Examples with ResolverDirectHTTP - org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP

Example 26 with ResolverDirectHTTP

use of org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP in project santuario-java by apache.

the class SignatureCreationReferenceURIResolverTest method testSignatureCreationWithExternalHttpReference.

@Test
public void testSignatureCreationWithExternalHttpReference() throws Exception {
    Proxy proxy = HttpRequestRedirectorProxy.startHttpEngine();
    try {
        ResolverHttp.setProxy(proxy);
        ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
        resolverDirectHTTP.engineSetProperty("http.proxy.host", ((InetSocketAddress) proxy.address()).getAddress().getHostAddress());
        resolverDirectHTTP.engineSetProperty("http.proxy.port", "" + ((InetSocketAddress) proxy.address()).getPort());
        // Set up the Configuration
        XMLSecurityProperties properties = new XMLSecurityProperties();
        List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
        actions.add(XMLSecurityConstants.SIGNATURE);
        properties.setActions(actions);
        // Set the key up
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        Key key = keyStore.getKey("transmitter", "default".toCharArray());
        properties.setSignatureKey(key);
        X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
        properties.setSignatureCerts(new X509Certificate[] { cert });
        SecurePart securePart = new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element);
        properties.addSignaturePart(securePart);
        securePart = new SecurePart("http://www.w3.org/Signature/2002/04/xml-stylesheet.b64", null, XMLSecurityConstants.NS_XMLDSIG_SHA1);
        properties.addSignaturePart(securePart);
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, StandardCharsets.UTF_8.name());
        InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
        XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
        XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
        xmlStreamWriter.close();
        Document document = null;
        try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
            document = XMLUtils.createDocumentBuilder(false).parse(is);
        }
        // Verify using DOM
        verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), resolverDirectHTTP);
    } finally {
        HttpRequestRedirectorProxy.stopHttpEngine();
    }
}

Also used : XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants) XMLStreamReader(javax.xml.stream.XMLStreamReader) InetSocketAddress(java.net.InetSocketAddress) QName(javax.xml.namespace.QName) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ResolverDirectHTTP(org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecurePart(org.apache.xml.security.stax.ext.SecurePart) Proxy(java.net.Proxy) HttpRequestRedirectorProxy(org.apache.xml.security.test.stax.utils.HttpRequestRedirectorProxy) OutboundXMLSec(org.apache.xml.security.stax.ext.OutboundXMLSec) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Key(java.security.Key) Test(org.junit.Test)

Example 27 with ResolverDirectHTTP

use of org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP in project santuario-java by apache.

the class ResolverDirectHTTPTest method testProxyAuthWithWrongPassword.

@Test
@Ignore
public void testProxyAuthWithWrongPassword() throws Exception {
    Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
    Attr uri = doc.createAttribute("URI");
    uri.setNodeValue(url);
    ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
    resolverDirectHTTP.engineSetProperty("http.proxy.host", proxyHost);
    resolverDirectHTTP.engineSetProperty("http.proxy.port", proxyPort);
    resolverDirectHTTP.engineSetProperty("http.proxy.username", proxyUsername);
    resolverDirectHTTP.engineSetProperty("http.proxy.password", "wrongPassword");
    ResourceResolverContext context = new ResourceResolverContext(uri, url, true);
    try {
        resolverDirectHTTP.engineResolveURI(context);
        Assert.fail("Expected ResourceResolverException");
    } catch (ResourceResolverException e) {
        Assert.assertEquals("Server returned HTTP response code: 407 for URL: " + url, e.getMessage());
    }
}

Also used : ResolverDirectHTTP(org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP) ResourceResolverContext(org.apache.xml.security.utils.resolver.ResourceResolverContext) ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException) Document(org.w3c.dom.Document) Attr(org.w3c.dom.Attr) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 28 with ResolverDirectHTTP

use of org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP in project santuario-java by apache.

the class ResolverDirectHTTPTest method testServerAuthWithWrongPassword.

@Test
@Ignore
public void testServerAuthWithWrongPassword() throws Exception {
    Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
    Attr uri = doc.createAttribute("URI");
    uri.setNodeValue(url);
    ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
    resolverDirectHTTP.engineSetProperty("http.basic.username", serverUsername);
    resolverDirectHTTP.engineSetProperty("http.basic.password", "wrongPassword");
    ResourceResolverContext context = new ResourceResolverContext(uri, url, true);
    try {
        resolverDirectHTTP.engineResolveURI(context);
        Assert.fail("Expected ResourceResolverException");
    } catch (ResourceResolverException e) {
        Assert.assertEquals("Server returned HTTP response code: 401 for URL: " + url, e.getMessage());
    }
}

Aggregations

ResolverDirectHTTP (org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP)28 Test (org.junit.Test)28 Document (org.w3c.dom.Document)28 ByteArrayInputStream (java.io.ByteArrayInputStream)23 ByteArrayOutputStream (java.io.ByteArrayOutputStream)23 InputStream (java.io.InputStream)23 InetSocketAddress (java.net.InetSocketAddress)23 Proxy (java.net.Proxy)23 XMLStreamReader (javax.xml.stream.XMLStreamReader)23 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)23 HttpRequestRedirectorProxy (org.apache.xml.security.test.stax.utils.HttpRequestRedirectorProxy)23 DocumentBuilder (javax.xml.parsers.DocumentBuilder)22 DOMSource (javax.xml.transform.dom.DOMSource)22 StreamResult (javax.xml.transform.stream.StreamResult)22 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)22 Certificate (java.security.cert.Certificate)10 CertificateFactory (java.security.cert.CertificateFactory)10 Key (java.security.Key)6 SecretKey (javax.crypto.SecretKey)5 ResourceResolverContext (org.apache.xml.security.utils.resolver.ResourceResolverContext)5