.build(samlAssertion);
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(unsignedDoc);
- LOG.debug(outputString);
- }
-
- WSHandlerResult results =
- verify(unsignedDoc, new DummyValidator(), WSConstants.SAML_TOKEN,
null);
-
- List<WSSecurityEngineResult> samlResults =
- results.getActionResults().get(WSConstants.ST_UNSIGNED);
- WSSecurityEngineResult actionResult = samlResults.get(0);
-
- SamlAssertionWrapper receivedSamlAssertion =
- (SamlAssertionWrapper)
actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- assertNotNull(receivedSamlAssertion);
-
- Principal principal =
(Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
-
- /**
- * Test the principal that is created after processing (and explicitly
validating)
- * a BinarySecurityToken.
- */
- @Test
- public void testBinarySecurityToken() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
-
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- X509Security bst = new X509Security(doc);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias("wss40");
- Crypto crypto = CryptoFactory.getInstance("wss40.properties");
- X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- bst.setX509Certificate(certs[0]);
-
- XMLUtils.prependChildElement(secHeader.getSecurityHeaderElement(),
bst.getElement());
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- WSHandlerResult results =
- verify(doc, new DummyValidator(), WSConstants.BINARY_TOKEN,
crypto);
-
- List<WSSecurityEngineResult> bstResults =
- results.getActionResults().get(WSConstants.BST);
- WSSecurityEngineResult actionResult = bstResults.get(0);
-
- BinarySecurity token =
-
(BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
- assertNotNull(token);
-
- Principal principal =
(Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
-
/**
* Verifies the soap envelope
*/
@@ -340,34 +123,4 @@ public class PrincipalTest {
return secEngine.processSecurityHeader(doc, requestData);
}
- /**
- * A Dummy Validator instance that just creates a new SAML Assertion,
ignoring the
- * credential it has been passed.
- */
- private static class DummyValidator implements Validator {
-
- public Credential validate(Credential credential, RequestData data)
throws WSSecurityException {
- try {
- SAML1CallbackHandler callbackHandler = new
SAML1CallbackHandler();
-
callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- credential.setTransformedToken(samlAssertion);
- return credential;
- } catch (Exception ex) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
- }
- }
-
- @Override
- public QName[] getSupportedQNames() {
- // TODO Auto-generated method stub
- throw new UnsupportedOperationException("Unimplemented method
'getSupportedQNames'");
- }
-
- }
}
\ No newline at end of file
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/EncryptedKeyDataRefTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/EncryptedKeyDataRefTest.java
index 662787d12..76e03d918 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/EncryptedKeyDataRefTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/EncryptedKeyDataRefTest.java
@@ -28,7 +28,7 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/RecipientKeyInfoTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/RecipientKeyInfoTest.java
index c7c8b8c66..7611ddba3 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/RecipientKeyInfoTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/RecipientKeyInfoTest.java
@@ -23,7 +23,7 @@ import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.SOAPUtil;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/ReferenceListDataRefTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/ReferenceListDataRefTest.java
index c33beb9f8..568d76dad 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/ReferenceListDataRefTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/ReferenceListDataRefTest.java
@@ -28,7 +28,7 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
index f372dfff1..6428ee4ad 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
@@ -19,37 +19,24 @@
package org.apache.wss4j.dom.validate;
-import java.security.cert.X509Certificate;
import java.util.Collections;
-import java.util.List;
import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.token.BinarySecurity;
-import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
-import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.common.dom.message.WSSecHeader;
-import org.apache.wss4j.common.dom.validate.Credential;
-import org.apache.wss4j.common.dom.validate.Validator;
import org.apache.wss4j.common.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
@@ -57,7 +44,6 @@ import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
@@ -183,100 +169,6 @@ public class ValidatorTest {
verify(signedDoc, wssConfig, new UsernamePasswordCallbackHandler(),
null);
}
- /**
- * In this test, a BinarySecurityToken is added to the SOAP header. A
custom processor
- * validates the BST and transforms it into a SAML Assertion.
