ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1661971 - in /webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src: main/java/org/apache/wss4j/dom/processor/ main/java/org/apache/wss4j/dom/util/ test/java/org/apache/wss4j/dom/message/
Date Tue, 24 Feb 2015 15:00:52 GMT
Author: coheigea
Date: Tue Feb 24 15:00:52 2015
New Revision: 1661971

URL: http://svn.apache.org/r1661971
Log:
Refactoring of WS-SecurityUtil


Conflicts:
	ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
Tue Feb 24 15:00:52 2015
@@ -91,7 +91,9 @@ public class EncryptedDataProcessor impl
             );
         
         if (request.isRequireSignedEncryptedDataElements()) {
-            WSSecurityUtil.verifySignedElement(elem, wsDocInfo);
+            List<WSSecurityEngineResult> signedResults = 
+                wsDocInfo.getResultsByTag(WSConstants.SIGN);
+            WSSecurityUtil.verifySignedElement(elem, signedResults);
         }
         
         SecretKey key = null;

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Tue Feb 24 15:00:52 2015
@@ -525,7 +525,9 @@ public class EncryptedKeyProcessor imple
         Element encryptedDataElement = 
             ReferenceListProcessor.findEncryptedDataElement(doc, docInfo, dataRefURI);
         if (encryptedDataElement != null && data.isRequireSignedEncryptedDataElements())
{
-            WSSecurityUtil.verifySignedElement(encryptedDataElement, docInfo);
+            List<WSSecurityEngineResult> signedResults = 
+                docInfo.getResultsByTag(WSConstants.SIGN);
+            WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
         }
         //
         // Prepare the SecretKey object to decrypt EncryptedData

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
Tue Feb 24 15:00:52 2015
@@ -149,7 +149,9 @@ public class ReferenceListProcessor impl
         Element encryptedDataElement = findEncryptedDataElement(doc, wsDocInfo, dataRefURI);
         
         if (encryptedDataElement != null && asymBinding && data.isRequireSignedEncryptedDataElements())
{
-            WSSecurityUtil.verifySignedElement(encryptedDataElement, wsDocInfo);
+            List<WSSecurityEngineResult> signedResults = 
+                wsDocInfo.getResultsByTag(WSConstants.SIGN);
+            WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
         }
         //
         // Prepare the SecretKey object to decrypt EncryptedData

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Tue Feb 24 15:00:52 2015
@@ -1064,107 +1064,6 @@ public final class WSSecurityUtil {
     }
     
     /**
-     * Check that all of the QName[] requiredParts are protected by a specified action in
the
-     * results list.
-     * @param results The List of WSSecurityEngineResults from processing
-     * @param action The action that is required (e.g. WSConstants.SIGN)
-     * @param requiredParts An array of QNames that correspond to the required elements
-     */
-    @SuppressWarnings("unchecked")
-    public static void checkAllElementsProtected(
-        List<WSSecurityEngineResult> results,
-        int action,
-        QName[] requiredParts
-    ) throws WSSecurityException {
-        
-        if (requiredParts != null) {
-            for (int i = 0; i < requiredParts.length; i++) {
-                QName requiredPart = requiredParts[i];
-                
-                boolean found = false;
-                for (Iterator<WSSecurityEngineResult> iter = results.iterator(); 
-                    iter.hasNext() && !found;) {
-                    WSSecurityEngineResult result = iter.next();
-                    int resultAction =
-                            (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
-                    if (resultAction != action) {
-                        continue;
-                    }
-                    List<WSDataRef> refList = 
-                        (List<WSDataRef>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-                    if (refList != null) {
-                        for (WSDataRef dataRef : refList) {
-                            if (dataRef.getName().equals(requiredPart)) {
-                                found = true;
-                                break;
-                            }
-                        }
-                    }
-                }
-                if (!found) {
-                    throw new WSSecurityException(
-                        WSSecurityException.ErrorCode.FAILED_CHECK,
-                        "requiredElementNotProtected",
-                        requiredPart);
-                }
-            }
-            LOG.debug("All required elements are protected");
-        }
-    }
-
-    /**
-     * Ensure that this covers all required elements (identified by
-     * their wsu:Id attributes).
-     * 
-     * @param resultItem the signature to check
-     * @param requiredIDs the list of wsu:Id values that must be covered
-     * @throws WSSecurityException if any required element is not included
-     */
-    @SuppressWarnings("unchecked")
-    public static void checkSignsAllElements(
-        WSSecurityEngineResult resultItem, 
-        String[] requiredIDs
-    ) throws WSSecurityException {
-        int resultAction =
-                (Integer) resultItem.get(WSSecurityEngineResult.TAG_ACTION);
-        if (resultAction != WSConstants.SIGN) {
-            throw new IllegalArgumentException("Not a SIGN result");
-        }
-
-        List<WSDataRef> signedElemsRefList = 
-            (List<WSDataRef>)resultItem.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-        if (signedElemsRefList == null) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
-                    "WSSecurityEngineResult does not contain any references to signed elements"
-            );
-        }
-
-        LOG.debug("Checking required elements are in the signature...");
-        for (int i = 0; i < requiredIDs.length; i++) {
-            boolean found = false;
-            for (int j = 0; j < signedElemsRefList.size(); j++) {
-                WSDataRef dataRef = signedElemsRefList.get(j);
-                String wsuId = dataRef.getWsuId();
-                if (wsuId.charAt(0) == '#') {
-                    wsuId = wsuId.substring(1);
-                }
-                if (wsuId.equals(requiredIDs[i])) {
-                    found = true;
-                }
-            }
-            if (!found) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.FAILED_CHECK,
-                    "requiredElementNotSigned",
-                    requiredIDs[i]);
-            }
-            LOG.debug("Element with ID " + requiredIDs[i] + " was correctly signed");
-        }
-        LOG.debug("All required elements are signed");
-    }
-    
-    
-    /**
      * @return  a list of child Nodes
      */
     public static List<Node>
@@ -1255,8 +1154,11 @@ public final class WSSecurityUtil {
     
