org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor Java Examples

@ApplicationConfiguration
public Properties props() {
    // return new PropertiesBuilder().p("cxf.jaxws.client.out-interceptors", LoggingOutInterceptor.class.getName()).build();
    // return new PropertiesBuilder().p("cxf.jaxws.client.{http://cxf.server.openejb.apache.org/}MyWebservicePort.out-interceptors", LoggingOutInterceptor.class.getName()).build();
    return new PropertiesBuilder()
            .p("cxf.jaxws.client.{http://cxf.server.openejb.apache.org/}MyWebservicePort.in-interceptors", "wss4jin")
            .p("cxf.jaxws.client.{http://cxf.server.openejb.apache.org/}MyWebservicePort.out-interceptors", "loo,wss4jout")

            .p("cxf.jaxws.client.{http://cxf.server.openejb.apache.org/}myWebservice.in-interceptors", "wss4jin")
            .p("cxf.jaxws.client.{http://cxf.server.openejb.apache.org/}myWebservice.out-interceptors", "loo,wss4jout")

            .p("loo", "new://Service?class-name=" + LoggingOutInterceptor.class.getName())

            .p("wss4jin", "new://Service?class-name=" + WSS4JInInterceptorFactory.class.getName() + "&factory-name=create")
            .p("wss4jin.a", "b")

            .p("wss4jout", "new://Service?class-name=" + WSS4JOutInterceptor.class.getName() + "&constructor=properties")
            .p("wss4jout.properties", "$properties")

            .p("properties", "new://Service?class-name=" + MapFactory.class.getName())
            .p("properties.c", "d")

            .build();
}
 

private void testPortWithFeature(final Client client) {
    assertNotNull(client);
    assertEquals(4, client.getOutInterceptors().size());
    assertEquals(3, client.getInInterceptors().size());
    final Iterator<Interceptor<? extends Message>> Out = client.getOutInterceptors().iterator();
    assertTrue(MAPAggregatorImpl.class.isInstance(Out.next()));
    assertTrue(MAPCodec.class.isInstance(Out.next()));
    assertTrue(LoggingOutInterceptor.class.isInstance(Out.next()));
    final Interceptor<? extends Message> wss4jout = Out.next();
    assertTrue(WSS4JOutInterceptor.class.isInstance(wss4jout));

    final Iterator<Interceptor<? extends Message>> iteratorIn = client.getInInterceptors().iterator();
    assertTrue(MAPAggregatorImpl.class.isInstance(iteratorIn.next()));
    assertTrue(MAPCodec.class.isInstance(iteratorIn.next()));
    assertTrue(WSS4JInInterceptor.class.isInstance(iteratorIn.next()));
}
 

private void configureClient(final String userName,
                             final String passw,
                             final long timeout,
                             final Client client) {

    final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setConnectionTimeout(timeout);
    httpClientPolicy.setAllowChunking(false);
    httpClientPolicy.setReceiveTimeout(timeout);

    ((HTTPConduit) client.getConduit()).setClient(httpClientPolicy);

    final Endpoint endpoint = client.getEndpoint();

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(new HashMap<String, Object>() {{
        put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
        put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        put(WSHandlerConstants.USER, userName);
        put(WSHandlerConstants.PW_CALLBACK_REF, new PWCallbackHandler(passw));
    }});
    endpoint.getOutInterceptors().add(wssOut);
}
 

private void setupForTest(boolean sec) throws Exception {

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setServiceClass(AegisJaxWs.class);
        if (sec) {
            factory.setAddress("http://localhost:" + PORT + "/aegisJaxWsUN");
            WSS4JOutInterceptor wss4jOut = new WSS4JOutInterceptor();
            wss4jOut.setProperty("action", "UsernameToken");
            wss4jOut.setProperty("user", "alice");
            wss4jOut.setProperty("password", "pass");

            factory.setProperties(new HashMap<String, Object>());
            factory.getProperties().put("password", "pass");
            factory.getOutInterceptors().add(wss4jOut);
        } else {
            factory.setAddress("http://localhost:" + PORT + "/aegisJaxWs");
        }
        factory.getServiceFactory().setDataBinding(new AegisDatabinding());

        client = (AegisJaxWs)factory.create();
    }
 

public void sendRequest() throws Exception {
    JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
    factory.setServiceClass(HelloWorld.class);
    factory.setAddress("http://localhost:8181/cxf/HelloWorldSecurity");
    HelloWorld client = (HelloWorld) factory.create();
    
    Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put("action", "UsernameToken");

    //add a CustomerSecurityInterceptor for client side to init wss4j staff
    //retrieve and set user/password,  users can easily add this interceptor
    //through spring configuration also
    ClientProxy.getClient(client).getOutInterceptors().add(new CustomerSecurityInterceptor());
    ClientProxy.getClient(client).getOutInterceptors().add(new WSS4JOutInterceptor());
    String ret = client.sayHi("ffang");
    System.out.println(ret);
}
 

public void sendRequest() throws Exception {
    JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
    factory.setServiceClass(HelloWorld.class);
    factory.setAddress("http://localhost:8181/cxf/HelloWorldSecurity");
    HelloWorld client = (HelloWorld) factory.create();
    
    Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put("action", "UsernameToken");

    //add a CustomerSecurityInterceptor for client side to init wss4j staff
    //retrieve and set user/password,  users can easily add this interceptor
    //through spring configuration also
    ClientProxy.getClient(client).getOutInterceptors().add(new CustomerSecurityInterceptor());
    ClientProxy.getClient(client).getOutInterceptors().add(new WSS4JOutInterceptor());
    String ret = client.sayHi("ffang");
    System.out.println(ret);
}
 

public static final void setupWSS4JChain(InterceptorProvider endpoint, Map<String, Object> inProps, Map<String, Object> outProps) {

        if (null != inProps && !inProps.isEmpty()) {
            endpoint.getInInterceptors().add(new SAAJInInterceptor());
            endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));

            // if WS Security is used with a JAX-WS handler (See EjbInterceptor), we have to deal with mustUnderstand flag
            // in WS Security headers. So, let's add an interceptor
            endpoint.getInInterceptors().add(new WSSPassThroughInterceptor());
        }

        if (null != outProps && !outProps.isEmpty()) {
            endpoint.getOutInterceptors().add(new SAAJOutInterceptor());
            endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
        }

    }
 

protected Server() throws Exception {
    System.out.println("Starting Server");

    Object implementor = new GreeterImpl();
    String address = "http://localhost:9000/SoapContext/GreeterPort";
    EndpointImpl impl = (EndpointImpl)Endpoint.publish(address, implementor);

    Map<String, Object> outProps = new HashMap<>();
    outProps.put("action", "UsernameToken Timestamp");

    outProps.put("passwordType", "PasswordText");
    outProps.put("user", "Alice");
    outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback");

    impl.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));

    Map<String, Object> inProps = new HashMap<>();
    inProps.put("action", "UsernameToken Timestamp");
    inProps.put("passwordType", "PasswordDigest");
    inProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback");

    impl.getInInterceptors().add(new WSS4JInInterceptor(inProps));
}
 

public void testCalculatorViaWsInterfaceWithUsernameTokenPlainPassword() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImplUsernameTokenPlainPassword?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    // for debugging (ie. TCPMon)
    calcService.addPort(new QName("http://superbiz.org/wsdl",
                    "CalculatorWsService2"), SOAPBinding.SOAP12HTTP_BINDING,
            "http://127.0.0.1:8204/CalculatorImplUsernameTokenPlainPassword");

    //        CalculatorWs calc = calcService.getPort(
    //        	new QName("http://superbiz.org/wsdl", "CalculatorWsService2"),
    //        	CalculatorWs.class);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, "jane");
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {

        @Override
        public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword("waterfall");
        }
    });