- */
- @Test
- public void testTransformedBST() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
-
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- X509Security bst = new X509Security(doc);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias("wss40");
- Crypto crypto = CryptoFactory.getInstance("wss40.properties");
- X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- bst.setX509Certificate(certs[0]);
-
- XMLUtils.prependChildElement(secHeader.getSecurityHeaderElement(),
bst.getElement());
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("BST output");
- String outputString =
- XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- WSSConfig config = WSSConfig.getNewInstance();
- config.setValidator(WSConstants.BINARY_TOKEN, new BSTValidator());
- WSSecurityEngine secEngine = new WSSecurityEngine();
- secEngine.setWssConfig(config);
- WSHandlerResult results =
- secEngine.processSecurityHeader(doc, null, null, crypto);
-
- List<WSSecurityEngineResult> bstResults =
- results.getActionResults().get(WSConstants.BST);
- WSSecurityEngineResult actionResult = bstResults.get(0);
-
- BinarySecurity token =
-
(BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
- assertNotNull(token);
-
- SamlAssertionWrapper samlAssertion =
-
(SamlAssertionWrapper)actionResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
- assertNotNull(samlAssertion);
- }
-
- /**
- * In this test, a SOAP request is constructed where the SOAP body is
signed via a
- * BinarySecurityToken. The receiving side does not trust the BST, and so
the test fails.
- * The second time, a custom Validator (NoOpValidator for this case) is
installed for the
- * BST, and so trust verification passes on the Signature.
- */
- @Test
- public void testValidatedBSTSignature() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSignature builder = new WSSecSignature(secHeader);
- builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
- builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
- Document signedDoc = builder.build(CryptoFactory.getInstance());
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
-
- Crypto crypto = CryptoFactory.getInstance("wss40.properties");
- WSSConfig config = WSSConfig.getNewInstance();
- WSSecurityEngine secEngine = new WSSecurityEngine();
- secEngine.setWssConfig(config);
- try {
- secEngine.processSecurityHeader(doc, null, null, crypto);
- fail("Expected failure on untrusted signature");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.FAILURE);
- }
-
- config.setValidator(WSConstants.BINARY_TOKEN, new BSTValidator());
- WSHandlerResult results =
- secEngine.processSecurityHeader(doc, null, null, crypto);
-
- List<WSSecurityEngineResult> bstResults =
- results.getActionResults().get(WSConstants.BST);
- WSSecurityEngineResult actionResult = bstResults.get(0);
-
- BinarySecurity token =
-
(BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
- assertNotNull(token);
- }
-
/**
* Verifies the soap envelope
@@ -292,41 +184,4 @@ public class ValidatorTest {
return secEngine.processSecurityHeader(doc, null, cb, crypto);
}
-
- /**
- * A validator for a BST token.
- */
- private static class BSTValidator implements Validator {
-
- public Credential validate(Credential credential, RequestData data)
throws WSSecurityException {
- BinarySecurity token = credential.getBinarySecurityToken();
- if (token == null) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
- }
-
- try {
- SAML1CallbackHandler callbackHandler = new
SAML1CallbackHandler();
-
callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
-
- credential.setTransformedToken(samlAssertion);
- return credential;
- } catch (Exception ex) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
- }
- }
-
- @Override
- public QName[] getSupportedQNames() {
- // TODO Auto-generated method stub
- throw new UnsupportedOperationException("Unimplemented method
'getSupportedQNames'");
- }
-
- }
-
-
}
\ No newline at end of file
diff --git a/ws-security-saml/pom.xml b/ws-security-saml/pom.xml
index 4a76174f6..1e64c00a3 100644
--- a/ws-security-saml/pom.xml
+++ b/ws-security-saml/pom.xml
@@ -218,6 +218,24 @@
<artifactId>hamcrest-library</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-common</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ <classifier>tests</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-dom</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.xml.messaging.saaj</groupId>
+ <artifactId>saaj-impl</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<repositories>
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/AbstractSAMLCallbackHandler.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/AbstractSAMLCallbackHandler.java
index a893815f9..e503cfd64 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/AbstractSAMLCallbackHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.crypto.Crypto;
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomHandler.java
new file mode 100644
index 000000000..25b3d00e9
--- /dev/null
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomHandler.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.dom;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.HandlerAction;
+import org.apache.wss4j.dom.handler.WSHandler;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.w3c.dom.Document;
+
+import java.util.List;
+
+
+/**
+ * A trivial extension of the WSHandler type for use in unit-testing.
