Added additional Nonce tests for XWSS

Addes addirtional Nonce + Created tests for XWSS.

Issue: SWS-841

Author: Arjen Poutsma

security/src/main/java/org/springframework/ws/soap/security/xwss/XwsSecurityInterceptor.java

@@ -18,6 +18,8 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Hashtable;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -170,7 +172,25 @@ protected void validateMessage(SoapMessage soapMessage, MessageContext messageCo
         }
     }
 
-    @Override
+	private SOAPMessage verifyInboundMessage(ProcessingContext context)
+			throws XWSSecurityException {
+		try {
+			return processor.verifyInboundMessage(context);
+		}
+		catch (XWSSecurityException ex) {
+			Throwable cause = ex.getCause();
+			if (cause instanceof NullPointerException) {
+				StackTraceElement[] stackTrace = cause.getStackTrace();
+				if (stackTrace.length >= 1 &&
+						Hashtable.class.getName().equals(stackTrace[0].getClassName())) {
+					return verifyInboundMessage(context);
+				}
+			}
+			throw ex;
+		}
+	}
+
+	@Override
     protected void cleanUp() {
         if (callbackHandler != null) {
             try {

security/src/test/java/org/springframework/ws/soap/security/xwss/AbstractXwssMessageInterceptorTestCase.java

@@ -53,6 +53,7 @@ public final void setUp() throws Exception {
         namespaces = new HashMap<String, String>(4);
         namespaces.put("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");
         namespaces.put("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
+        namespaces.put("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
         namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#");
         namespaces.put("xenc", "http://www.w3.org/2001/04/xmlenc#");
         onSetup();

security/src/test/java/org/springframework/ws/soap/security/xwss/XwssMessageInterceptorUsernameTokenTest.java

@@ -61,9 +61,16 @@ else if (callback instanceof PasswordCallback) {
         SOAPMessage result = message.getSaajMessage();
         assertNotNull("No result returned", result);
         assertXpathEvaluatesTo("Invalid Username", "Bert",
-                "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Username/text()", result);
+		        "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Username/text()",
+		        result);
         assertXpathExists("Password does not exist",
-                "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Password[@Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest']",
+		        "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Password[@Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest']",
+		        result);
+        assertXpathExists("Nonce does not exist",
+		        "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Nonce",
+		        result);
+        assertXpathExists("Created does not exist",
+                "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsu:Created",
                 result);
     }
 
@@ -100,6 +107,47 @@ else if (callback instanceof PasswordCallback) {
     }
 
     @Test
+    public void testAddUsernameTokenPlainTextNonce() throws Exception {
+	    interceptor.setPolicyConfiguration(
+			    new ClassPathResource("usernameToken-plainText-nonce-config.xml",
+					    getClass()));
+	    CallbackHandler handler = new AbstractCallbackHandler() {
+
+		    @Override
+		    protected void handleInternal(Callback callback) {
+			    if (callback instanceof UsernameCallback) {
+				    ((UsernameCallback) callback).setUsername("Bert");
+			    }
+			    else if (callback instanceof PasswordCallback) {
+				    PasswordCallback passwordCallback = (PasswordCallback) callback;
+				    passwordCallback.setPassword("Ernie");
+			    }
+			    else {
+				    fail("Unexpected callback");
+			    }
+		    }
+	    };
+	    interceptor.setCallbackHandler(handler);
+	    interceptor.afterPropertiesSet();
+	    SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
+	    interceptor.secureMessage(message, null);
+	    SOAPMessage result = message.getSaajMessage();
+	    assertNotNull("No result returned", result);
+	    assertXpathEvaluatesTo("Invalid Username", "Bert",
+			    "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Username/text()",
+			    result);
+	    assertXpathEvaluatesTo("Invalid Password", "Ernie",
+			    "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Password[@Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText']/text()",
+			    result);
+	    assertXpathExists("Nonce does not exist",
+			    "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Nonce",
+			    result);
+	    assertXpathExists("Created does not exist",
+			    "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsu:Created",
+			    result);
+    }
+
+	@Test
     public void testValidateUsernameTokenPlainText() throws Exception {
         interceptor
                 .setPolicyConfiguration(new ClassPathResource("requireUsernameToken-plainText-config.xml", getClass()));
@@ -139,6 +187,53 @@ public boolean validate(PasswordValidationCallback.Request request) {
         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
     }
 