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(10, calc.sum(4, 6));
}
 

@Test
public void testUnsignedSAML2AudienceRestrictionTokenBadServiceName() throws Exception {
    QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
    QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
    URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
    HelloWorldService service = new HelloWorldService(wsdl, serviceName);

    HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);

    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);

    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    List<String> audiences = new ArrayList<>();
    audiences.add("{http://cxf.apache.org/hello_world_jms}BadHelloWorldService");
    AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
    audienceRestrictionBean.setAudienceURIs(audiences);
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));

    callbackHandler.setConditions(conditions);

    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);

    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
    Client client = ClientProxy.getClient(greeter);
    client.getOutInterceptors().add(outInterceptor);

    try {
        greeter.sayHi();
        fail("Failure expected on a bad audience restriction");
    } catch (SOAPFaultException ex) {
        // expected
    }

    ((java.io.Closeable)greeter).close();
}
 

public void testCalculatorViaWsInterfaceWithTimestamp2ways() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImplTimestamp2ways?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    // for debugging (ie. TCPMon)
    calcService.addPort(new QName("http://superbiz.org/wsdl",
                    "CalculatorWsService2"), SOAPBinding.SOAP12HTTP_BINDING,
            "http://127.0.0.1:8204/CalculatorImplTimestamp2ways");

    //        CalculatorWs calc = calcService.getPort(
    //        	new QName("http://superbiz.org/wsdl", "CalculatorWsService2"),
    //		CalculatorWs.class);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());
    endpoint.getInInterceptors().add(new SAAJInInterceptor());

    final Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    final Map<String, Object> inProps = new HashMap<String, Object>();
    inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    final WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
    endpoint.getInInterceptors().add(wssIn);

    assertEquals(12, calc.multiply(3, 4));
}
 

public void testCalculatorViaWsInterfaceWithTimestamp1way() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImplTimestamp1way?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    // for debugging (ie. TCPMon)
    calcService.addPort(new QName("http://superbiz.org/wsdl",
                    "CalculatorWsService2"), SOAPBinding.SOAP12HTTP_BINDING,
            "http://127.0.0.1:8204/CalculatorImplTimestamp1way");

    //        CalculatorWs calc = calcService.getPort(
    //        	new QName("http://superbiz.org/wsdl", "CalculatorWsService2"),
    //		CalculatorWs.class);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(12, calc.multiply(3, 4));
}
 

public void testCalculatorViaWsInterfaceFactoryBean() throws Exception {
    final JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();

    factory.setServiceClass(CalculatorWs.class);
    factory.setAddress("http://localhost:" + port + "/webservice-ws-security/CalculatorImpl");

    final CalculatorWs calc = (CalculatorWs) factory.create();

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, "jane");
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {

        @Override
        public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword("waterfall");
        }
    });

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(10, calc.sum(4, 6));
}
 

public void testCalculatorViaWsInterface() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImpl?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, "jane");
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {

        @Override
        public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword("waterfall");
        }
    });

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(10, calc.sum(4, 6));
}
 

@Test
public void testSaml2SignedSenderVouches() throws Exception {
    // Create + configure service
    Service service = createService();

    WSSSecurityProperties inProperties = new WSSSecurityProperties();
    Properties cryptoProperties =
        CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
    inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
    WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
    service.getInInterceptors().add(inhandler);

    // Create + configure client
    Echo echo = createClientProxy();

    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());

    Map<String, Object> properties = new HashMap<>();
    properties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    properties.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler());

    properties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    properties.put(ConfigurationConstants.USER, "alice");
    properties.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
    properties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);

    assertEquals("test", echo.echo("test"));
}
 

@org.junit.Test
public void testSignatureProgrammatic() throws Exception {

    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = ActionTest.class.getResource("client.xml");

    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);

    URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSignatureConfigPort");

    DoubleItPortType port =
            service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, PORT);