+ */
+public class CustomHandler extends WSHandler {
+
+ public void send(
+ Document doc,
+ RequestData reqData,
+ List<HandlerAction> actions,
+ boolean request
+ ) throws WSSecurityException {
+ doSenderAction(
+ doc,
+ reqData,
+ actions,
+ request
+ );
+ }
+
+ public void receive(
+ List<Integer> actions,
+ RequestData reqData
+ ) throws WSSecurityException {
+ doReceiverAction(
+ actions,
+ reqData
+ );
+ }
+
+ public void signatureConfirmation(
+ RequestData requestData,
+ WSHandlerResult handlerResults
+ ) throws WSSecurityException {
+ checkSignatureConfirmation(requestData, handlerResults);
+ }
+
+ public boolean checkResults(
+ List<WSSecurityEngineResult> results,
+ List<Integer> actions
+ ) throws WSSecurityException {
+ return checkReceiverResults(results, actions);
+ }
+
+ public boolean checkResultsAnyOrder(
+ List<WSSecurityEngineResult> results,
+ List<Integer> actions
+ ) throws WSSecurityException {
+ return checkReceiverResultsAnyOrder(results, actions);
+ }
+
+
+}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomSamlAssertionValidator.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomSamlAssertionValidator.java
index 15575c878..b7b7b2531 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/CustomSamlAssertionValidator.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ModifiedRequestTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ModifiedRequestTest.java
new file mode 100644
index 000000000..c280316ef
--- /dev/null
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ModifiedRequestTest.java
@@ -0,0 +1,122 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.dom;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.util.SOAPUtil;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.common.dom.WSConstants;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
+
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.common.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.common.saml.message.WSSecSignatureSAML;
+
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+/**
+ * This class tests the modification of requests.
+ */
+public class ModifiedRequestTest {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(ModifiedRequestTest.class);
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
+ private Crypto crypto;
+
+ public ModifiedRequestTest() throws Exception {
+ WSSConfig.init();
+ crypto = CryptoFactory.getInstance();
+ }
+
+ /**
+ * Test a duplicated signed SAML Assertion.
+ */
+ @Test
+ public void testDuplicatedSignedSAMLAssertion() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+
callbackHandler.setConfirmationMethod(SAML1Constants.CONF_SENDER_VOUCHES);
+ callbackHandler.setIssuer("www.example.com");
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+
+ Document signedDoc =
+ wsSign.build(
+ null, samlAssertion, crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e", "security"
+ );
+ Element assertionElement = (Element)
samlAssertion.getElement().cloneNode(true);
+ assertionElement.removeChild(assertionElement.getFirstChild());
+ secHeader.getSecurityHeaderElement().appendChild(assertionElement);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ try {
+ verify(signedDoc);
+ fail("Failure expected on duplicate tokens");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getMessage().contains(
+ "Multiple security tokens with the same Id have been detected"
+ ));
+ }
+ }
+
+ /**
+ * Verifies the soap envelope
+ * <p/>
+ *
+ * @param doc soap envelope
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ private WSHandlerResult verify(Document doc) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, callbackHandler,
crypto);
+ }
+
+}
\ No newline at end of file
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/PrincipalTest.java
similarity index 87%
copy from
ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
copy to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/PrincipalTest.java
index 46857de20..a9fc3bc31 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/PrincipalTest.java
@@ -17,13 +17,12 @@
* under the License.
*/
-package org.apache.wss4j.dom.misc;
+package org.apache.wss4j.common.saml.dom;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.Crypto;
@@ -31,7 +30,6 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
-import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -40,10 +38,7 @@ import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
-import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
@@ -68,68 +63,7 @@ public class PrincipalTest {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(PrincipalTest.class);
- private CallbackHandler callbackHandler = new
UsernamePasswordCallbackHandler();
-
- /**
- * Test the principal that is created after processing a Username Token
- */
- @Test
- public void testUsernameToken() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecUsernameToken builder = new WSSecUsernameToken(secHeader);
- builder.setUserInfo("wernerd", "verySecret");
- Document signedDoc = builder.build();
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
- WSHandlerResult results = verify(signedDoc, null);
-
- Principal principal =
-
(Principal)results.getResults().get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof UsernameTokenPrincipal);
- assertTrue("wernerd".equals(principal.getName()));
- UsernameTokenPrincipal userPrincipal =
(UsernameTokenPrincipal)principal;
- assertNotNull(userPrincipal.getCreatedTime());
- assertNotNull(userPrincipal.getNonce());
- assertNotNull(userPrincipal.getPassword());
- assertTrue(userPrincipal.isPasswordDigest());
-
assertTrue(WSConstants.PASSWORD_DIGEST.equals(userPrincipal.getPasswordType()));
- }
-
- /**
- * Test the principal that is created after processing a Username Token,
which has been
- * transformed into a SAML Assertion.
- */
- @Test
- public void testTransformedUsernameToken() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecUsernameToken builder = new WSSecUsernameToken(secHeader);
- builder.setUserInfo("wernerd", "verySecret");
- Document signedDoc = builder.build();
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
- WSHandlerResult results =
- verify(signedDoc, new DummyValidator(),
WSConstants.USERNAME_TOKEN, null);
-
- Principal principal =
-
(Principal)results.getResults().get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
- assertTrue(principal instanceof SAMLTokenPrincipal);
- assertTrue(principal.getName().contains("uid=joe"));
- assertNotNull(((SAMLTokenPrincipal)principal).getToken());
- }
+ //private CallbackHandler callbackHandler = new
UsernamePasswordCallbackHandler();
/**
* Test the principal that is created after processing a SAML Token
@@ -262,6 +196,35 @@ public class PrincipalTest {
assertNotNull(((SAMLTokenPrincipal)principal).getToken());
}
+ /**
+ * Test the principal that is created after processing a Username Token,
which has been
+ * transformed into a SAML Assertion.
