From 07f7c885967bd950e16cb586e2a7279d7c7c7d59 Mon Sep 17 00:00:00 2001
From: Peter Palaga <ppalaga@redhat.com>
Date: Fri, 19 Aug 2022 14:56:14 +0200
Subject: [PATCH] Test WS Security client #498

---
 integration-tests/pom.xml                     |   1 +
 .../ws-security-client/README.adoc            |  29 ++++
 integration-tests/ws-security-client/pom.xml  | 130 ++++++++++++++++++
 .../wsdl/WssCalculatorService.wsdl            |  57 ++++++++
 .../it/wss/client/CxfWssClientResource.java   |  28 ++++
 .../client/WSS4JOutInterceptorProducer.java   |  58 ++++++++
 .../src/main/resources/application.properties |   6 +
 .../cxf/it/wss/client/CxfWssClientIT.java     |   8 ++
 .../cxf/it/wss/client/CxfWssClientTest.java   |  71 ++++++++++
 .../wss/client/CxfWssClientTestResource.java  |  54 ++++++++
 10 files changed, 442 insertions(+)
 create mode 100644 integration-tests/ws-security-client/README.adoc
 create mode 100644 integration-tests/ws-security-client/pom.xml
 create mode 100644 integration-tests/ws-security-client/src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl
 create mode 100644 integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientResource.java
 create mode 100644 integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/WSS4JOutInterceptorProducer.java
 create mode 100644 integration-tests/ws-security-client/src/main/resources/application.properties
 create mode 100644 integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientIT.java
 create mode 100644 integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTest.java
 create mode 100644 integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTestResource.java

diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index dad29fee5..26db3cb4a 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -17,6 +17,7 @@
         <module>client</module>
         <module>server</module>
         <module>logging</module>
+        <module>ws-security-client</module>
     </modules>
 
     <properties>
diff --git a/integration-tests/ws-security-client/README.adoc b/integration-tests/ws-security-client/README.adoc
new file mode 100644
index 000000000..15ed2c3a2
--- /dev/null
+++ b/integration-tests/ws-security-client/README.adoc
@@ -0,0 +1,29 @@
+= Quarkus CXF client tests
+
+These are pure client tests - i.e. there are intentionally no services implemented in the test application.
+All clients access services running in containers.
+
+== Maintenenance notes
+
+=== `CalculatorService.wsdl`
+
+`src/main/cxf-codegen-resources/wsdl/CalculatorService.wsdl` is a static copy of the WSDL served by the testing container.
+It is used solely by `cxf-codegen-plugin`.
+It would be too complicated to start the container before running the plugin, so we rather keep the static copy.
+
+There is `io.quarkiverse.cxf.client.it.CxfClientTest.wsdlUpToDate()` to ensure that it is up to date.
+
+To update `CalculatorService.wsdl` manually, first start the container
+
+[shource,shell]
+----
+$ docker pull quay.io/l2x6/calculator-ws:1.0
+$ docker run -p 8080:8080 quay.io/l2x6/calculator-ws:1.0
+----
+
+And then overwrite the existing file with the new content from the container:
+
+[shource,shell]
+----
+curl http://localhost:8080/calculator-ws/CalculatorService?wsdl --output src/main/cxf-codegen-resources/wsdl/CalculatorService.wsdl
+----
diff --git a/integration-tests/ws-security-client/pom.xml b/integration-tests/ws-security-client/pom.xml
new file mode 100644
index 000000000..0fa507091
--- /dev/null
+++ b/integration-tests/ws-security-client/pom.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>io.quarkiverse.cxf</groupId>
+        <artifactId>quarkus-cxf-integration-tests</artifactId>
+        <version>1.5.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>quarkus-cxf-integration-test-ws-security-client</artifactId>
+
+    <name>Quarkus CXF Extension - Integration Test - WS Security Client</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkiverse.cxf</groupId>
+            <artifactId>quarkus-cxf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkiverse.cxf</groupId>
+            <artifactId>quarkus-cxf-rt-ws-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>testcontainers</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>junit</groupId>
+                    <artifactId>junit</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit4-mock</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>build</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.cxf</groupId>
