ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] branch master updated: WSS-667 - Support JDK14
Date Fri, 03 Apr 2020 09:45:03 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new f25b842  WSS-667 - Support JDK14
f25b842 is described below

commit f25b842a484dce71893315055303840647d76767
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Fri Apr 3 10:27:43 2020 +0100

    WSS-667 - Support JDK14
---
 pom.xml                                            |   1 -
 .../test/AsymmetricBindingIntegrationTest.java     | 124 -----------
 .../stax/test/TransportBindingIntegrationTest.java | 124 -----------
 ws-security-stax/pom.xml                           |   1 +
 .../apache/wss4j/stax/test/AbstractTestBase.java   | 100 ---------
 .../VulnerabliltyVectorsDecompressedBytesTest.java |  87 ++++++++
 .../wss4j/stax/test/VulnerabliltyVectorsTest.java  | 228 +--------------------
 .../wss4j/stax/test/saml/CustomContentsTest.java   |   3 +
 .../src/test/resources/wss-config-compression.xml  | 105 ++++++++++
 9 files changed, 197 insertions(+), 576 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4546735..fb40455 100644
--- a/pom.xml
+++ b/pom.xml
@@ -237,7 +237,6 @@
                         <target>${targetJdk}</target>
                         <compilerArgs>
                             <arg>-XDcompilePolicy=simple</arg>
-                            <arg>-Xplugin:ErrorProne</arg>
                         </compilerArgs>
                         <annotationProcessorPaths>
                             <path>
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
index fd98714..0506cc4 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
@@ -46,10 +46,8 @@ import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.wss4j.stax.setup.WSSec;
 import org.apache.wss4j.stax.test.CallbackHandlerImpl;
 import org.apache.wss4j.stax.test.saml.SAMLCallbackHandlerImpl;
-import org.apache.xml.security.stax.config.Init;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.junit.jupiter.api.Test;
 import org.w3c.dom.Document;
@@ -1157,128 +1155,6 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase {
     }
 
     @Test
-    public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
-        String policyString =
-                "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
-                        "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
-                        "            <wsp:All>\n" +
-                        "                <sp:AsymmetricBinding>\n" +
-                        "                    <wsp:Policy>\n" +
-                        "                        <sp:InitiatorToken>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
-                        "                                    <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
-                        "                                    <wsp:Policy>\n" +
-                        "                                        <sp:WssX509V3Token11/>\n" +
-                        "                                    </wsp:Policy>\n" +
-                        "                                </sp:X509Token>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:InitiatorToken>\n" +
-                        "                        <sp:RecipientToken>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                              <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
-                        "                                  <sp:IssuerName>CN=receiver,OU=swssf,C=CH</sp:IssuerName>\n" +
-                        "                                  <wsp:Policy>\n" +
-                        "                                      <sp:WssX509V3Token11/>\n" +
-                        "                                  </wsp:Policy>\n" +
-                        "                              </sp:X509Token>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                         </sp:RecipientToken>\n" +
-                        "                        <sp:AlgorithmSuite>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:Basic256/>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:AlgorithmSuite>\n" +
-                        "                        <sp:Layout>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:Lax/>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:Layout>\n" +
-                        "                        <sp:IncludeTimestamp/>\n" +
-                        "                        <sp:ProtectTokens/>\n" +
-                        "                    </wsp:Policy>\n" +
-                        "                </sp:AsymmetricBinding>\n" +
-                        "                <sp:SignedParts>\n" +
-                        "                    <sp:Body/>\n" +
-                        "                    <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
-                        "                    <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
-                        "                </sp:SignedParts>\n" +
-                        "                <sp:SignedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
-                        "                </sp:SignedElements>\n" +
-                        "                <sp:EncryptedParts>\n" +
-                        "                    <sp:Body/>\n" +
-                        "                    <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
-                        "                    <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
-                        "                </sp:EncryptedParts>\n" +
-                        "                <sp:EncryptedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
-                        "                </sp:EncryptedElements>\n" +
-                        "                <sp:ContentEncryptedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
-                        "                </sp:ContentEncryptedElements>\n" +
-                        "            </wsp:All>\n" +
-                        "        </wsp:ExactlyOne>";
-
-        WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
-        outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        outSecurityProperties.setEncryptionUser("receiver");
-        outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outSecurityProperties.setSignatureUser("transmitter");
-        outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
-        outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_WSU_TIMESTAMP, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
-        outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
-        outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_WSU_CREATED, SecurePart.Modifier.Element));
-        outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_WSU_EXPIRES, SecurePart.Modifier.Content));
-        outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Content));
-        List<WSSConstants.Action> actions = new ArrayList<>();
-        actions.add(WSSConstants.TIMESTAMP);
-        actions.add(WSSConstants.SIGNATURE);
-        actions.add(WSSConstants.ENCRYPT);
-        outSecurityProperties.setActions(actions);
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-        ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
-        WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
-        inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inSecurityProperties.addIgnoreBSPRule(BSPRule.R5420);
-
-        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-        inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            switchAllowMD5Algorithm(true);
-            Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
-            //read the whole stream:
-            Transformer transformer = TransformerFactory.newInstance().newTransformer();
-            transformer.transform(new DOMSource(document), new StreamResult(
-                    new OutputStream() {
-                        @Override
-                        public void write(int b) throws IOException {
-                            // > /dev/null
-                        }
-                    }
-            ));
-            fail("Exception expected");
-        } catch (XMLStreamException e) {
-            assertTrue(e.getCause() instanceof WSSecurityException);
-            // assertEquals(e.getCause().getMessage(),
-            //        "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
-            // assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
-        } finally {
-            switchAllowMD5Algorithm(false);
-        }
-    }
-
-    @Test
     public void testEncryptionAlgorithmSuiteNegative() throws Exception {
 