     public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo)
         throws WSSecurityException {
-        List<WSSecurityEngineResult> signedResults = 
-            wsDocInfo.getResultsByTag(WSConstants.SIGN);
+        verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN));
+    }
+    
+    public static void verifySignedElement(Element elem, List<WSSecurityEngineResult>
signedResults)
+        throws WSSecurityException {
         if (signedResults != null) {
             for (WSSecurityEngineResult signedResult : signedResults) {
                 @SuppressWarnings("unchecked")

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
Tue Feb 24 15:00:52 2015
@@ -119,23 +119,6 @@ public class EncryptionPartsTest extends
         
         List<WSSecurityEngineResult> results = verify(encryptedDoc);
         
-        QName name = new QName("urn:foo.bar", "foobar");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
-        try {
-            name = new QName("urn:foo.bar", "foobar2");
-            WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
-            fail("Failure expected on a wrong protected part");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        try {
-            name = new QName("urn:foo.bar", "foobar");
-            WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
-            fail("Failure expected on a wrong action");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        
         WSSecurityEngineResult actionResult = 
             WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
         assertTrue(actionResult != null);
@@ -150,6 +133,8 @@ public class EncryptionPartsTest extends
         String xpath = wsDataRef.getXpath();
         assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath);
         assertEquals(WSConstants.AES_128, wsDataRef.getAlgorithm());
+        QName expectedQName = new QName("urn:foo.bar", "foobar");
+        assertEquals(expectedQName, wsDataRef.getName());
     }
     
     @org.junit.Test
@@ -422,39 +407,32 @@ public class EncryptionPartsTest extends
         
         QName fooName = new QName("urn:foo.bar", "foobar");
         QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{fooName});
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{bodyName});
-        WSSecurityUtil.checkAllElementsProtected(
-            results, 
-            WSConstants.ENCR, 
-            new QName[]{bodyName, fooName}
-        );
-        WSSecurityUtil.checkAllElementsProtected(
-            results, 
-            WSConstants.ENCR, 
-            new QName[]{fooName, bodyName}
-        );
-        try {
-            WSSecurityUtil.checkAllElementsProtected(
-                results, 
-                WSConstants.SIGN, 
-                new QName[]{fooName, bodyName}
-            );
-            fail("Failure expected on a wrong action");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        try {
-            QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
-            WSSecurityUtil.checkAllElementsProtected(
-                results, 
-                WSConstants.ENCR, 
-                new QName[]{fooName, bodyName, headerName}
-            );
-            fail("Failure expected on an unsatisfied requirement");
-        } catch (WSSecurityException ex) {
-            // expected
+        QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
+        
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        
+        @SuppressWarnings("unchecked")
+        final java.util.List<WSDataRef> refs =
+            (java.util.List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        assertTrue(refs != null && !refs.isEmpty());
+        
+        boolean foundFoo = false;
+        boolean foundBody = false;
+        boolean foundHeader = false;
+        for (WSDataRef ref : refs) {
+            if (fooName.equals(ref.getName())) {
+                foundFoo = true;
+            } else if (bodyName.equals(ref.getName())) {
+                foundBody = true;
+            } else if (headerName.equals(ref.getName())) {
+                foundHeader = true;
+            }
         }
+        assertTrue(foundFoo && foundBody);
+        assertFalse(foundHeader);
     }
     
