/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.performance;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.InboundWSSec;
import org.apache.wss4j.stax.ext.OutboundWSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.processor.input.DecryptInputProcessor;
import org.apache.wss4j.stax.test.WSS4JCallbackHandlerImpl;
import org.apache.wss4j.stax.test.utils.SOAPUtil;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
import org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor;
import org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor;
import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.junit.AfterClass;
import org.junit.Assert;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
public abstract class AbstractTestBase extends org.junit.Assert {
//javax.xml.transform.Transformer transformer = TransformerFactory.newInstance().newTransformer();
//transformer.transform(new StreamSource(new ByteArrayInputStream(baos.toByteArray())), new StreamResult(System.out));
protected static final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
protected static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
protected DocumentBuilderFactory documentBuilderFactory;
protected static final String SECURED_DOCUMENT = "securedDocument";
static {
LogManager.getLogManager().addLogger(Logger.getLogger("org.jcp.xml.dsig.internal.dom"));
LogManager.getLogManager().getLogger("org.jcp.xml.dsig.internal.dom").setLevel(Level.FINE);
WSSConfig.init();
}
@AfterClass
public static void cleanup() throws Exception {
SecurityTestUtil.cleanup();
}
public AbstractTestBase() {
documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setIgnoringComments(false);
documentBuilderFactory.setCoalescing(false);
documentBuilderFactory.setIgnoringElementContentWhitespace(false);
xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false);
xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
//xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(5 * 8192));
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, InputStream inputStream)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
return doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(inputStream), null);
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, InputStream inputStream,
SecurityEventListener securityEventListener)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
return doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(inputStream), securityEventListener);
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, InputStream inputStream,
List<SecurityEvent> securityEventList, SecurityEventListener securityEventListener)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
return doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(inputStream), securityEventList, securityEventListener);
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
return doInboundSecurity(securityProperties, xmlStreamReader, null);
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader,
SecurityEventListener securityEventListener)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
return doInboundSecurity(securityProperties, xmlStreamReader, new ArrayList<>(), securityEventListener);
}
public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader,
List<SecurityEvent> securityEventList, SecurityEventListener securityEventListener)
throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
XMLStreamReader outXmlStreamReader = wsSecIn.processInMessage(xmlStreamReader, securityEventList, securityEventListener);
return StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), outXmlStreamReader);
}
protected ByteArrayOutputStream doOutboundSecurity(WSSSecurityProperties securityProperties, InputStream sourceDocument)
throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<>());
XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
return baos;
}
protected ByteArrayOutputStream doOutboundSecurity(Map<String, Object> config, InputStream sourceDocument)
throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
WSSSecurityProperties securityProperties = ConfigurationConverter.convert(config);
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<>());
XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
return baos;
}
protected Document doOutboundSecurityWithWSS4J(InputStream sourceDocument, String action, Properties properties)
throws WSSecurityException, TransformerException {
Map<String, Object> context = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
return (Document) context.get(SECURED_DOCUMENT);
}
protected Map<String, Object> doOutboundSecurityWithWSS4J_1(
InputStream sourceDocument, String action, final Properties properties
) throws WSSecurityException, TransformerException {
CustomWSS4JHandler wss4JHandler = new CustomWSS4JHandler();
final Map<String, Object> messageContext = getMessageContext(sourceDocument);