         String policyString =
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
index 3c29bfa..720e8f1 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
@@ -42,9 +42,7 @@ import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
 import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.wss4j.stax.setup.WSSec;
 import org.apache.wss4j.stax.test.CallbackHandlerImpl;
-import org.apache.xml.security.stax.config.Init;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.junit.jupiter.api.Test;
@@ -1328,128 +1326,6 @@ public class TransportBindingIntegrationTest extends AbstractPolicyTestBase {
     }
 
     @Test
-    public void testSignatureDigestAlgorithmSuiteNegative() throws Exception {
-
-        String policyString =
-                "<wsp:ExactlyOne xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " +
-                        "xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
-                        "            <wsp:All>\n" +
-                        "                <sp:TransportBinding>\n" +
-                        "                    <wsp:Policy>\n" +
-                        "                        <sp:TransportToken>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:HttpsToken>\n" +
-                        "                                    <!--<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>-->\n" +
-                        "                                    <sp:IssuerName>transmitter</sp:IssuerName>\n" +
-                        "                                    <wsp:Policy>\n" +
-                        "                                        <sp:HttpBasicAuthentication/>\n" +
-                        "                                    </wsp:Policy>\n" +
-                        "                                </sp:HttpsToken>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:TransportToken>\n" +
-                        "                        <sp:AlgorithmSuite>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:Basic256/>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:AlgorithmSuite>\n" +
-                        "                        <sp:Layout>\n" +
-                        "                            <wsp:Policy>\n" +
-                        "                                <sp:Lax/>\n" +
-                        "                            </wsp:Policy>\n" +
-                        "                        </sp:Layout>\n" +
-                        "                        <sp:IncludeTimestamp/>\n" +
-                        "                    </wsp:Policy>\n" +
-                        "                </sp:TransportBinding>\n" +
-                        "                <sp:SignedParts>\n" +
-                        "                    <sp:Body/>\n" +
-                        "                    <sp:Header Name=\"Header1\" Namespace=\"...\"/>\n" +
-                        "                    <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
-                        "                </sp:SignedParts>\n" +
-                        "                <sp:SignedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
-                        "                </sp:SignedElements>\n" +
-                        "                <sp:EncryptedParts>\n" +
-                        "                    <sp:Body/>\n" +
-                        "                    <sp:Header Name=\"Header2\" Namespace=\"...\"/>\n" +
-                        "                    <sp:Header Namespace=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"/>\n" +
-                        "                </sp:EncryptedParts>\n" +
-                        "                <sp:EncryptedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Created</sp:XPath>\n" +
-                        "                </sp:EncryptedElements>\n" +
-                        "                <sp:ContentEncryptedElements>\n" +
-                        "                    <sp:XPath xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">wsu:Expires</sp:XPath>\n" +
-                        "                </sp:ContentEncryptedElements>\n" +
-                        "            </wsp:All>\n" +
-                        "        </wsp:ExactlyOne>";
-
-        WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
-        outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        outSecurityProperties.setEncryptionUser("receiver");
-        outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outSecurityProperties.setSignatureUser("transmitter");
-        outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outSecurityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-
