Modified: webservices/website/wss4j/xref-test/org/apache/wss4j/dom/message/EncryptionTest.html URL: http://svn.apache.org/viewvc/webservices/website/wss4j/xref-test/org/apache/wss4j/dom/message/EncryptionTest.html?rev=1923808&r1=1923807&r2=1923808&view=diff ============================================================================== --- webservices/website/wss4j/xref-test/org/apache/wss4j/dom/message/EncryptionTest.html (original) +++ webservices/website/wss4j/xref-test/org/apache/wss4j/dom/message/EncryptionTest.html Fri Feb 14 11:39:24 2025 @@ -583,428 +583,474 @@ <a class="jxr_linenumber" name="L575" href="#L575">575</a> verify(encryptedDoc, encCrypto, keystoreCallbackHandler); <a class="jxr_linenumber" name="L576" href="#L576">576</a> } <a class="jxr_linenumber" name="L577" href="#L577">577</a> -<a class="jxr_linenumber" name="L578" href="#L578">578</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L579" href="#L579">579</a> <em class="jxr_javadoccomment"> * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a</em> -<a class="jxr_linenumber" name="L580" href="#L580">580</a> <em class="jxr_javadoccomment"> * generated session key which is then encrypted using a public key.</em> -<a class="jxr_linenumber" name="L581" href="#L581">581</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L582" href="#L582">582</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in encryption or decryption</em> -<a class="jxr_linenumber" name="L583" href="#L583">583</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L584" href="#L584">584</a> @Test -<a class="jxr_linenumber" name="L585" href="#L585">585</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionSHA1Symmetric() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L586" href="#L586">586</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L587" href="#L587">587</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L588" href="#L588">588</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L589" href="#L589">589</a> -<a class="jxr_linenumber" name="L590" href="#L590">590</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L591" href="#L591">591</a> builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); -<a class="jxr_linenumber" name="L592" href="#L592">592</a> builder.setEncryptSymmKey(false); -<a class="jxr_linenumber" name="L593" href="#L593">593</a> -<a class="jxr_linenumber" name="L594" href="#L594">594</a> LOG.info(<span class="jxr_string">"Before Encrypting EncryptedKeySHA1...."</span>); -<a class="jxr_linenumber" name="L595" href="#L595">595</a> Document encryptedDoc = builder.build(crypto, key); -<a class="jxr_linenumber" name="L596" href="#L596">596</a> -<a class="jxr_linenumber" name="L597" href="#L597">597</a> byte[] encodedBytes = KeyUtils.generateDigest(keyData); -<a class="jxr_linenumber" name="L598" href="#L598">598</a> String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes); -<a class="jxr_linenumber" name="L599" href="#L599">599</a> secretKeyCallbackHandler.addSecretKey(identifier, keyData); -<a class="jxr_linenumber" name="L600" href="#L600">600</a> -<a class="jxr_linenumber" name="L601" href="#L601">601</a> String outputString = -<a class="jxr_linenumber" name="L602" href="#L602">602</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L603" href="#L603">603</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L604" href="#L604">604</a> LOG.debug(<span class="jxr_string">"Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:"</span>); -<a class="jxr_linenumber" name="L605" href="#L605">605</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L606" href="#L606">606</a> } -<a class="jxr_linenumber" name="L607" href="#L607">607</a> assertTrue(outputString.contains(<span class="jxr_string">"#EncryptedKeySHA1"</span>)); +<a class="jxr_linenumber" name="L578" href="#L578">578</a> +<a class="jxr_linenumber" name="L579" href="#L579">579</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L580" href="#L580">580</a> <em class="jxr_javadoccomment"> * Test that encrypts a WS-Security envelope.</em> +<a class="jxr_linenumber" name="L581" href="#L581">581</a> <em class="jxr_javadoccomment"> * The test uses the X509_SKI key identifier type.