messageContext.put(WSHandlerConstants.ACTION, action);
messageContext.put(WSHandlerConstants.USER, "transmitter");
Properties sigProperties = new Properties();
sigProperties.setProperty("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "transmitter.jks");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "default");
//sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "transmitter");
wss4JHandler.setPassword(messageContext, "default");
messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" + sigProperties.hashCode());
messageContext.put("" + sigProperties.hashCode(), sigProperties);
Properties encProperties = new Properties();
encProperties.setProperty("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
encProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "transmitter.jks");
encProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "default");
//sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "transmitter");
wss4JHandler.setPassword(messageContext, "default");
messageContext.put(WSHandlerConstants.ENCRYPTION_USER, "receiver");
messageContext.put(WSHandlerConstants.ENC_PROP_REF_ID, "" + encProperties.hashCode());
messageContext.put("" + encProperties.hashCode(), encProperties);
Enumeration<?> enumeration = properties.propertyNames();
while (enumeration.hasMoreElements()) {
String s = (String) enumeration.nextElement();
messageContext.put(s, properties.get(s));
}
RequestData requestData = new RequestData();
requestData.setMsgContext(messageContext);
requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
requestData.setWssConfig(WSSConfig.getNewInstance());
wss4JHandler.doSender(messageContext, requestData, true);
return messageContext;
}
protected Document doInboundSecurityWithWSS4J(Document document, String action) throws Exception {
Map<String, Object> messageContext = doInboundSecurityWithWSS4J_1(document, action);
return ((Document) messageContext.get(SECURED_DOCUMENT));
}
protected Map<String, Object> doInboundSecurityWithWSS4J_1(Document document, String action) throws Exception {
return doInboundSecurityWithWSS4J_1(document, action, new Properties(), false);
}
protected Map<String, Object> doInboundSecurityWithWSS4J_1(
Document document, String action, Properties properties, boolean client
) throws Exception {
CustomWSS4JHandler wss4JHandler = new CustomWSS4JHandler();
Map<String, Object> messageContext = getMessageContext(document);
messageContext.put(WSHandlerConstants.ACTION, action);
if (client) {
messageContext.put(WSHandlerConstants.USER, "transmitter");
} else {
messageContext.put(WSHandlerConstants.USER, "receiver");
}
if (properties.get(WSHandlerConstants.PW_CALLBACK_REF) != null) {
messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, properties.get(WSHandlerConstants.PW_CALLBACK_REF));
} else {
messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new WSS4JCallbackHandlerImpl());
}
messageContext.put(WSHandlerConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
Enumeration<?> enumeration = properties.propertyNames();
while (enumeration.hasMoreElements()) {
String s = (String) enumeration.nextElement();
messageContext.put(s, properties.get(s));
}
RequestData requestData = new RequestData();
requestData.setMsgContext(messageContext);
if (client) {
final Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
} else {
final Crypto crypto = CryptoFactory.getInstance("receiver-crypto.properties");
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
}
if (properties.get(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD) != null) {
messageContext.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD,
properties.get(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD));
} else if (WSHandlerConstants.USERNAME_TOKEN_SIGNATURE.equals(action)) {
messageContext.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
}
// Disable PrefixList checking as the stax code doesn't support this yet
//todo
List<BSPRule> ignoredRules = new ArrayList<>();
ignoredRules.add(BSPRule.R5404);
ignoredRules.add(BSPRule.R5406);
ignoredRules.add(BSPRule.R5407);
ignoredRules.add(BSPRule.R5417);
ignoredRules.add(BSPRule.R3063);
ignoredRules.add(BSPRule.R5620);
ignoredRules.add(BSPRule.R5621);
//ignoredRules.add(BSPRule.R5215);
requestData.setIgnoredBSPRules(ignoredRules);
wss4JHandler.doReceiver(messageContext, requestData, false);
return messageContext;
}
protected Map<String, Object> getMessageContext(InputStream inputStream) {
Map<String, Object> context = new HashMap<>();
try {
context.put(SECURED_DOCUMENT, SOAPUtil.toSOAPPart(inputStream));
} catch (Exception e) {
throw new RuntimeException(e);
}
return context;
}
private Map<String, Object> getMessageContext(Document document) {
Map<String, Object> context = new HashMap<>();
context.put(SECURED_DOCUMENT, document);
return context;
}