    // Programmatic interceptor
    Map<String, Object> props = new HashMap<>();
    props.put(ConfigurationConstants.ACTION, "Signature");
    props.put(ConfigurationConstants.SIGNATURE_USER, "alice");
    props.put(ConfigurationConstants.PW_CALLBACK_REF, new KeystorePasswordCallback());
    props.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    props.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(props);
    Client client = ClientProxy.getClient(port);
    client.getOutInterceptors().add(outInterceptor);

    assertEquals(50, port.doubleIt(25));

    ((java.io.Closeable)port).close();
    bus.shutdown(true);
}
 

@Test
public void testSaml2() throws Exception {
    // Create + configure service
    Service service = createService();

    WSSSecurityProperties inProperties = new WSSSecurityProperties();
    inProperties.setValidateSamlSubjectConfirmation(false);
    WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
    service.getInInterceptors().add(inhandler);

    // Create + configure client
    Echo echo = createClientProxy();

    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());

    Map<String, Object> properties = new HashMap<>();
    properties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    properties.put(
        ConfigurationConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()
    );

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);

    assertEquals("test", echo.echo("test"));
}
 

@Test
public void testSaml1SignedSenderVouches() throws Exception {
    // Create + configure service
    Service service = createService();

    WSSSecurityProperties inProperties = new WSSSecurityProperties();
    Properties cryptoProperties =
        CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
    inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
    WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
    service.getInInterceptors().add(inhandler);

    // Create + configure client
    Echo echo = createClientProxy();

    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());

    Map<String, Object> properties = new HashMap<>();
    properties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    properties.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());

    properties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    properties.put(ConfigurationConstants.USER, "alice");
    properties.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
    properties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);

    assertEquals("test", echo.echo("test"));
}
 

@Test
public void testSaml1() throws Exception {
    // Create + configure service
    Service service = createService();

    WSSSecurityProperties inProperties = new WSSSecurityProperties();
    inProperties.setValidateSamlSubjectConfirmation(false);
    WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
    service.getInInterceptors().add(inhandler);

    // Create + configure client
    Echo echo = createClientProxy();

    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());

    Map<String, Object> properties = new HashMap<>();
    properties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    properties.put(
        ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()
    );

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);

    assertEquals("test", echo.echo("test"));
}
 

@Test
public void testUnsignedSAML2Token() throws Exception {
    QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
    QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
    URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
    HelloWorldService service = new HelloWorldService(wsdl, serviceName);

    String response = new String("Bonjour");
    HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);

    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);

    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);

    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
    Client client = ClientProxy.getClient(greeter);
    client.getOutInterceptors().add(outInterceptor);

    String reply = greeter.sayHi();
    assertNotNull("no response received from service", reply);
    assertEquals(response, reply);

    ((java.io.Closeable)greeter).close();
}
 

@Test
public void testUnsignedSAML2AudienceRestrictionTokenURI() throws Exception {
    QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
    QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
    URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
    HelloWorldService service = new HelloWorldService(wsdl, serviceName);

    String response = new String("Bonjour");
    HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);

    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);

    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    List<String> audiences = new ArrayList<>();
    audiences.add("jms:jndi:dynamicQueues/test.jmstransport.text");
    AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
    audienceRestrictionBean.setAudienceURIs(audiences);
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));

    callbackHandler.setConditions(conditions);

    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);

    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
    Client client = ClientProxy.getClient(greeter);
    client.getOutInterceptors().add(outInterceptor);

    String reply = greeter.sayHi();
    assertNotNull("no response received from service", reply);
    assertEquals(response, reply);

    ((java.io.Closeable)greeter).close();
}
 

@Test
public void testUnsignedSAML2AudienceRestrictionTokenBadURI() throws Exception {
    QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
    QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
    URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
    HelloWorldService service = new HelloWorldService(wsdl, serviceName);

    HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);

    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);