     
@@ -496,8 +474,17 @@ public class EncryptionPartsTest extends
         assertTrue (!outputString.contains("testMethod"));
         List<WSSecurityEngineResult> results = verify(encryptedDoc);
         
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        @SuppressWarnings("unchecked")
+        final List<WSDataRef> refs =
+            (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        
+        WSDataRef wsDataRef = refs.get(0);
         QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{bodyName});
+        assertEquals(bodyName, wsDataRef.getName());
     }
     
     /**

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
Tue Feb 24 15:00:52 2015
@@ -19,23 +19,32 @@
 
 package org.apache.wss4j.dom.message;
 
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
-import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SOAPUtil;
-import org.apache.wss4j.dom.common.SecurityTestUtil;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.datatype.Duration;
+import javax.xml.datatype.XMLGregorianCalendar;
+
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
 import org.apache.wss4j.dom.saml.WSSecSignatureSAML;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
@@ -43,15 +52,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.datatype.Duration;
-import javax.xml.datatype.XMLGregorianCalendar;
-
 /**
  * This class tests the modification of requests.
  */
@@ -146,7 +146,7 @@ public class ModifiedRequestTest extends
      * Test that signs a SOAP body element "value". The SOAP request is then modified
      * so that the signed "value" element is put in the header, and the value of the
      * original element is changed. The wsu:Id value of the original element is also
-     * changed. Signature verification will pass, so we need to check the wsu:Id's.
+     * changed. Signature verification will pass, so we need to check the Elements.
      */
     @org.junit.Test
     public void testMovedElementChangedId() throws Exception {
@@ -179,8 +179,6 @@ public class ModifiedRequestTest extends
         org.w3c.dom.Node clonedValueNode = valueNode.cloneNode(true);
         secHeaderElement.appendChild(clonedValueNode);
         valueNode.getFirstChild().setNodeValue("250");
-        String savedId = 
-            ((org.w3c.dom.Element)valueNode).getAttributeNS(WSConstants.WSU_NS, "Id");
         ((org.w3c.dom.Element)valueNode).setAttributeNS(
              WSConstants.WSU_NS, "wsu:Id", "id-250"
         );
@@ -193,18 +191,12 @@ public class ModifiedRequestTest extends
         }
         
         //
-        // Now we check that the wsu:Id of the element we want signed corresponds to the
-        // wsu:Id that was actually signed...again, this should pass
+        // Check the signature...this should pass
         //
         List<WSSecurityEngineResult> results = verify(signedDoc);
         
-        WSSecurityEngineResult actionResult = 
-            WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
-        WSSecurityUtil.checkSignsAllElements(actionResult, new String[]{savedId});
-        
         //
-        // Finally we need to check that the wsu:Id of the element we want signed in the
-        // SOAP request is the same as the wsu:Id that was actually signed
+        // Finally we need to check that the Element that was signed is what we expect to
be signed
         //
         envelopeElement = signedDoc.getDocumentElement();
         org.w3c.dom.Node bodyNode = 
@@ -215,14 +207,14 @@ public class ModifiedRequestTest extends
             ((org.w3c.dom.Element)bodyNode).getElementsByTagNameNS(
                 "http://blah.com", "value"
             ).item(0);
-        String actualId = 
-            ((org.w3c.dom.Element)valueNode).getAttributeNS(WSConstants.WSU_NS, "Id");
+        
+        List<WSSecurityEngineResult> signedResults = 
+            WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN);
         try {
-            WSSecurityUtil.checkSignsAllElements(actionResult, new String[]{actualId});
-            fail("Failure expected on bad wsu:Id");
+            WSSecurityUtil.verifySignedElement((org.w3c.dom.Element)valueNode, signedResults);
+            fail("Failure expected on the required element not being signed");
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
-            assertEquals("Element id-250 is not included in the signature", ex.getMessage());
         }
     }
     