protected XPathExpression getXPath(String expression) throws XPathExpressionException {
XPathFactory xPathFactory = XPathFactory.newInstance();
XPath xPath = xPathFactory.newXPath();
xPath.setNamespaceContext(
new NamespaceContext() {
@Override
public String getNamespaceURI(String prefix) {
if (WSSConstants.PREFIX_DSIG.equals(prefix)) {
return WSSConstants.NS_DSIG;
} else if (WSSConstants.PREFIX_SOAPENV.equals(prefix)) {
return WSSConstants.NS_SOAP11;
} else if (WSSConstants.PREFIX_WSSE.equals(prefix)) {
return WSSConstants.NS_WSSE10;
} else if (WSSConstants.PREFIX_WSU.equals(prefix)) {
return WSSConstants.NS_WSU10;
} else if (WSSConstants.PREFIX_XENC.equals(prefix)) {
return WSSConstants.NS_XMLENC;
} else if (WSSConstants.PREFIX_XENC11.equals(prefix)) {
return WSSConstants.NS_XMLENC11;
} else {
return null;
}
}
@Override
public String getPrefix(String namespaceURI) {
if (WSSConstants.NS_DSIG.equals(namespaceURI)) {
return WSSConstants.PREFIX_DSIG;
} else if (WSSConstants.NS_SOAP11.equals(namespaceURI)) {
return WSSConstants.PREFIX_SOAPENV;
} else if (WSSConstants.NS_WSSE10.equals(namespaceURI)) {
return WSSConstants.PREFIX_WSSE;
} else if (WSSConstants.NS_WSU10.equals(namespaceURI)) {
return WSSConstants.PREFIX_WSU;
} else if (WSSConstants.NS_XMLENC.equals(namespaceURI)) {
return WSSConstants.PREFIX_XENC;
} else if (WSSConstants.NS_XMLENC11.equals(namespaceURI)) {
return WSSConstants.PREFIX_XENC11;
} else {
return null;
}
}
@Override
public Iterator<String> getPrefixes(String namespaceURI) {
return null;
}
}
);
return xPath.compile(expression);
}
class CustomWSS4JHandler extends WSHandler {
private final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(CustomWSS4JHandler.class.getName());
private final boolean doDebug = LOG.isDebugEnabled();
/**
* Handles incoming web service requests and outgoing responses
*
* @throws TransformerException
*/
public boolean doSender(Map<String, Object> mc, RequestData reqData, boolean isRequest)
throws WSSecurityException, TransformerException {
/*
* Get the action first.
*/
String action = (String) mc.get(WSHandlerConstants.ACTION);
if (action == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", "WSS4JHandler: No action defined");
}
List<HandlerAction> actions = WSSecurityUtil.decodeHandlerAction(action, null);
if (actions.isEmpty()) {
return true;
}
/*
* For every action we need a username, so get this now. The username
* defined in the deployment descriptor takes precedence.
*/
reqData.setUsername((String) getOption(WSHandlerConstants.USER));
if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
reqData.setUsername((String) mc.get(WSHandlerConstants.USER));
}
/*
* Now we perform some set-up for UsernameToken and Signature
* functions. No need to do it for encryption only. Check if username
* is available and then get a password.
*/
boolean usernameRequired = false;
for (HandlerAction handlerAction : actions) {
if (handlerAction.getAction() == WSConstants.SIGN
|| handlerAction.getAction() == WSConstants.UT
|| handlerAction.getAction() == WSConstants.UT_SIGN) {
usernameRequired = true;
break;
}
}
if (usernameRequired && (reqData.getUsername() == null || reqData.getUsername().equals(""))) {
/*
* We need a username - if none throw a WSSecurityException. For encryption
* there is a specific parameter to get a username.
*/
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"WSS4JHandler: Empty username for specified action"
);
}
if (doDebug) {
LOG.debug("Actor: " + reqData.getActor());
}
/*
* Now get the SOAP part from the request message and convert it into a
* Document.
*
* Now we can perform our security operations on this request.
*/
Document doc = (Document) mc.get(SECURED_DOCUMENT);
if (doc == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"WSS4JHandler: cannot get SOAP envlope from message"
);
}
if (doDebug) {
LOG.debug("WSS4JHandler: orginal SOAP request: ");
LOG.debug(XMLUtils.prettyDocumentToString(doc));
}
doSenderAction(doc, reqData, actions, isRequest);
mc.put(SECURED_DOCUMENT, doc);
return true;
}
@SuppressWarnings("unchecked")
public boolean doReceiver(Map<String, Object> mc, RequestData reqData, boolean isRequest)
throws WSSecurityException {
String action = (String) mc.get(WSHandlerConstants.ACTION);
if (action == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", "WSS4JHandler: No action defined");
}
List<Integer> actions = WSSecurityUtil.decodeAction(action);
String actor = (String) mc.get(WSHandlerConstants.ACTOR);
Document doc = (Document) mc.get(SECURED_DOCUMENT);
/*
* Check if it's a fault. Don't process faults.
*/
org.apache.wss4j.dom.SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
if (WSSecurityUtil.findElement(
doc.getDocumentElement(), "Fault", soapConstants.getEnvelopeURI()) != null
) {
return false;
}
/*
* To check a UsernameToken or to decrypt an encrypted message we need
* a password.