    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    List<String> audiences = new ArrayList<>();
    audiences.add("jms:jndi:dynamicQueues/test.jmstransport.text.bad");
    AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
    audienceRestrictionBean.setAudienceURIs(audiences);
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));

    callbackHandler.setConditions(conditions);

    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);

    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
    Client client = ClientProxy.getClient(greeter);
    client.getOutInterceptors().add(outInterceptor);

    try {
        greeter.sayHi();
        fail("Failure expected on a bad audience restriction");
    } catch (SOAPFaultException ex) {
        // expected
    }

    ((java.io.Closeable)greeter).close();
}
 

@Test
public void testUnsignedSAML2AudienceRestrictionTokenServiceName() throws Exception {
    QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
    QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
    URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
    HelloWorldService service = new HelloWorldService(wsdl, serviceName);

    String response = new String("Bonjour");
    HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);

    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);

    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    List<String> audiences = new ArrayList<>();
    audiences.add("{http://cxf.apache.org/hello_world_jms}HelloWorldService");
    AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
    audienceRestrictionBean.setAudienceURIs(audiences);
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));

    callbackHandler.setConditions(conditions);

    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);

    WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
    Client client = ClientProxy.getClient(greeter);
    client.getOutInterceptors().add(outInterceptor);

    String reply = greeter.sayHi();
    assertNotNull("no response received from service", reply);
    assertEquals(response, reply);

    ((java.io.Closeable)greeter).close();
}
 

public void testCalculatorViaWsInterfaceWithUsernameTokenHashedPassword() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImplUsernameTokenHashedPassword?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    // for debugging (ie. TCPMon)
    calcService.addPort(new QName("http://superbiz.org/wsdl",
                    "CalculatorWsService2"), SOAPBinding.SOAP12HTTP_BINDING,
            "http://127.0.0.1:8204/CalculatorImplUsernameTokenHashedPassword");

    //        CalculatorWs calc = calcService.getPort(
    //        	new QName("http://superbiz.org/wsdl", "CalculatorWsService2"),
    //        	CalculatorWs.class);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, "jane");
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {

        @Override
        public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword("waterfall");
        }
    });

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(10, calc.sum(4, 6));
}
 

public void testCalculatorViaWsInterfaceWithSign() throws Exception {
    final Service calcService = Service.create(new URL("http://localhost:" + port + "/webservice-ws-security/CalculatorImplSign?wsdl"),
            new QName("http://superbiz.org/wsdl", "CalculatorWsService"));
    assertNotNull(calcService);

    // for debugging (ie. TCPMon)
    calcService.addPort(new QName("http://superbiz.org/wsdl",
                    "CalculatorWsService2"), SOAPBinding.SOAP12HTTP_BINDING,
            "http://127.0.0.1:8204/CalculatorImplSign");

    //      CalculatorWs calc = calcService.getPort(
    //	new QName("http://superbiz.org/wsdl", "CalculatorWsService2"),
    //	CalculatorWs.class);

    final CalculatorWs calc = calcService.getPort(CalculatorWs.class);

    final Client client = ClientProxy.getClient(calc);
    final Endpoint endpoint = client.getEndpoint();
    endpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    final Map<String, Object> outProps = new HashMap<String, Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
    outProps.put(WSHandlerConstants.USER, "clientalias");
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {

        @Override
        public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword("clientPassword");
        }
    });
    outProps.put(WSHandlerConstants.SIG_PROP_FILE, "META-INF/CalculatorImplSign-client.properties");
    outProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");

    final WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    endpoint.getOutInterceptors().add(wssOut);

    assertEquals(24, calc.multiply(4, 6));
}
 

@org.junit.Test
public void testSignedBodyTimestamp() throws Exception {
    if (!TestUtilities.checkUnrestrictedPoliciesInstalled()) {
        return;
    }

    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = HTTPGetTest.class.getResource("client.xml");

    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);

    URL wsdl = HTTPGetTest.class.getResource("DoubleItHTTPGet.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSignBodyPort");
    DoubleItPortType port =
            service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, PORT);