+ */
+ @Test
+ public void testTransformedUsernameToken() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecUsernameToken builder = new WSSecUsernameToken(secHeader);
+ builder.setUserInfo("wernerd", "verySecret");
+ Document signedDoc = builder.build();
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ WSHandlerResult results =
+ verify(signedDoc, new DummyValidator(),
WSConstants.USERNAME_TOKEN, null);
+
+ Principal principal =
+
(Principal)results.getResults().get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ assertTrue(principal instanceof SAMLTokenPrincipal);
+ assertTrue(principal.getName().contains("uid=joe"));
+ assertNotNull(((SAMLTokenPrincipal)principal).getToken());
+ }
+
/**
* Test the principal that is created after processing (and explicitly
validating)
* a BinarySecurityToken.
@@ -305,6 +268,7 @@ public class PrincipalTest {
assertNotNull(((SAMLTokenPrincipal)principal).getToken());
}
+
/**
* Verifies the soap envelope
*/
@@ -325,7 +289,7 @@ public class PrincipalTest {
Crypto crypto
) throws Exception {
RequestData requestData = new RequestData();
- requestData.setCallbackHandler(callbackHandler);
+ //requestData.setCallbackHandler(callbackHandler);
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
requestData.setValidateSamlSubjectConfirmation(false);
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ReplayTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ReplayTest.java
new file mode 100644
index 000000000..16d7ad915
--- /dev/null
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ReplayTest.java
@@ -0,0 +1,215 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.dom;
+
+import java.nio.file.Path;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.wss4j.common.cache.EHCacheReplayCache;
+import org.apache.wss4j.common.util.SOAPUtil;
+import org.apache.wss4j.common.dom.WSConstants;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
+
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.dom.message.WSSecHeader;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.saml.message.WSSecSAMLToken;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.saml.validate.SamlAssertionValidator;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+/**
+ * Some test-cases for replay attacks.
+ */
+public class ReplayTest {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(ReplayTest.class);
+
+ private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
+ private Crypto crypto;
+
+ @TempDir
+ Path tempDir;
+
+ public ReplayTest() throws Exception {
+ crypto = CryptoFactory.getInstance();
+ }
+
+ private ReplayCache createCache(String key) throws WSSecurityException {
+ return new EHCacheReplayCache(key, tempDir);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2
authentication assertion. This
+ * is just a sanity test to make sure that it is possible to send the SAML
token twice, as
+ * no "OneTimeUse" Element is defined there is no problem with replaying
it.
+ * with a OneTimeUse Element
+ */
+ @Test
+ public void testEhCacheReplayedSAML2() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+
+ callbackHandler.setConditions(conditions);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+ Document unsignedDoc = wsSign.build(samlAssertion);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString = XMLUtils.prettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ SamlAssertionValidator assertionValidator = new
SamlAssertionValidator();
+ assertionValidator.setRequireBearerSignature(false);
+ wssConfig.setValidator(WSConstants.SAML_TOKEN, assertionValidator);
+ wssConfig.setValidator(WSConstants.SAML2_TOKEN, assertionValidator);
+
+ RequestData data = new RequestData();
+ data.setWssConfig(wssConfig);
+ data.setCallbackHandler(callbackHandler);
+ ReplayCache replayCache =
createCache("wss4j.saml.one.time.use.cache-");
+ data.setSamlOneTimeUseReplayCache(replayCache);
+
+ // Successfully verify SAML Token
+ verify(unsignedDoc, wssConfig, data);
+
+ // Now try again - this should work fine as well
+ verify(unsignedDoc, wssConfig, data);
+
+ replayCache.close();
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2
authentication assertion
+ * with a OneTimeUse Element
+ */
+ @Test
+ public void testEhCacheReplayedSAML2OneTimeUse() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+ conditions.setOneTimeUse(true);
+
+ callbackHandler.setConditions(conditions);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+ Document unsignedDoc = wsSign.build(samlAssertion);
+
+ String outputString =
+ XMLUtils.prettyDocumentToString(unsignedDoc);
+ assertTrue(outputString.contains("OneTimeUse"));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ SamlAssertionValidator assertionValidator = new
SamlAssertionValidator();
+ assertionValidator.setRequireBearerSignature(false);
+ wssConfig.setValidator(WSConstants.SAML_TOKEN, assertionValidator);
+ wssConfig.setValidator(WSConstants.SAML2_TOKEN, assertionValidator);
+
+ RequestData data = new RequestData();
+ data.setWssConfig(wssConfig);
+ data.setCallbackHandler(callbackHandler);
+ ReplayCache replayCache =
createCache("wss4j.saml.one.time.use.cache-");
+ data.setSamlOneTimeUseReplayCache(replayCache);
+
+ // Successfully verify SAML Token
+ verify(unsignedDoc, wssConfig, data);
+
+ // Now try again - a replay attack should be detected
+ try {
+ verify(unsignedDoc, wssConfig, data);
+ fail("Expected failure on a replay attack");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+
+ replayCache.close();
+ }
+
+ /**
+ * Verifies the soap envelope
+ *
+ * @param doc soap document
+ * @param wssConfig
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ private WSHandlerResult verify(
+ Document doc, WSSConfig wssConfig, RequestData data
+ ) throws Exception {
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.setWssConfig(wssConfig);
+ Element elem = WSSecurityUtil.getSecurityHeader(doc, null);
+ data.setSigVerCrypto(crypto);
+ return secEngine.processSecurityHeader(elem, data);
+ }
+
+
+}
\ No newline at end of file
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1AuthnHOKHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1AuthnHOKHandler.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1AuthnHOKHandler.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1AuthnHOKHandler.java
index 8762377e0..a0b4e06d2 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1AuthnHOKHandler.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1AuthnHOKHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1CallbackHandler.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1CallbackHandler.java