*/
CallbackHandler cbHandler = getPasswordCallbackHandler(reqData);
reqData.setCallbackHandler(cbHandler);
/*
* Get and check the Signature specific parameters first because they
* may be used for encryption too.
*/
doReceiverAction(actions, reqData);
Element elem = WSSecurityUtil.getSecurityHeader(doc, actor);
List<WSSecurityEngineResult> wsResult = null;
try {
wsResult = secEngine.processSecurityHeader(elem, reqData);
} catch (WSSecurityException ex) {
if (doDebug) {
LOG.debug(ex.getMessage(), ex);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"WSS4JHandler: security processing failed", ex
);
}
if (wsResult == null || wsResult.isEmpty()) {
// no security header found
if (actions.isEmpty()) {
return true;
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty",
"WSS4JHandler: Request does not contain required Security header"
);
}
}
if (reqData.getWssConfig().isEnableSignatureConfirmation() && !isRequest) {
checkSignatureConfirmation(reqData, wsResult);
}
if (doDebug) {
LOG.debug("Processed received SOAP request");
}
/*
* now check the security actions: do they match, in right order?
*/
if (!checkReceiverResults(wsResult, actions)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"WSS4JHandler: security processing failed (actions mismatch)"
);
}
/*
* All ok up to this point. Now construct and setup the
* security result structure. The service may fetch this
* and check it.
*/
List<WSHandlerResult> results = null;
if ((results = (List<WSHandlerResult>) mc.get(WSHandlerConstants.RECV_RESULTS)) == null) {
results = new ArrayList<>();
mc.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
results.add(0, rResult);
if (doDebug) {
LOG.debug("WSS4JHandler: exit invoke()");
}
return true;
}
@Override
protected boolean checkReceiverResults(
List<WSSecurityEngineResult> wsResult, List<Integer> actions
) {
List<WSSecurityEngineResult> wsSecurityEngineResults = new ArrayList<>();
for (WSSecurityEngineResult result : wsResult) {
boolean found = false;
for (WSSecurityEngineResult res : wsSecurityEngineResults) {
if (result.get(WSSecurityEngineResult.TAG_ACTION).equals(res.get(WSSecurityEngineResult.TAG_ACTION))) {
found = true;
break;
}
}
if (!found) {
wsSecurityEngineResults.add(result);
}
}
int size = actions.size();
int ai = 0;
for (WSSecurityEngineResult result : wsSecurityEngineResults) {
final Integer act = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
if (act == WSConstants.SC || act == WSConstants.BST || act == WSConstants.DKT || act == WSConstants.SCT || act == WSConstants.UT_NOPASSWORD) {
continue;
}
if (ai >= size || actions.get(ai++).intValue() != act) {
return false;
}
}
/*
if (ai != size) {
return false;
}
*/
return true;
}
@Override
public Object getOption(String key) {
return null;
}
@SuppressWarnings("unchecked")
@Override
public Object getProperty(Object msgContext, String key) {
return ((Map<String, Object>) msgContext).get(key);
}
@SuppressWarnings("unchecked")
@Override
public void setProperty(Object msgContext, String key, Object value) {
((Map<String, Object>) msgContext).put(key, value);
}
@SuppressWarnings("unchecked")
@Override
public String getPassword(Object msgContext) {
return (String) ((Map<String, Object>) msgContext).get("password");
}
@SuppressWarnings("unchecked")
@Override
public void setPassword(Object msgContext, String password) {
((Map<String, Object>) msgContext).put("password", password);
}
}
protected class TestSecurityEventListener implements SecurityEventListener {
private SecurityEventConstants.Event[] expectedEvents;
private List<SecurityEvent> receivedSecurityEvents = new ArrayList<>();
public TestSecurityEventListener(SecurityEventConstants.Event[] expectedEvents) {
this.expectedEvents = expectedEvents;
}
public List<SecurityEvent> getReceivedSecurityEvents() {
return receivedSecurityEvents;
}
@SuppressWarnings("unchecked")
public <T> T getSecurityEvent(SecurityEventConstants.Event securityEvent) {
for (SecurityEvent event : receivedSecurityEvents) {
if (event.getSecurityEventType() == securityEvent) {
return (T) event;
}
}
return null;
}
@SuppressWarnings("unchecked")
public <T> List<T> getSecurityEvents(SecurityEventConstants.Event securityEvent) {
List<T> foundEvents = new ArrayList<>();
for (SecurityEvent event : receivedSecurityEvents) {
if (event.getSecurityEventType() == securityEvent) {
foundEvents.add((T) event);
}
}
return foundEvents;
}