+                <artifactId>cxf-codegen-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>wsdl2java</goal>
+                        </goals>
+                        <configuration>
+                            <wsdlOptions>
+                                <wsdlOption>
+                                    <wsdl>${basedir}/src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl</wsdl>
+                                </wsdlOption>
+                            </wsdlOptions>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>native</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+            </activation>
+            <properties>
+                <quarkus.package.type>native</quarkus.package.type>
+                <quarkus.native.report-errors-at-runtime>true</quarkus.native.report-errors-at-runtime>
+            </properties>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                                <configuration>
+                                    <systemProperties>
+                                        <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
+                                    </systemProperties>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
+</project>
\ No newline at end of file
diff --git a/integration-tests/ws-security-client/src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl b/integration-tests/ws-security-client/src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl
new file mode 100644
index 000000000..46fe5d994
--- /dev/null
+++ b/integration-tests/ws-security-client/src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl
@@ -0,0 +1,57 @@
+<?xml version="1.0" ?><wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://www.jboss.org/eap/quickstarts/wscalculator/WssCalculator" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:ns1="http://schemas.xmlsoap.org/soap/http" name="WssCalculatorService" targetNamespace="http://www.jboss.org/eap/quickstarts/wscalculator/WssCalculator">
+  <wsdl:types>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://www.jboss.org/eap/quickstarts/wscalculator/WssCalculator" elementFormDefault="unqualified" targetNamespace="http://www.jboss.org/eap/quickstarts/wscalculator/WssCalculator" version="1.0">
+
+  <xs:element name="modulo" type="tns:modulo"></xs:element>
+
+  <xs:element name="moduloResponse" type="tns:moduloResponse"></xs:element>
+
+  <xs:complexType name="modulo">
+    <xs:sequence>
+      <xs:element name="arg0" type="xs:int"></xs:element>
+      <xs:element name="arg1" type="xs:int"></xs:element>
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:complexType name="moduloResponse">
+    <xs:sequence>
+      <xs:element name="return" type="xs:int"></xs:element>
+    </xs:sequence>
+  </xs:complexType>
+
+</xs:schema>
+  </wsdl:types>
+  <wsdl:message name="moduloResponse">
+    <wsdl:part element="tns:moduloResponse" name="parameters">
+    </wsdl:part>
+  </wsdl:message>
+  <wsdl:message name="modulo">
+    <wsdl:part element="tns:modulo" name="parameters">
+    </wsdl:part>
+  </wsdl:message>
+  <wsdl:portType name="WssCalculatorService">
+    <wsdl:operation name="modulo">
+      <wsdl:input message="tns:modulo" name="modulo">
+    </wsdl:input>
+      <wsdl:output message="tns:moduloResponse" name="moduloResponse">
+    </wsdl:output>
+    </wsdl:operation>
+  </wsdl:portType>
+  <wsdl:binding name="WssCalculatorServiceSoapBinding" type="tns:WssCalculatorService">
+    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"></soap:binding>
+    <wsdl:operation name="modulo">
+      <soap:operation soapAction="" style="document"></soap:operation>
+      <wsdl:input name="modulo">
+        <soap:body use="literal"></soap:body>
+      </wsdl:input>
+      <wsdl:output name="moduloResponse">
+        <soap:body use="literal"></soap:body>
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <wsdl:service name="WssCalculatorService">
+    <wsdl:port binding="tns:WssCalculatorServiceSoapBinding" name="WssCalculator">
+      <soap:address location="http://localhost:8080/calculator-ws/WssCalculatorService"></soap:address>
+    </wsdl:port>
+  </wsdl:service>
+</wsdl:definitions>
\ No newline at end of file
diff --git a/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientResource.java b/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientResource.java
new file mode 100644
index 000000000..fd8f6b2e6