+    @Test
+    public void testValidateUsernameTokenPlainTextNonce() throws Exception {
+        interceptor
+                .setPolicyConfiguration(new ClassPathResource("requireUsernameToken-plainText-nonce-config.xml", getClass()));
+        CallbackHandler handler = new AbstractCallbackHandler() {
+
+            @Override
+            protected void handleInternal(Callback callback) {
+                if (callback instanceof PasswordValidationCallback) {
+                    PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
+                    validationCallback.setValidator(new PasswordValidationCallback.PasswordValidator() {
+                        public boolean validate(PasswordValidationCallback.Request request) {
+                            if (request instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
+                                PasswordValidationCallback.PlainTextPasswordRequest passwordRequest =
+                                        (PasswordValidationCallback.PlainTextPasswordRequest) request;
+                                assertEquals("Invalid username", "Bert", passwordRequest.getUsername());
+                                assertEquals("Invalid password", "Ernie", passwordRequest.getPassword());
+                                return true;
+                            }
+                            else {
+                                fail("Unexpected request");
+                                return false;
+                            }
+                        }
+                    });
+                }
+                else if (callback instanceof TimestampValidationCallback) {
+                    TimestampValidationCallback validationCallback = (TimestampValidationCallback) callback;
+                    validationCallback.setValidator(new TimestampValidationCallback.TimestampValidator() {
+                        public void validate(TimestampValidationCallback.Request request) {
+                        }
+                    });
+                }
+                else {
+                    fail("Unexpected callback");
+                }
+            }
+        };
+        interceptor.setCallbackHandler(handler);
+        interceptor.afterPropertiesSet();
+        SaajSoapMessage message = loadSaajMessage("usernameTokenPlainText-nonce-soap.xml");
+        interceptor.validateMessage(message, null);
+        SOAPMessage result = message.getSaajMessage();
+        assertNotNull("No result returned", result);
+        assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
+    }
+
     @Test
     public void testValidateUsernameTokenDigest() throws Exception {
         interceptor.setPolicyConfiguration(new ClassPathResource("requireUsernameToken-digest-config.xml", getClass()));

security/src/test/resources/org/springframework/ws/soap/security/xwss/requireUsernameToken-plainText-nonce-config.xml

@@ -0,0 +1,3 @@
+<xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
+    <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true"/>
+</xwss:SecurityConfiguration>

security/src/test/resources/org/springframework/ws/soap/security/xwss/test.xml

@@ -0,0 +1,6 @@
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+    <SOAP-ENV:Header>
+<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-13769977765581298196166"><wsse:Username>Bert</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Ernie</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rPCuuraVbaTLFVS73/xkKNB2</wsse:Nonce><wsu:Created>2013-08-20T11:22:56Z</wsu:Created></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body>
+        <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">QQQ</tru:StockSymbol>
+    </SOAP-ENV:Body>
+</SOAP-ENV:Envelope>2013-08-20 13:22:56,589 INFO [org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor] - <Loading policy configuration from from 'class path resource [org/springframework/ws/soap/security/xwss/requireUsernameToken-plainText-config.xml]'>

security/src/test/resources/org/springframework/ws/soap/security/xwss/usernameToken-plainText-nonce-config.xml

@@ -0,0 +1,3 @@
+<xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
+    <xwss:UsernameToken digestPassword="false" useNonce="true"/>
+</xwss:SecurityConfiguration>

security/src/test/resources/org/springframework/ws/soap/security/xwss/usernameTokenPlainText-nonce-soap.xml

@@ -0,0 +1,21 @@
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+    <SOAP-ENV:Header>
+        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                       SOAP-ENV:mustUnderstand="1">
+            <wsse:UsernameToken
+                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                    wsu:Id="XWSSGID-1149200055993710197275"
+                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                <wsse:Username>Bert</wsse:Username>
+                <wsse:Password
+                        Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
+                        >Ernie</wsse:Password>
+                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rPCuuraVbaTLFVS73/xkKNB2</wsse:Nonce>
+                <wsu:Created>2013-08-20T11:22:56Z</wsu:Created>
+            </wsse:UsernameToken>
+        </wsse:Security>
+    </SOAP-ENV:Header>
+    <SOAP-ENV:Body>
+        <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">QQQ</tru:StockSymbol>
+    </SOAP-ENV:Body>
+</SOAP-ENV:Envelope>