private String getUTDerivedKey() throws WSSecurityException {
List<WSHandlerResult> results =
CastUtils.cast(
(List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
String utID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.UT_NOPASSWORD) {
if (utID == null || utID.length() == 0) {
utID = wssConfig.getIdAllocator().createId("UsernameToken-", null);
}
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(utID, created, expires);
byte[] secret = (byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET);
tempTok.setSecret(secret);
tokenStore.add(tempTok);
return utID;
}
}
}
return null;
}
private String getEncryptedKey() {
List<WSHandlerResult> results =
CastUtils.cast(
(List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
String encryptedKeyID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
&& encryptedKeyID != null
&& encryptedKeyID.length() != 0) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
tempTok.setSecret((byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(
getSHA1((byte[]) wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
return encryptedKeyID;
}
}
}
return null;
}
@Test
public void shouldThrowIfHeadersDoNotContainAPrincipal() throws Exception {
when(signatureSecurityResult.get(WSSecurityEngineResult.TAG_PRINCIPAL)).thenReturn(null);
try {
wsSecurityHandler.processEnvelope(envelope);
fail("Should have thrown WSSecurityHandlerException");
} catch (WSSecurityHandlerException e) {
assertThat(e.getMessage(), containsString("unable to find principal in WS-Security headers"));
}
}
@Before
public void before() throws Exception {
wsSecurityEngineResults = new Vector<WSSecurityEngineResult>();
wsSecurityEngineResults.add(new WSSecurityEngineResult(WSConstants.TS, new Object()));
wsSecurityEngineResults.add(new WSSecurityEngineResult(WSConstants.BST, new Object()));
wsSecurityEngineResults.add(signatureSecurityResult);
when(signatureSecurityResult.get(WSSecurityEngineResult.TAG_ACTION))
.thenReturn(WSConstants.SIGN);
when(signatureSecurityResult.get(WSSecurityEngineResult.TAG_PRINCIPAL)).thenReturn(principal);
when(signatureSecurityResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE))
.thenReturn(requestCertificate);
when(principal.getName()).thenReturn("a=b,c=d,O=" + USER_ID + ",e=f");
when(cryptoWrapper.processSecurityHeader(envelope)).thenReturn(wsSecurityEngineResults);
when(cryptoWrapper.getUserCertificate(USER_ID, requestCertificate)).thenReturn(userCertificate);
when(userCertificate.getPublicKey()).thenReturn(publicKey);
when(userManagementService.getUser(USER_ID)).thenReturn(user);
when(user.isEnabled()).thenReturn(true);
}
