@Test
public void shouldThrowIfHeadersDoNotContainAPrincipal() throws Exception {
when(signatureSecurityResult.get(WSSecurityEngineResult.TAG_PRINCIPAL)).thenReturn(null);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(e.getMessage(), containsString("unable to find principal in WS-Security headers"));
}
}
@Test
public void shouldThrowIfSecurityEngineResultsAreNull() throws Exception {
when(cryptoWrapper.processSecurityHeader(envelope)).thenReturn(null);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(e.getMessage(), containsString("incorrect number of WS-Security headers"));
}
}
@Test
public void shouldThrowIfSecurityEngineResultsDoNotContainSignHeader() throws Exception {
blankOutResultAtPosition(2);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(e.getMessage(), containsString("missing WS-Security header(s): SIGN"));
}
}
@Test
public void shouldThrowIfSecurityEngineResultsHaveMoreThanThreeResults() throws Exception {
wsSecurityEngineResults.add(new WSSecurityEngineResult(0, new Object()));
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(e.getMessage(), containsString("incorrect number of WS-Security headers"));
}
}
@Test
public void shouldThrowWrappedExceptionFromVerify() throws Exception {
CertificateException certificateException = new CertificateException();
doThrow(certificateException).when(requestCertificate).verify(publicKey);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertTrue("should have wrapped certificateException", e.getCause() == certificateException);
}
}
@Test
public void shouldThrowIfCryptoWrapperDoesNotReturnACertificate() throws Exception {
when(cryptoWrapper.getUserCertificate(USER_ID, requestCertificate)).thenReturn(null);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(
e.getMessage(), containsString("unable to get user certificate from cryptoWrapper"));
}
}
@Test
public void shouldThrowIfPrincipalNameDoesNotContainAUserId() throws Exception {
when(principal.getName()).thenReturn("a=b,c=d,e=f");
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(
e.getMessage(),
containsString("unable to determine userId from principal name 'a=b,c=d,e=f'"));
}
}
@Test
public void shouldThrowExceptionWhenUserIsDisabled() throws Exception {
when(user.isEnabled()).thenReturn(false);
try {
// act
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertEquals("User null is not enabled", e.getMessage());
}
}
@Test
public void shouldVerifyRequestCertificateAgainstUserPublicKey() throws Exception {
wsSecurityHandler.processEnvelope(envelope);
verify(requestCertificate).verify(publicKey);
}
@Test
public void shouldProcessSecurityHeader() throws Exception {
wsSecurityHandler.processEnvelope(envelope);
verify(cryptoWrapper).processSecurityHeader(envelope);
}
@Test
public void principalNameContainingASpaceShouldStillWork() throws Exception {
when(principal.getName()).thenReturn("a=b,c=d, O=" + USER_ID + ",e=f");
wsSecurityHandler.processEnvelope(envelope);
}