</em> +<a class="jxr_linenumber" name="L582" href="#L582">582</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L583" href="#L583">583</a> @Test +<a class="jxr_linenumber" name="L584" href="#L584">584</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionX509SKI() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L585" href="#L585">585</a> Crypto encCrypto = CryptoFactory.getInstance(<span class="jxr_string">"wss-ecdh.properties"</span>); +<a class="jxr_linenumber" name="L586" href="#L586">586</a> +<a class="jxr_linenumber" name="L587" href="#L587">587</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L588" href="#L588">588</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L589" href="#L589">589</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L590" href="#L590">590</a> +<a class="jxr_linenumber" name="L591" href="#L591">591</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L592" href="#L592">592</a> builder.setUserInfo(<span class="jxr_string">"secp256r1"</span>); +<a class="jxr_linenumber" name="L593" href="#L593">593</a> builder.setKeyEncAlgo(WSConstants.KEYWRAP_AES128); +<a class="jxr_linenumber" name="L594" href="#L594">594</a> builder.setKeyAgreementMethod(WSConstants.AGREEMENT_METHOD_ECDH_ES); +<a class="jxr_linenumber" name="L595" href="#L595">595</a> builder.setKeyDerivationMethod(WSConstants.KEYDERIVATION_CONCATKDF); +<a class="jxr_linenumber" name="L596" href="#L596">596</a> builder.setDigestAlgorithm(WSS4JConstants.SHA256); +<a class="jxr_linenumber" name="L597" href="#L597">597</a> builder.setKeyIdentifierType(WSConstants.X509_SKI); +<a class="jxr_linenumber" name="L598" href="#L598">598</a> +<a class="jxr_linenumber" name="L599" href="#L599">599</a> LOG.info(<span class="jxr_string">"Before Encrypting X509SKI"</span>); +<a class="jxr_linenumber" name="L600" href="#L600">600</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM); +<a class="jxr_linenumber" name="L601" href="#L601">601</a> SecretKey symmetricKey = keyGen.generateKey(); +<a class="jxr_linenumber" name="L602" href="#L602">602</a> +<a class="jxr_linenumber" name="L603" href="#L603">603</a> Document encryptedDoc = builder.build(encCrypto, symmetricKey); +<a class="jxr_linenumber" name="L604" href="#L604">604</a> LOG.info(<span class="jxr_string">"After Encrypting X509SKI"</span>); +<a class="jxr_linenumber" name="L605" href="#L605">605</a> +<a class="jxr_linenumber" name="L606" href="#L606">606</a> String outputString = +<a class="jxr_linenumber" name="L607" href="#L607">607</a> XMLUtils.prettyDocumentToString(encryptedDoc); <a class="jxr_linenumber" name="L608" href="#L608">608</a> -<a class="jxr_linenumber" name="L609" href="#L609">609</a> LOG.info(<span class="jxr_string">"After Encrypting EncryptedKeySHA1...."</span>); -<a class="jxr_linenumber" name="L610" href="#L610">610</a> verify(encryptedDoc, <strong class="jxr_keyword">null</strong>, secretKeyCallbackHandler); -<a class="jxr_linenumber" name="L611" href="#L611">611</a> } -<a class="jxr_linenumber" name="L612" href="#L612">612</a> -<a class="jxr_linenumber" name="L613" href="#L613">613</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L614" href="#L614">614</a> <em class="jxr_javadoccomment"> * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a</em> -<a class="jxr_linenumber" name="L615" href="#L615">615</a> <em class="jxr_javadoccomment"> * generated session key which is then encrypted using a public key. The request is generated</em> -<a class="jxr_linenumber" name="L616" href="#L616">616</a> <em class="jxr_javadoccomment"> * using WSHandler, instead of coding it.</em> -<a class="jxr_linenumber" name="L617" href="#L617">617</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L618" href="#L618">618</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in encryption or decryption</em> -<a class="jxr_linenumber" name="L619" href="#L619">619</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L620" href="#L620">620</a> @Test -<a class="jxr_linenumber" name="L621" href="#L621">621</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionSHA1SymmetricBytesHandler() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L622" href="#L622">622</a> <strong class="jxr_keyword">final</strong> WSSConfig cfg = WSSConfig.getNewInstance(); -<a class="jxr_linenumber" name="L623" href="#L623">623</a> <strong class="jxr_keyword">final</strong> RequestData reqData = <strong class="jxr_keyword">new</strong> RequestData(); -<a class="jxr_linenumber" name="L624" href="#L624">624</a> reqData.setWssConfig(cfg); -<a class="jxr_linenumber" name="L625" href="#L625">625</a> java.util.Map<String, Object> messageContext = <strong class="jxr_keyword">new</strong> java.util.TreeMap<>(); -<a class="jxr_linenumber" name="L626" href="#L626">626</a> messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, <span class="jxr_string">"false"</span>); -<a class="jxr_linenumber" name="L627" href="#L627">627</a> messageContext.put(WSHandlerConstants.ENC_KEY_ID, <span class="jxr_string">"EncryptedKeySHA1"</span>); -<a class="jxr_linenumber" name="L628" href="#L628">628</a> secretKeyCallbackHandler.setOutboundSecret(keyData); -<a class="jxr_linenumber" name="L629" href="#L629">629</a> messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, secretKeyCallbackHandler); -<a