index 03daec925..643984067 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML1CallbackHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML2CallbackHandler.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML2CallbackHandler.java
index b3bb8741b..94ff052b7 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAML2CallbackHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAMLElementCallbackHandler.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAMLElementCallbackHandler.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAMLElementCallbackHandler.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAMLElementCallbackHandler.java
index 3ff1e92a2..e9e243ae2 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAMLElementCallbackHandler.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SAMLElementCallbackHandler.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.common;
+package org.apache.wss4j.common.saml.dom;
import java.io.IOException;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAlgorithmSuiteTest.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAlgorithmSuiteTest.java
index f0aa6ecf8..1cd55da4c 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAlgorithmSuiteTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -29,7 +29,6 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAuthnTest.java
similarity index 97%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAuthnTest.java
index 1b1391876..16c4f4a4a 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlAuthnTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.time.Duration;
import java.time.Instant;
@@ -31,9 +31,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlConditionsTest.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlConditionsTest.java
index e4856f0dd..ca17e76ce 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlConditionsTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.time.Duration;
import java.time.Instant;
@@ -40,9 +40,6 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlNegativeTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlNegativeTest.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlNegativeTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlNegativeTest.java
index 511a74629..4d61c0c21 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlNegativeTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlNegativeTest.java
@@ -17,15 +17,12 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlReferenceTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlReferenceTest.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlReferenceTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlReferenceTest.java
index 17659550d..2f65824e5 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlReferenceTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlReferenceTest.java
@@ -17,16 +17,14 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenActionTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenActionTest.java
similarity index 97%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenActionTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenActionTest.java
index 85ab5c8b3..4dd82bec4 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenActionTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenActionTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.util.ArrayList;
import java.util.Collections;
@@ -33,11 +33,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
similarity index 96%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
index 516487ba8..a9453b8df 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenCustomSignatureTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.util.ArrayList;
import java.util.List;
@@ -34,9 +34,7 @@ import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenDerivedTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenDerivedTest.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenDerivedTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenDerivedTest.java
index 7c6e0b1ad..fac8ee9b9 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenDerivedTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenDerivedTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.security.cert.X509Certificate;
import java.util.List;
@@ -38,8 +38,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenHOKTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenHOKTest.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenHOKTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenHOKTest.java
index b49abaad5..10ca1f7ef 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenHOKTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenHOKTest.java
@@ -17,14 +17,12 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenSVTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenSVTest.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenSVTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenSVTest.java
index 390088c5c..a581abd31 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenSVTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenSVTest.java
@@ -17,16 +17,13 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenTest.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenTest.java
index 057bd650d..abb4050de 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SamlTokenTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
@@ -52,12 +52,7 @@ import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.CustomHandler;
-import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
-import org.apache.wss4j.dom.common.SAMLElementCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
@@ -94,7 +89,6 @@ import org.w3c.dom.Element;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignatureConfirmationTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignatureConfirmationTest.java
new file mode 100644
index 000000000..3671fa4cc
--- /dev/null
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignatureConfirmationTest.java
@@ -0,0 +1,148 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.dom;
+
+import java.util.*;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.SOAPUtil;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.common.dom.WSConstants;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
+
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.dom.handler.HandlerAction;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
+
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * A set of test-cases for SignatureConfirmation.