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java?rev=1661971&r1=1661970&r2=1661971&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
Tue Feb 24 15:00:52 2015
@@ -126,23 +126,6 @@ public class SignaturePartsTest extends
         
         List<WSSecurityEngineResult> results = verify(signedDoc);
         
-        QName name = new QName("urn:foo.bar", "foobar");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
-        try {
-            name = new QName("urn:foo.bar", "foobar2");
-            WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{name});
-            fail("Failure expected on a wrong protected part");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        try {
-            name = new QName("urn:foo.bar", "foobar");
-            WSSecurityUtil.checkAllElementsProtected(results, WSConstants.ENCR, new QName[]{name});
-            fail("Failure expected on a wrong action");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        
         WSSecurityEngineResult actionResult = 
             WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
         assertTrue(actionResult != null);
@@ -156,6 +139,8 @@ public class SignaturePartsTest extends
         assertEquals(WSConstants.RSA_SHA1, wsDataRef.getAlgorithm());
         assertNotNull(wsDataRef.getDigestValue());
         assertTrue(wsDataRef.getDigestValue().length > 0);
+        QName expectedQName = new QName("urn:foo.bar", "foobar");
+        assertEquals(expectedQName, wsDataRef.getName());
         
         assertEquals(WSConstants.SHA1, wsDataRef.getDigestAlgorithm());
         
@@ -474,39 +459,32 @@ public class SignaturePartsTest extends
         
         QName fooName = new QName("urn:foo.bar", "foobar");
         QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{fooName});
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{bodyName});
-        WSSecurityUtil.checkAllElementsProtected(
-            results, 
-            WSConstants.SIGN, 
-            new QName[]{bodyName, fooName}
-        );
-        WSSecurityUtil.checkAllElementsProtected(
-            results, 
-            WSConstants.SIGN, 
-            new QName[]{fooName, bodyName}
-        );
-        try {
-            WSSecurityUtil.checkAllElementsProtected(
-                results, 
-                WSConstants.ENCR, 
-                new QName[]{fooName, bodyName}
-            );
-            fail("Failure expected on a wrong action");
-        } catch (WSSecurityException ex) {
-            // expected
-        }
-        try {
-            QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
-            WSSecurityUtil.checkAllElementsProtected(
-                results, 
-                WSConstants.SIGN, 
-                new QName[]{fooName, bodyName, headerName}
-            );
-            fail("Failure expected on an unsatisfied requirement");
-        } catch (WSSecurityException ex) {
-            // expected
+        QName headerName = new QName(soapConstants.getEnvelopeURI(), "Header");
+        
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        
+        @SuppressWarnings("unchecked")
+        final java.util.List<WSDataRef> refs =
+            (java.util.List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        assertTrue(refs != null && !refs.isEmpty());
+        
+        boolean foundFoo = false;
+        boolean foundBody = false;
+        boolean foundHeader = false;
+        for (WSDataRef ref : refs) {
+            if (fooName.equals(ref.getName())) {
+                foundFoo = true;
+            } else if (bodyName.equals(ref.getName())) {
+                foundBody = true;
+            } else if (headerName.equals(ref.getName())) {
+                foundHeader = true;
+            }
         }
+        assertTrue(foundFoo && foundBody);
+        assertFalse(foundHeader);
     }
     
     
@@ -549,8 +527,17 @@ public class SignaturePartsTest extends
         
         List<WSSecurityEngineResult> results = verify(signedDoc);
         
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        @SuppressWarnings("unchecked")
+        final List<WSDataRef> refs =
+            (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        
+        WSDataRef wsDataRef = refs.get(0);
         QName bodyName = new QName(soapConstants.getEnvelopeURI(), "Body");
-        WSSecurityUtil.checkAllElementsProtected(results, WSConstants.SIGN, new QName[]{bodyName});
+        assertEquals(bodyName, wsDataRef.getName());
     }
     
     /**



Mime
View raw message