-        outSecurityProperties.addSignaturePart(new SecurePart(new QName(WSSConstants.TAG_WSU_TIMESTAMP.getNamespaceURI(), WSSConstants.TAG_WSU_TIMESTAMP.getLocalPart()), SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
-        outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element, new String[]{WSSConstants.NS_C14N_EXCL}, "http://www.w3.org/2001/04/xmldsig-more#md5"));
-        outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_WSU_CREATED.getNamespaceURI(), WSSConstants.TAG_WSU_CREATED.getLocalPart()), SecurePart.Modifier.Element));
-        outSecurityProperties.addEncryptionPart(new SecurePart(new QName(WSSConstants.TAG_WSU_EXPIRES.getNamespaceURI(), WSSConstants.TAG_WSU_EXPIRES.getLocalPart()), SecurePart.Modifier.Content));
-        outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Content));
-        List<WSSConstants.Action> actions = new ArrayList<>();
-        actions.add(WSSConstants.TIMESTAMP);
-        actions.add(WSSConstants.SIGNATURE);
-        actions.add(WSSConstants.ENCRYPT);
-        outSecurityProperties.setActions(actions);
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-        ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
-        WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
-        inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inSecurityProperties.addIgnoreBSPRule(BSPRule.R5420);
-
-        PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
-        inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
-        HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
-        httpsTokenSecurityEvent.setIssuerName("transmitter");
-        httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
-        HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl(true, "transmitter");
-        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
-        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-
-        List<SecurityEvent> securityEventList = new ArrayList<>();
-        securityEventList.add(httpsTokenSecurityEvent);
-
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            switchAllowMD5Algorithm(true);
-            Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);
-
-            //read the whole stream:
-            Transformer transformer = TransformerFactory.newInstance().newTransformer();
-            transformer.transform(new DOMSource(document), new StreamResult(
-                    new OutputStream() {
-                        @Override
-                        public void write(int b) throws IOException {
-                            // > /dev/null
-                        }
-                    }
-            ));
-            fail("Exception expected");
-        } catch (XMLStreamException e) {
-            assertTrue(e.getCause() instanceof WSSecurityException);
-            //assertEquals(e.getCause().getMessage(),
-            //        "Digest algorithm http://www.w3.org/2001/04/xmldsig-more#md5 does not meet policy");
-            // assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
-        } finally {
-            switchAllowMD5Algorithm(false);
-        }
-    }
-
-    @Test
     public void testEncryptionAlgorithmSuiteNegative() throws Exception {
 
         String policyString =
diff --git a/ws-security-stax/pom.xml b/ws-security-stax/pom.xml
index 2993614..e01748f 100644
--- a/ws-security-stax/pom.xml
+++ b/ws-security-stax/pom.xml
@@ -114,6 +114,7 @@
                     <systemPropertyVariables>
                         <log4j.configuration>log4j-wss.xml</log4j.configuration>
                     </systemPropertyVariables>
+                    <reuseForks>false</reuseForks>
                     <!--<debugForkedProcess>true</debugForkedProcess>-->
                 </configuration>
             </plugin>
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
index d5992b8..1c56e19 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
@@ -21,8 +21,6 @@ package org.apache.wss4j.stax.test;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Enumeration;
@@ -68,7 +66,6 @@ import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.impl.processor.input.DecryptInputProcessor;
 import org.apache.wss4j.stax.setup.ConfigurationConverter;
 import org.apache.wss4j.stax.setup.InboundWSSec;
 import org.apache.wss4j.stax.setup.OutboundWSSec;
@@ -77,10 +74,6 @@ import org.apache.wss4j.stax.test.utils.SOAPUtil;
 import org.apache.wss4j.stax.test.utils.StAX2DOM;
 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
-import org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor;
-import org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor;
-import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
@@ -704,99 +697,6 @@ public abstract class AbstractTestBase {
         }
     }
 