+ */
+public class SignatureConfirmationTest {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SignatureConfirmationTest.class);
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
+ private Crypto crypto;
+
+ public SignatureConfirmationTest() throws Exception {
+ crypto = CryptoFactory.getInstance();
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void
+ testSAMLSignatureConfirmationProcessing() throws Exception {
+ final RequestData reqData = new RequestData();
+
+ SAML2CallbackHandler samlCallbackHandler = new SAML2CallbackHandler();
+ samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ samlCallbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ samlCallbackHandler.setIssuer("www.example.com");
+ samlCallbackHandler.setSignAssertion(true);
+ samlCallbackHandler.setIssuerCrypto(crypto);
+
samlCallbackHandler.setIssuerName("16c73ab6-b892-458f-abf5-2f875f74882e");
+ samlCallbackHandler.setIssuerPassword("security");
+
+ java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
+ msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
+ msgContext.put(WSHandlerConstants.SAML_CALLBACK_REF,
samlCallbackHandler);
+ reqData.setMsgContext(msgContext);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ HandlerAction action = new HandlerAction(WSConstants.ST_UNSIGNED);
+ handler.send(
+ doc,
+ reqData,
+ Collections.singletonList(action),
+ true
+ );
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ XMLUtils.prettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // Verify the inbound request, and create a response with a Signature
Confirmation
+ //
+ WSHandlerResult results = verify(doc);
+ doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
+ List<WSHandlerResult> receivedResults = new ArrayList<>();
+ receivedResults.add(results);
+ msgContext.put(WSHandlerConstants.RECV_RESULTS, receivedResults);
+ handler.send(
+ doc,
+ reqData,
+ Collections.singletonList(new
HandlerAction(WSConstants.NO_SECURITY)),
+ false
+ );
+ String outputString =
+ XMLUtils.prettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signature Confirmation response....");
+ LOG.debug(outputString);
+ }
+
+ //
+ // Verify the SignatureConfirmation response
+ //
+ results = verify(doc);
+ WSSecurityEngineResult scResult =
+ results.getActionResults().get(WSConstants.SC).get(0);
+ assertNotNull(scResult);
+
assertNotNull(scResult.get(WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION));
+ handler.signatureConfirmation(reqData, results);
+ }
+
+ /**
+ * Verifies the soap envelope
+ * <p/>
+ *
+ * @param doc
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ private WSHandlerResult verify(Document doc) throws Exception {
+ WSHandlerResult results =
+ secEngine.processSecurityHeader(doc, null, callbackHandler,
crypto);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Verfied and decrypted message:");
+ String outputString =
+ XMLUtils.prettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ return results;
+ }
+
+}
\ No newline at end of file
diff --git
a/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignaturePartsTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignaturePartsTest.java
new file mode 100644
index 000000000..00052c375
--- /dev/null
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignaturePartsTest.java
@@ -0,0 +1,160 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.dom;
+
+import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.SOAPUtil;
+import org.apache.wss4j.common.WSDataRef;
+import org.apache.wss4j.common.dom.WSConstants;
+
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
+import org.apache.wss4j.common.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.common.saml.message.WSSecSignatureSAML;
+
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * This is some unit tests for signing using signature parts. Note that the
"soapMsg" below
+ * has a custom header added.