    Map<String, Object> outProps = new HashMap<>();
    outProps.put("action", "Timestamp Signature");
    outProps.put("signaturePropFile", "alice.properties");
    outProps.put("user", "alice");
    outProps.put("passwordCallbackClass",
                 "org.apache.cxf.systest.ws.common.KeystorePasswordCallback");
    outProps.put("signatureParts",
                 "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"
                 + "{}{http://docs.oasis-open.org/wss/2004/01/oasis-"
                 + "200401-wss-wssecurity-utility-1.0.xsd}Timestamp;");

    bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));

    int result = port.doubleIt(25);
    assertEquals(result, 50);

    bus.shutdown(true);
}
 

private WSS4JOutInterceptor addToClient(Object svc) {
    Client client = ClientProxy.getClient(svc);
    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor();
    client.getEndpoint().getOutInterceptors().add(wssOut);
    client.getOutInterceptors().add(wssOut);
    return wssOut;
}
 

private void testPort(final Client client) {
    assertNotNull(client);
    assertEquals(2, client.getOutInterceptors().size());
    assertEquals(1, client.getInInterceptors().size());
    final Iterator<Interceptor<? extends Message>> iterator = client.getOutInterceptors().iterator();
    assertTrue(LoggingOutInterceptor.class.isInstance(iterator.next()));
    final Interceptor<? extends Message> wss4jout = iterator.next();
    assertTrue(WSS4JOutInterceptor.class.isInstance(wss4jout));
    assertEquals("d", WSS4JOutInterceptor.class.cast(wss4jout).getProperties().get("c"));
    final Interceptor<? extends Message> wss4jin = client.getInInterceptors().iterator().next();
    assertTrue(WSS4JInInterceptor.class.isInstance(wss4jin));
    assertEquals("b", WSS4JInInterceptor.class.cast(wss4jin).getProperties().get("a"));
}
 

@Test
public void testOperationClientCertAlternativePolicy() {
    System.setProperty("testutil.ports.JavaFirstPolicyServer.3", PORT3);

    ClassPathXmlApplicationContext clientContext = new ClassPathXmlApplicationContext(new String[] {
        "org/apache/cxf/systest/ws/policy/sslcertclient.xml"
    });

    OperationSimpleService simpleService = clientContext
        .getBean("OperationSimpleServiceClient", OperationSimpleService.class);

    // no security on ping!
    simpleService.ping();

    try {
        simpleService.doStuff();
        fail("Expected exception as no credentials");
    } catch (SOAPFaultException e) {
        // expected
    }

    WSS4JOutInterceptor wssOut = addToClient(simpleService);

    wssOut.setProperties(getNoPasswordProperties("alice"));
    simpleService.doStuff();

    // this is successful because the alternative policy allows a password to be specified.
    wssOut.setProperties(getPasswordProperties("alice", "password"));
    simpleService.doStuff();

    clientContext.close();
}
 

@Test
public void testBindingClientCertAlternativePolicy() {
    System.setProperty("testutil.ports.JavaFirstPolicyServer.3", PORT3);

    ClassPathXmlApplicationContext clientContext = new ClassPathXmlApplicationContext(new String[] {
        "org/apache/cxf/systest/ws/policy/sslcertclient.xml"
    });

    BindingSimpleService simpleService = clientContext.getBean("BindingSimpleServiceClient",
                                                                     BindingSimpleService.class);

    try {
        simpleService.doStuff();
        fail("Expected exception as no credentials");
    } catch (SOAPFaultException e) {
        // expected
    }

    WSS4JOutInterceptor wssOut = addToClient(simpleService);

    wssOut.setProperties(getNoPasswordProperties("alice"));
    simpleService.doStuff();

    wssOut.setProperties(getPasswordProperties("alice", "password"));

    // this is successful because the alternative policy allows a password to be specified.
    simpleService.doStuff();

    clientContext.close();
}