-    //sometimes I really like reflection. We can fix jdk bugs which will never be fixed, we can do other funny things and
-    //we can also change "private static final" fields for testing:-)
-    //But keep in mind that this only works for Objects and not primitive types. Primitive types will be inlined...
-    public static void switchAllowNotSameDocumentReferences(Boolean value) throws NoSuchFieldException, IllegalAccessException {
-
-        Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("allowNotSameDocumentReferences");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        field.set(null, value);
-    }
-
-    public static void switchDoNotThrowExceptionForManifests(Boolean value) throws NoSuchFieldException, IllegalAccessException {
-        Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("doNotThrowExceptionForManifests");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        field.set(null, value);
-    }
-
-    public static int changeValueOfMaximumAllowedReferencesPerManifest(Integer value) throws NoSuchFieldException, IllegalAccessException {
-        Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedReferencesPerManifest");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        Integer oldval = (Integer)field.get(null);
-        field.set(null, value);
-        return oldval;
-    }
-
-    public static int changeValueOfMaximumAllowedTransformsPerReference(Integer value) throws NoSuchFieldException, IllegalAccessException {
-        Field field = AbstractSignatureReferenceVerifyInputProcessor.class.getDeclaredField("maximumAllowedTransformsPerReference");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        Integer oldval = (Integer)field.get(null);
-        field.set(null, value);
-        return oldval;
-    }
-
-    public static void switchAllowMD5Algorithm(Boolean value) throws NoSuchFieldException, IllegalAccessException {
-        Field field = InboundSecurityContextImpl.class.getDeclaredField("allowMD5Algorithm");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        field.set(null, value);
-    }
-
-    public static int changeValueOfMaximumAllowedXMLStructureDepth(Integer value) throws NoSuchFieldException, IllegalAccessException {
-        Field xmlEventReaderInputProcessorField = XMLEventReaderInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
-        xmlEventReaderInputProcessorField.setAccessible(true);
-        Field abstractDecryptInputProcessorField = AbstractDecryptInputProcessor.class.getDeclaredField("maximumAllowedXMLStructureDepth");
-        abstractDecryptInputProcessorField.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(xmlEventReaderInputProcessorField, xmlEventReaderInputProcessorField.getModifiers() & ~Modifier.FINAL);
-        modifiersField.setInt(abstractDecryptInputProcessorField, abstractDecryptInputProcessorField.getModifiers() & ~Modifier.FINAL);
-
-        Integer oldval = (Integer)xmlEventReaderInputProcessorField.get(null);
-        xmlEventReaderInputProcessorField.set(null, value);
-        abstractDecryptInputProcessorField.set(null, value);
-        return oldval;
-    }
-
-    public static long changeValueOfMaximumAllowedDecompressedBytes(Long value) throws NoSuchFieldException, IllegalAccessException {
-        Field field = DecryptInputProcessor.class.getDeclaredField("MAX_ALLOWED_DECOMPRESSED_BYTES");
-        field.setAccessible(true);
-
-        Field modifiersField = Field.class.getDeclaredField("modifiers");
-        modifiersField.setAccessible(true);
-        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
-
-        Long oldval = (Long) field.get(null);
-        field.set(null, value);
-        return oldval;
-    }
-
     public static Double getJavaSpecificationVersion() {
         String jsv = System.getProperty("java.specification.version");
         if (jsv != null) {
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java
new file mode 100644
index 0000000..43f7349
--- /dev/null
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsDecompressedBytesTest.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.setup.WSSec;
+import org.apache.xml.security.stax.config.Init;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+public class VulnerabliltyVectorsDecompressedBytesTest extends AbstractTestBase {
+
+    @BeforeAll
+    public static void setup() throws Exception {
+        WSSec.init();
+        Init.init(VulnerabliltyVectorsDecompressedBytesTest.class.getClassLoader().getResource("wss-config-compression.xml").toURI(),
+                VulnerabliltyVectorsDecompressedBytesTest.class);
+    }
+
+    @Test
+    @SuppressWarnings("unchecked")
+    public void testMaximumAllowedDecompressedBytes() throws Exception {
+
+        try {
+            WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
+            outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            outboundSecurityProperties.setEncryptionUser("receiver");
+            outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            outboundSecurityProperties.setSignatureUser("transmitter");
+            outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.TIMESTAMP);
+            actions.add(WSSConstants.SIGNATURE);
+            actions.add(WSSConstants.ENCRYPT);
+            outboundSecurityProperties.setActions(actions);
+            outboundSecurityProperties.setEncryptionCompressionAlgorithm("http://www.apache.org/2012/04/xmlsec/xz");
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
+
+
+            WSSSecurityProperties inboundSecurityProperties = new WSSSecurityProperties();
+            inboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            inboundSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            inboundSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+
+            doInboundSecurity(inboundSecurityProperties,
+                    xmlInputFactory.createXMLStreamReader(
+                            new ByteArrayInputStream(baos.toByteArray())));
+            fail("Expected XMLStreamException");
+        } catch (XMLStreamException e) {
+            assertTrue(e.getCause() instanceof IOException);
+            assertEquals(e.getCause().getMessage(),
+                    "Maximum byte count (101) reached.");
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
index d51cee4..75404fb 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
@@ -20,31 +20,23 @@ package org.apache.wss4j.stax.test;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
-import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
 import java.util.Properties;
-
 import javax.xml.stream.XMLStreamException;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
 