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
Assert.assertNotNull(securityEvent.getCorrelationID());
Assert.assertNotEquals("", securityEvent.getCorrelationID());
receivedSecurityEvents.add(securityEvent);
}
public void compare() {
if (expectedEvents.length != receivedSecurityEvents.size()) {
printEvents();
Assert.fail("event count mismatch");
}
boolean asserted = true;
for (int i = 0; i < expectedEvents.length; i++) {
if (!expectedEvents[i].equals(receivedSecurityEvents.get(i).getSecurityEventType())) {
asserted = false;
break;
}
}
if (!asserted) {
printEvents();
Assert.fail("event mismatch");
}
}
private void printEvents() {
System.out.println("expected events:");
for (int i = 0; i < expectedEvents.length; i++) {
SecurityEventConstants.Event expectedEvent = expectedEvents[i];
System.out.println("WSSecurityEventConstants." + expectedEvent + ",");
}
System.out.println("received events:");
for (int i = 0; i < receivedSecurityEvents.size(); i++) {
SecurityEvent securityEvent = receivedSecurityEvents.get(i);
System.out.println("WSSecurityEventConstants." + securityEvent.getSecurityEventType() + ",");
}
}
}
//sometimes I really like reflection. We can fix jdk bugs which will never be fixed, we can do other funny things and
//we can also change "private static final" fields for testing:-)
//But keep in mind that this only works for Objects and not primitive types. Primitive types will be inlined...
public static void switchAllowNotSameDocumentReferences(Boolean value) throws NoSuchFieldException, IllegalAccessException {
Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("allowNotSameDocumentReferences");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, value);
}
public static void switchDoNotThrowExceptionForManifests(Boolean value) throws NoSuchFieldException, IllegalAccessException {
Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("doNotThrowExceptionForManifests");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, value);
}
public static int changeValueOfMaximumAllowedReferencesPerManifest(Integer value) throws NoSuchFieldException, IllegalAccessException {
Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedReferencesPerManifest");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
Integer oldval = (Integer)field.get(null);
field.set(null, value);
return oldval;
}
public static int changeValueOfMaximumAllowedTransformsPerReference(Integer value) throws NoSuchFieldException, IllegalAccessException {
Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedTransformsPerReference");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
Integer oldval = (Integer)field.get(null);
field.set(null, value);
return oldval;
}
public static void switchAllowMD5Algorithm(Boolean value) throws NoSuchFieldException, IllegalAccessException {
Field field = InboundSecurityContextImpl.class.getDeclaredField("allowMD5Algorithm");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, value);
}
public static int changeValueOfMaximumAllowedXMLStructureDepth(Integer value) throws NoSuchFieldException, IllegalAccessException {
Field xmlEventReaderInputProcessorField = XMLEventReaderInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
xmlEventReaderInputProcessorField.setAccessible(true);
Field abstractDecryptInputProcessorField = AbstractDecryptInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
abstractDecryptInputProcessorField.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(xmlEventReaderInputProcessorField, xmlEventReaderInputProcessorField.getModifiers() & ~Modifier.FINAL);
modifiersField.setInt(abstractDecryptInputProcessorField, abstractDecryptInputProcessorField.getModifiers() & ~Modifier.FINAL);
Integer oldval = (Integer)xmlEventReaderInputProcessorField.get(null);
xmlEventReaderInputProcessorField.set(null, value);
abstractDecryptInputProcessorField.set(null, value);
return oldval;
}
public static long changeValueOfMaximumAllowedDecompressedBytes(Long value) throws NoSuchFieldException, IllegalAccessException {
Field field = DecryptInputProcessor.class.getDeclaredField("maximumAllowedDecompressedBytes");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
Long oldval = (Long) field.get(null);
field.set(null, value);
return oldval;
}
public static Double getJavaSpecificationVersion() {
String jsv = System.getProperty("java.specification.version");
if (jsv != null) {
return Double.parseDouble(jsv);
}
return 0.0d;
}
}