+ */
+public class SignaturePartsTest {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SignaturePartsTest.class);
+ private static final String SOAPMSG = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>" +
+ "<soapenv:Envelope xmlns:foo=\"urn:foo.bar\"
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>" +
+ " <soapenv:Header>" +
+ " <foo:foobar>baz</foo:foobar>" +
+ " </soapenv:Header>" +
+ " <soapenv:Body>" +
+ " <ns1:testMethod
xmlns:ns1=\"http://axis/service/security/test6/LogTestService8\";></ns1:testMethod>"
+
+ " </soapenv:Body>" +
+ "</soapenv:Envelope>";
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+
+ public SignaturePartsTest() throws Exception {
+ WSSConfig.init();
+ }
+
+ /**
+ * Test signing of a header through a STR Dereference Transform
+ */
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testSOAPHeaderSTRTransform() throws Exception {
+ // Construct issuer and user crypto instances
+ Crypto issuerCrypto = new Merlin();
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ ClassLoader loader = Loader.getClassLoader(SignaturePartsTest.class);
+ InputStream input = Merlin.loadInputStream(loader,
"keys/wss40_server.jks");
+ keyStore.load(input, "security".toCharArray());
+ input.close();
+ ((Merlin)issuerCrypto).setKeyStore(keyStore);
+
+ Crypto userCrypto = CryptoFactory.getInstance("wss40.properties");
+
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+
+ samlCallback.setIssuer("www.example.com");
+
+ SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
+ samlAssertion.signAssertion("wss40_server", "security", issuerCrypto,
false);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ wsSign.setUserInfo("wss40", "security");
+
+ WSEncryptionPart encP =
+ new WSEncryptionPart("STRTransform", "", "Element");
+ wsSign.getParts().add(encP);
+
+ //
+ // set up for keyHolder
+ //
+ Document signedDoc = wsSign.build(userCrypto, samlAssertion, null,
null, null);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed SAML message (key holder):");
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ // Construct trust crypto instance
+ Crypto trustCrypto = new Merlin();
+ KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ input = Merlin.loadInputStream(loader, "keys/wss40CA.jks");
+ trustStore.load(input, "security".toCharArray());
+ input.close();
+ ((Merlin)trustCrypto).setTrustStore(trustStore);
+
+ WSHandlerResult results =
+ secEngine.processSecurityHeader(doc, null, null, trustCrypto);
+ WSSecurityEngineResult stUnsignedActionResult =
+ results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
+ SamlAssertionWrapper receivedSamlAssertion =
+ (SamlAssertionWrapper)
stUnsignedActionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertNotNull(receivedSamlAssertion);
+ assertTrue(receivedSamlAssertion.isSigned());
+
+ WSSecurityEngineResult signActionResult =
+ results.getActionResults().get(WSConstants.SIGN).get(0);
+ assertNotNull(signActionResult);
+ assertFalse(signActionResult.isEmpty());
+ final List<WSDataRef> refs =
+ (List<WSDataRef>)
signActionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ WSDataRef wsDataRef = refs.get(0);
+ String xpath = wsDataRef.getXpath();
+
assertEquals("/soapenv:Envelope/soapenv:Header/wsse:Security/saml1:Assertion",
xpath);
+ }
+
+}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignedSamlTokenHOKTest.java
similarity index 99%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignedSamlTokenHOKTest.java
index 7c6e0d71b..6716e1402 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/SignedSamlTokenHOKTest.java
@@ -17,15 +17,13 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml;
+package org.apache.wss4j.common.saml.dom;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.WSDataRef;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
similarity index 63%
copy from
ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
copy to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
index f372dfff1..1ffc13b8f 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ValidatorTest.java
@@ -17,16 +17,14 @@
* under the License.
*/
-package org.apache.wss4j.dom.validate;
+package org.apache.wss4j.common.saml.dom;
import java.security.cert.X509Certificate;
-import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
-import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
@@ -39,9 +37,7 @@ import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
@@ -51,8 +47,6 @@ import org.apache.wss4j.common.dom.message.WSSecHeader;
import org.apache.wss4j.common.dom.validate.Credential;
import org.apache.wss4j.common.dom.validate.Validator;
import org.apache.wss4j.common.dom.message.WSSecSignature;
-import org.apache.wss4j.dom.message.WSSecTimestamp;
-import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
@@ -70,119 +64,6 @@ public class ValidatorTest {
org.slf4j.LoggerFactory.getLogger(ValidatorTest.class);
private WSSecurityEngine secEngine = new WSSecurityEngine();
- /**
- * This is a test for processing an expired Timestamp.