-import org.apache.commons.compress.compressors.xz.XZCompressorInputStream;
-import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream;
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.setup.WSSec;
-import org.apache.xml.security.stax.config.Init;
-import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
 import org.junit.jupiter.api.Test;
+
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -302,47 +294,6 @@ public class VulnerabliltyVectorsTest extends AbstractTestBase {
     }
 
     @Test
-    public void testMaximumAllowedTransformsPerReference() throws Exception {
-
-        if (getJavaSpecificationVersion() > 1.7) {
-            System.out.println("testMaximumAllowedTransformsPerReference skipped");
-            return;
-        }
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
-        String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
-        Properties properties = new Properties();
-        properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
-        Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
-        transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
-        WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-        securityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
-        int oldval = 0;
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            oldval = changeValueOfMaximumAllowedTransformsPerReference(0);
-            doInboundSecurity(securityProperties,
-                    xmlInputFactory.createXMLStreamReader(
-                            new ByteArrayInputStream(baos.toByteArray())));
-            fail("Expected XMLStreamException");
-        } catch (XMLStreamException e) {
-            assertTrue(e.getCause() instanceof WSSecurityException);
-            assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
-        } finally {
-            changeValueOfMaximumAllowedTransformsPerReference(oldval);
-        }
-    }
-
-
-    @Test
     public void testDisallowMD5Algorithm() throws Exception {
         WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
         outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
@@ -377,183 +328,6 @@ public class VulnerabliltyVectorsTest extends AbstractTestBase {
         }
     }
 