--- /dev/null
+++ b/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientResource.java
@@ -0,0 +1,28 @@
+package io.quarkiverse.cxf.it.wss.client;
+
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+
+import org.jboss.eap.quickstarts.wscalculator.wsscalculator.WssCalculatorService;
+
+import io.quarkiverse.cxf.annotation.CXFClient;
+
+@Path("/cxf/wss-client")
+public class CxfWssClientResource {
+
+    @Inject
+    @CXFClient("wss-client") // name used in application.properties
+    WssCalculatorService calculator;
+
+    @GET
+    @Path("/calculator/modulo")
+    @Produces(MediaType.TEXT_PLAIN)
+    public int modulo(@QueryParam("a") int a, @QueryParam("b") int b) {
+        return calculator.modulo(a, b);
+    }
+
+}
diff --git a/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/WSS4JOutInterceptorProducer.java b/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/WSS4JOutInterceptorProducer.java
new file mode 100644
index 000000000..0cb75c0a7
--- /dev/null
+++ b/integration-tests/ws-security-client/src/main/java/io/quarkiverse/cxf/it/wss/client/WSS4JOutInterceptorProducer.java
@@ -0,0 +1,58 @@
+package io.quarkiverse.cxf.it.wss.client;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+
+import io.quarkus.arc.Unremovable;
+
+@ApplicationScoped
+public class WSS4JOutInterceptorProducer {
+
+    /** Produced in CxfWssClientTestResource */
+    @ConfigProperty(name = "wss.username")
+    String username;
+
+    /** Produced in CxfWssClientTestResource */
+    @ConfigProperty(name = "wss.password")
+    String password;
+
+    @Produces
+    @Unremovable
+    @ApplicationScoped
+    WSS4JOutInterceptor wssInterceptor() {
+
+        final CallbackHandler passwordCallback = new CallbackHandler() {
+            @Override
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+                for (Callback callback : callbacks) {
+                    if (callback instanceof WSPasswordCallback) {
+                        ((WSPasswordCallback) callback).setPassword(password);
+                        break;
+                    }
+                }
+            }
+        };
+
+        final Map<String, Object> props = new HashMap<>();
+        props.put(ConfigurationConstants.ACTION, "UsernameToken");
+        props.put(ConfigurationConstants.PASSWORD_TYPE, "PasswordText");
+        props.put(ConfigurationConstants.USER, username);
+        props.put(ConfigurationConstants.PW_CALLBACK_REF, passwordCallback);
+        props.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+        props.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+        return new WSS4JOutInterceptor(props);
+    }
+
+}
diff --git a/integration-tests/ws-security-client/src/main/resources/application.properties b/integration-tests/ws-security-client/src/main/resources/application.properties
new file mode 100644
index 000000000..cb67955eb
--- /dev/null
+++ b/integration-tests/ws-security-client/src/main/resources/application.properties
@@ -0,0 +1,6 @@
+quarkus.cxf.client."wss-client".wsdl=${cxf.it.calculator.baseUri}/calculator-ws/WssCalculatorService?wsdl
+quarkus.cxf.client."wss-client".client-endpoint-url=${cxf.it.calculator.baseUri}/calculator-ws/WssCalculatorService
+quarkus.cxf.client."wss-client".service-interface=org.jboss.as.quickstarts.wsscalculator.WssCalculatorService
+quarkus.cxf.client."wss-client".endpoint-namespace=http://www.jboss.org/eap/quickstarts/wscalculator/WssCalculator
+quarkus.cxf.client."wss-client".endpoint-name=WssCalculator
+quarkus.cxf.client."wss-client".out-interceptors=org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
diff --git a/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientIT.java b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientIT.java
new file mode 100644
index 000000000..58e37324f
--- /dev/null
+++ b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientIT.java
@@ -0,0 +1,8 @@
+package io.quarkiverse.cxf.it.wss.client;
+
+import io.quarkus.test.junit.QuarkusIntegrationTest;
+
+@QuarkusIntegrationTest
+public class CxfWssClientIT extends CxfWssClientTest {
+
+}
diff --git a/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTest.java b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTest.java
new file mode 100644
index 000000000..4042c1e6f
--- /dev/null
+++ b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTest.java
@@ -0,0 +1,71 @@
+package io.quarkiverse.cxf.it.wss.client;
+