- */
- @Test
- public void testExpiredTimestamp() throws Exception {
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecTimestamp timestamp = new WSSecTimestamp(secHeader);
- timestamp.setTimeToLive(-1);
- Document createdDoc = timestamp.build();
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(createdDoc);
- LOG.debug(outputString);
- }
-
- // The default behaviour is that the Timestamp validation will fail
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- try {
- verify(createdDoc, wssConfig, null, null);
- fail("Expected failure on an expired timestamp");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
- }
-
- // Now switch out the default Timestamp validator
- wssConfig.setValidator(WSConstants.TIMESTAMP, NoOpValidator.class);
- verify(createdDoc, wssConfig, null, null);
- }
-
- /**
- * Test for processing an untrusted signature
- */
- @Test
- public void testUntrustedSignature() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecSignature sign = new WSSecSignature(secHeader);
- sign.setUserInfo("wss40", "security");
- sign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
-
- Crypto crypto = CryptoFactory.getInstance("wss40.properties");
- Document signedDoc = sign.build(crypto);
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
-
- // The default behaviour is that trust verification will fail
- Crypto cryptoCA = CryptoFactory.getInstance("crypto.properties");
- // Turn off BSP spec compliance
- WSSecurityEngine newEngine = new WSSecurityEngine();
- RequestData data = new RequestData();
- data.setSigVerCrypto(cryptoCA);
- data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3063));
- try {
- newEngine.processSecurityHeader(signedDoc, data);
- fail("Failure expected on issuer serial");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.FAILURE);
- }
-
- // Now switch out the default signature validator
- WSSConfig config = WSSConfig.getNewInstance();
- config.setValidator(WSConstants.SIGNATURE, NoOpValidator.class);
- newEngine.setWssConfig(config);
- data.setWssConfig(config);
- newEngine.processSecurityHeader(signedDoc, data);
- }
-
- /**
- * Test that adds a UserNameToken with (bad) password text to a
WS-Security envelope
- */
- @Test
- public void testUsernameTokenBadText() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecUsernameToken builder = new WSSecUsernameToken(secHeader);
- builder.setPasswordType(WSConstants.PASSWORD_TEXT);
- builder.setUserInfo("wernerd", "verySecre");
-
- Document signedDoc = builder.build();
-
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.prettyDocumentToString(signedDoc);
- LOG.debug(outputString);
- }
-
- // The default behaviour is that password verification will fail
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- try {
- verify(signedDoc, wssConfig, new
UsernamePasswordCallbackHandler(), null);
- fail("Failure expected on a bad password text");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
-
- // Now switch out the default UsernameToken validator
- wssConfig.setValidator(WSConstants.USERNAME_TOKEN,
NoOpValidator.class);
- verify(signedDoc, wssConfig, new UsernamePasswordCallbackHandler(),
null);
- }
-
/**
* In this test, a BinarySecurityToken is added to the SOAP header. A
custom processor
* validates the BST and transforms it into a SAML Assertion.
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/ext/AssertionSigningTest.java
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ext/AssertionSigningTest.java
similarity index 98%
rename from
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/ext/AssertionSigningTest.java
rename to
ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ext/AssertionSigningTest.java
index 54581df18..0eb675062 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/ext/AssertionSigningTest.java
+++
b/ws-security-saml/src/test/java/org/apache/wss4j/common/saml/dom/ext/AssertionSigningTest.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.saml.ext;
+package org.apache.wss4j.common.saml.dom.ext;
import java.io.InputStream;
import java.security.KeyStore;
@@ -34,7 +34,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.common.saml.dom.SAML2CallbackHandler;
import org.apache.wss4j.common.dom.engine.WSSConfig;
diff --git a/ws-security-stax/pom.xml b/ws-security-stax/pom.xml
index cdd72d0e4..124c2f075 100644
--- a/ws-security-stax/pom.xml
+++ b/ws-security-stax/pom.xml
@@ -79,6 +79,13 @@
<scope>test</scope>
<classifier>tests</classifier>
</dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-saml</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ <classifier>tests</classifier>
+ </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
index 119076335..5afcc8974 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
@@ -32,7 +32,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
index 2e186bba9..1a689ae40 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
@@ -34,7 +34,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
index 486bf44f6..9875ff675 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
@@ -34,7 +34,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML1CallbackHandler.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML1CallbackHandler.java
index c9c83fab2..63b9e0a22 100755
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML1CallbackHandler.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML1CallbackHandler.java
@@ -33,7 +33,7 @@ import java.io.IOException;
* A Callback Handler implementation for a SAML 1.1 assertion. By default it
creates an
* authentication assertion using Sender Vouches.
*/
-public class SAML1CallbackHandler extends
org.apache.wss4j.dom.common.SAML1CallbackHandler {
+public class SAML1CallbackHandler extends
org.apache.wss4j.common.saml.dom.SAML1CallbackHandler {
private String issuerKeyName;
private String issuerKeyPassword;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML2CallbackHandler.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML2CallbackHandler.java
index 1ac4816e4..5b6033ef5 100755
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML2CallbackHandler.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAML2CallbackHandler.java
@@ -33,7 +33,7 @@ import java.io.IOException;
* A Callback Handler implementation for a SAML 2 assertion. By default it
creates an
* authentication assertion using Sender Vouches.
*/
-public class SAML2CallbackHandler extends
org.apache.wss4j.dom.common.SAML2CallbackHandler {
+public class SAML2CallbackHandler extends
org.apache.wss4j.common.saml.dom.SAML2CallbackHandler {
private String issuerKeyName;
private String issuerKeyPassword;
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
index 4afbc2819..d24e90335 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
@@ -53,7 +53,7 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.dom.WSConstants;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.common.crypto.KeystoreCallbackHandler;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.common.dom.message.WSSecHeader;
import org.apache.wss4j.common.saml.message.WSSecSAMLToken;