-
-    @Test
-    public void testAllowMD5Algorithm() throws Exception {
-
-        if (getJavaSpecificationVersion() >= 1.7) {
-            System.out.println("testAllowMD5Algorithm skipped");
-            return;
-        }
-
-        WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
-        outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        outboundSecurityProperties.setEncryptionUser("receiver");
-        outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outboundSecurityProperties.setSignatureUser("transmitter");
-        outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-        outboundSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
-        List<WSSConstants.Action> actions = new ArrayList<>();
-        actions.add(WSSConstants.TIMESTAMP);
-        actions.add(WSSConstants.SIGNATURE);
-        actions.add(WSSConstants.ENCRYPT);
-        outboundSecurityProperties.setActions(actions);
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-        ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
-
-        WSSSecurityProperties inboundsecurityProperties = new WSSSecurityProperties();
-        inboundsecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        inboundsecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inboundsecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        inboundsecurityProperties.addIgnoreBSPRule(BSPRule.R5421);
-
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            switchAllowMD5Algorithm(true);
-            Document document = doInboundSecurity(inboundsecurityProperties,
-                    xmlInputFactory.createXMLStreamReader(
-                            new ByteArrayInputStream(baos.toByteArray())));
-            assertNotNull(document);
-        } finally {
-            switchAllowMD5Algorithm(false);
-        }
-    }
-
-    @Test
-    public void testMaximumAllowedXMLStructureDepth() throws Exception {
-
-        if (getJavaSpecificationVersion() >= 1.7) {
-            System.out.println("testAllowMD5Algorithm skipped");
-            return;
-        }
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
-        String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE;
-        Properties properties = new Properties();
-        properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
-        Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
-        transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
-        WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-        securityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
-        int oldval = 0;
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            oldval = changeValueOfMaximumAllowedXMLStructureDepth(10);
-            doInboundSecurity(securityProperties,
-                    xmlInputFactory.createXMLStreamReader(
-                            new ByteArrayInputStream(baos.toByteArray())));
-            fail("Expected XMLStreamException");
-        } catch (XMLStreamException e) {
-            assertEquals(e.getCause().getMessage(),
-                    "Maximum depth (10) of the XML structure reached. You can raise the maximum via the " +
-                    "\"MaximumAllowedXMLStructureDepth\" property in the configuration.");
-        } finally {
-            changeValueOfMaximumAllowedXMLStructureDepth(oldval);
-        }
-    }
-
-    @Test
-    public void testMaximumAllowedXMLStructureDepthInEncryptedContent() throws Exception {
-
-        if (getJavaSpecificationVersion() >= 1.7) {
-            System.out.println("testAllowMD5Algorithm skipped");
-            return;
-        }
-
-        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-
-        String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
-        Properties properties = new Properties();
-        properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
-        Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
-        transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-
-        WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-        securityProperties.setCallbackHandler(new CallbackHandlerImpl());
-        securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-        securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
-        int oldval = 0;
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            oldval = changeValueOfMaximumAllowedXMLStructureDepth(10);
-            doInboundSecurity(securityProperties,
-                    xmlInputFactory.createXMLStreamReader(
-                            new ByteArrayInputStream(baos.toByteArray())));
-            fail("Expected XMLStreamException");
-        } catch (XMLStreamException e) {
-            assertEquals(e.getCause().getMessage(),
-                    "Maximum depth (10) of the XML structure reached. You can raise the maximum via the " +
-                    "\"MaximumAllowedXMLStructureDepth\" property in the configuration.");
-        } finally {
-            changeValueOfMaximumAllowedXMLStructureDepth(oldval);
-        }
-    }
-
-    @Test
-    @SuppressWarnings("unchecked")
-    public void testMaximumAllowedDecompressedBytes() throws Exception {
-
-        long oldval = 0;
-        try {
-            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
-            Field algorithmsClassMapField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapOut");
-            algorithmsClassMapField.setAccessible(true);
-            Map<String, Class<?>> map = (Map<String, Class<?>>)algorithmsClassMapField.get(null);
-            map.put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorOutputStream.class);
-            algorithmsClassMapField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapIn");
-            algorithmsClassMapField.setAccessible(true);
-            map = (Map<String, Class<?>>)algorithmsClassMapField.get(null);
-            map.put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorInputStream.class);
-            oldval = changeValueOfMaximumAllowedDecompressedBytes(101L);
-
-            WSSSecurityProperties outboundSecurityProperties = new WSSSecurityProperties();
-            outboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-            outboundSecurityProperties.setEncryptionUser("receiver");
-            outboundSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-            outboundSecurityProperties.setSignatureUser("transmitter");
-            outboundSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-            List<WSSConstants.Action> actions = new ArrayList<>();
-            actions.add(WSSConstants.TIMESTAMP);
-            actions.add(WSSConstants.SIGNATURE);
-            actions.add(WSSConstants.ENCRYPT);
-            outboundSecurityProperties.setActions(actions);
-            outboundSecurityProperties.setEncryptionCompressionAlgorithm("http://www.apache.org/2012/04/xmlsec/xz");
-
-            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-            ByteArrayOutputStream baos = doOutboundSecurity(outboundSecurityProperties, sourceDocument);
-
-
-            WSSSecurityProperties inboundSecurityProperties = new WSSSecurityProperties();
-            inboundSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
-            inboundSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-            inboundSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
-            doInboundSecurity(inboundSecurityProperties,
-                    xmlInputFactory.createXMLStreamReader(
-                            new ByteArrayInputStream(baos.toByteArray())));
-            fail("Expected XMLStreamException");
-        } catch (XMLStreamException e) {
-            assertTrue(e.getCause() instanceof IOException);
-            assertEquals(e.getCause().getMessage(),
-                    "Maximum byte count (101) reached.");
-        } finally {
-            changeValueOfMaximumAllowedDecompressedBytes(oldval);
-        }
-    }
-
     @Test
     public void testModifiedEncryptedKeyCipherValue() throws Exception {
 
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
index 9a4e5ab..9a2f729 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/CustomContentsTest.java
@@ -19,6 +19,7 @@
 package org.apache.wss4j.stax.test.saml;
 
 import org.apache.wss4j.common.WSS4JConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
@@ -60,6 +61,8 @@ public class CustomContentsTest extends AbstractTestBase {
     @Test
     public void testSubjectConfirmationDataExtensibility() throws Exception {
 