+import static org.hamcrest.Matchers.is;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+import org.assertj.core.api.Assertions;
+import org.eclipse.microprofile.config.ConfigProvider;
+import org.junit.jupiter.api.Test;
+
+import io.quarkus.test.common.QuarkusTestResource;
+import io.quarkus.test.junit.QuarkusTest;
+import io.restassured.RestAssured;
+
+@QuarkusTest
+@QuarkusTestResource(CxfWssClientTestResource.class)
+public class CxfWssClientTest {
+
+    /**
+     * Test whether the traffic logging is present in Quarkus log file
+     *
+     * @throws IOException
+     */
+    @Test
+    void loggingClient() throws IOException {
+
+        /* Now perform a call that should log something */
+        RestAssured.given()
+                .queryParam("a", 12)
+                .queryParam("b", 8)
+                .get("/cxf/wss-client/calculator/modulo")
+                .then()
+                .statusCode(200)
+                .body(is("4"));
+    }
+
+    /**
+     * Make sure that our static copy is the same as the WSDL served by the container
+     *
+     * @throws IOException
+     */
+    @Test
+    void wsdlUpToDate() throws IOException {
+        final String wsdlUrl = ConfigProvider.getConfig()
+                .getValue("quarkus.cxf.client.\"wss-client\".wsdl", String.class);
+
+        final String staticCopyPath = "src/main/cxf-codegen-resources/wsdl/WssCalculatorService.wsdl";
+        /* The changing Docker IP address in the WSDL should not matter */
+        final String sanitizerRegex = "<soap:address location=\"http://[^/]*/calculator-ws/WssCalculatorService\"></soap:address>";
+        final String staticCopyContent = Files
+                .readString(Paths.get(staticCopyPath), StandardCharsets.UTF_8)
+                .replaceAll(sanitizerRegex, "");
+
+        final String expected = RestAssured.given()
+                .get(wsdlUrl)
+                .then()
+                .statusCode(200)
+                .extract().body().asString();
+
+        if (!expected.replaceAll(sanitizerRegex, "").equals(staticCopyContent)) {
+            Files.writeString(Paths.get(staticCopyPath), expected, StandardCharsets.UTF_8);
+            Assertions.fail("The static WSDL copy in " + staticCopyPath
+                    + " went out of sync with the WSDL served by the container. The content was updated by the test, you just need to review and commit the changes.");
+        }
+
+    }
+
+}
diff --git a/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTestResource.java b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTestResource.java
new file mode 100644
index 000000000..001b69f95
--- /dev/null
+++ b/integration-tests/ws-security-client/src/test/java/io/quarkiverse/cxf/it/wss/client/CxfWssClientTestResource.java
@@ -0,0 +1,54 @@
+package io.quarkiverse.cxf.it.wss.client;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
+import org.testcontainers.containers.wait.strategy.Wait;
+
+import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
+
+public class CxfWssClientTestResource implements QuarkusTestResourceLifecycleManager {
+    private static final Logger log = LoggerFactory.getLogger(CxfWssClientTestResource.class);
+
+    private static final int WILDFLY_PORT = 8080;
+    private GenericContainer<?> calculatorContainer;
+
+    @Override
+    public Map<String, String> start() {
+
+        final String user = "cxf-user";
+        final String password = "secret-password";
+        try {
+            calculatorContainer = new GenericContainer<>("quay.io/l2x6/calculator-ws:1.0")
+                    .withEnv("WSS_USER", user)
+                    .withEnv("WSS_PASSWORD", password)
+                    .withLogConsumer(new Slf4jLogConsumer(log))
+                    .withExposedPorts(WILDFLY_PORT)
+                    .waitingFor(Wait.forHttp("/calculator-ws/CalculatorService?wsdl"));
+
+            calculatorContainer.start();
+
+            return Map.of(
+                    "cxf.it.calculator.baseUri",
+                    "http://" + calculatorContainer.getHost() + ":" + calculatorContainer.getMappedPort(WILDFLY_PORT),
+                    "wss.username", user,
+                    "wss.password", password);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    public void stop() {
+        try {
+            if (calculatorContainer != null) {
+                calculatorContainer.stop();
+            }
+        } catch (Exception e) {
+            // ignored
+        }
+    }
+}