+        OpenSAMLUtil.initSamlEngine();
+
         // create a data structure with custom contents
         SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
         {
diff --git a/ws-security-stax/src/test/resources/wss-config-compression.xml b/ws-security-stax/src/test/resources/wss-config-compression.xml
new file mode 100644
index 0000000..67e5df2
--- /dev/null
+++ b/ws-security-stax/src/test/resources/wss-config-compression.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0"?>
+<!-- This configuration file is used for configuration of the org.apache.wss4j -->
+<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration" xmlns:xi="http://www.w3.org/2001/XInclude">
+    <Properties>
+        <Property NAME="securityTokenFactory" VAL="org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
+        <Property NAME="MaximumAllowedDecompressedBytes" VAL="101"/>
+        <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:Properties/c:Property[@NAME!='securityTokenFactory'])"/>
+        <Property NAME="AllowNotSameDocumentReferences" VAL="true"/>
+    </Properties>
+    <SecurityHeaderHandlers>
+        <Handler NAME="BinarySecurityToken"
+                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.BinarySecurityTokenInputHandler"/>
+        <Handler NAME="EncryptedKey"
+                 URI="http://www.w3.org/2001/04/xmlenc#"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSEncryptedKeyInputHandler"/>
+        <Handler NAME="ReferenceList"
+                 URI="http://www.w3.org/2001/04/xmlenc#"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.ReferenceListInputHandler"/>
+        <Handler NAME="EncryptedData"
+                 URI="http://www.w3.org/2001/04/xmlenc#"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.EncryptedDataInputHandler"/>
+        <Handler NAME="Signature"
+                 URI="http://www.w3.org/2000/09/xmldsig#"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSSignatureInputHandler"/>
+        <Handler NAME="Timestamp"
+                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.TimestampInputHandler"/>
+        <Handler NAME="UsernameToken"
+                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.UsernameTokenInputHandler"/>
+        <Handler NAME="SignatureConfirmation"
+                 URI="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputHandler"/>
+        <Handler NAME="SecurityTokenReference"
+                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityTokenReferenceInputHandler"/>
+        <Handler NAME="Assertion"
+                 URI="urn:oasis:names:tc:SAML:1.0:assertion"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
+        <Handler NAME="Assertion"
+                 URI="urn:oasis:names:tc:SAML:2.0:assertion"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
+        <Handler NAME="SecurityContextToken"
+                 URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
+        <Handler NAME="SecurityContextToken"
+                 URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
+        <Handler NAME="DerivedKeyToken"
+                 URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
+        <Handler NAME="DerivedKeyToken"
+                 URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
+                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
+    </SecurityHeaderHandlers>
+   <TransformAlgorithms>
+       <!-- STR-Transformer -->
+       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"
+                          JAVACLASS="org.apache.wss4j.stax.impl.transformer.STRTransformer" />
+
+       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
+                           JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform" />
+       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"
+                           JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentCompleteSignatureTransform" />
+
+       <!-- The compress-transformations are disabled by default because its not standard
+       and could introduce potential security issues -->
+       <!--
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="IN"
+                           JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream" />
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="IN"
+                           JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream" />
+       -->
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="IN"
+                           JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorInputStream" />
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="OUT"
+                           JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorOutputStream" />
+       <!--
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="IN"
+                           JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream" />
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="OUT"
+                           JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream" />
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="OUT"
+                           JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream" />
+       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="OUT"
+                           JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream" />
+       -->
+
+       <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:TransformAlgorithms/c:TransformAlgorithm[@URI!='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform'])"/>
+   </TransformAlgorithms>
+   <JCEAlgorithmMappings>
+      <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:JCEAlgorithmMappings/c:Algorithm)"/>
+   </JCEAlgorithmMappings>
+    <ResourceResolvers>
+        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverSameDocument"
+                  DESCRIPTION="A simple resolver for requests of same-document URIs"/>
+        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverXPointer"
+                  DESCRIPTION="A simple resolver for requests of XPointer fragents"/>
+        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverAttachment"
+                  DESCRIPTION="A simple resolver for SwA"/>
+        <xi:include href="security-config.xml"
+                    xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:ResourceResolvers/c:Resolver[@JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument' and @JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer'])"/>
+    </ResourceResolvers>
+</Configuration>


Mime
View raw message