class="jxr_linenumber" name="L630" href="#L630">630</a> reqData.setMsgContext(messageContext); -<a class="jxr_linenumber" name="L631" href="#L631">631</a> reqData.setUsername(<span class="jxr_string">""</span>); -<a class="jxr_linenumber" name="L632" href="#L632">632</a> -<a class="jxr_linenumber" name="L633" href="#L633">633</a> <strong class="jxr_keyword">final</strong> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L634" href="#L634">634</a> <a name="CustomHandler" href="../../../../../org/apache/wss4j/dom/common/CustomHandler.html#CustomHandler">CustomHandler</a> handler = <strong class="jxr_keyword">new</strong> <a name="CustomHandler" href="../../../../../org/apache/wss4j/dom/common/CustomHandler.html#CustomHandler">CustomHandler</a>(); -<a class="jxr_linenumber" name="L635" href="#L635">635</a> HandlerAction action = <strong class="jxr_keyword">new</strong> HandlerAction(WSConstants.ENCR); -<a class="jxr_linenumber" name="L636" href="#L636">636</a> handler.send( -<a class="jxr_linenumber" name="L637" href="#L637">637</a> doc, -<a class="jxr_linenumber" name="L638" href="#L638">638</a> reqData, -<a class="jxr_linenumber" name="L639" href="#L639">639</a> Collections.singletonList(action), -<a class="jxr_linenumber" name="L640" href="#L640">640</a> <strong class="jxr_keyword">true</strong> -<a class="jxr_linenumber" name="L641" href="#L641">641</a> ); +<a class="jxr_linenumber" name="L609" href="#L609">609</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L610" href="#L610">610</a> LOG.debug(<span class="jxr_string">"Encrypted message with X509SKI:"</span>); +<a class="jxr_linenumber" name="L611" href="#L611">611</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L612" href="#L612">612</a> } +<a class="jxr_linenumber" name="L613" href="#L613">613</a> +<a class="jxr_linenumber" name="L614" href="#L614">614</a> assertTrue(outputString.contains(<span class="jxr_string">"X509Data"</span>)); +<a class="jxr_linenumber" name="L615" href="#L615">615</a> assertTrue(outputString.contains(<span class="jxr_string">"X509SKI"</span>)); +<a class="jxr_linenumber" name="L616" href="#L616">616</a> +<a class="jxr_linenumber" name="L617" href="#L617">617</a> RequestData data = <strong class="jxr_keyword">new</strong> RequestData(); +<a class="jxr_linenumber" name="L618" href="#L618">618</a> data.setCallbackHandler(keystoreCallbackHandler); +<a class="jxr_linenumber" name="L619" href="#L619">619</a> data.setDecCrypto(encCrypto); +<a class="jxr_linenumber" name="L620" href="#L620">620</a> data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R5426)); +<a class="jxr_linenumber" name="L621" href="#L621">621</a> <strong class="jxr_keyword">new</strong> WSSecurityEngine().processSecurityHeader(encryptedDoc, data); +<a class="jxr_linenumber" name="L622" href="#L622">622</a> } +<a class="jxr_linenumber" name="L623" href="#L623">623</a> +<a class="jxr_linenumber" name="L624" href="#L624">624</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L625" href="#L625">625</a> <em class="jxr_javadoccomment"> * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a</em> +<a class="jxr_linenumber" name="L626" href="#L626">626</a> <em class="jxr_javadoccomment"> * generated session key which is then encrypted using a public key.</em> +<a class="jxr_linenumber" name="L627" href="#L627">627</a> <em class="jxr_javadoccomment"> *</em> +<a class="jxr_linenumber" name="L628" href="#L628">628</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in encryption or decryption</em> +<a class="jxr_linenumber" name="L629" href="#L629">629</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L630" href="#L630">630</a> @Test +<a class="jxr_linenumber" name="L631" href="#L631">631</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionSHA1Symmetric() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L632" href="#L632">632</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L633" href="#L633">633</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L634" href="#L634">634</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L635" href="#L635">635</a> +<a class="jxr_linenumber" name="L636" href="#L636">636</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L637" href="#L637">637</a> builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); +<a class="jxr_linenumber" name="L638" href="#L638">638</a> builder.setEncryptSymmKey(false); +<a class="jxr_linenumber" name="L639" href="#L639">639</a> +<a class="jxr_linenumber" name="L640" href="#L640">640</a> LOG.info(<span class="jxr_string">"Before Encrypting EncryptedKeySHA1...."</span>); +<a class="jxr_linenumber" name="L641" href="#L641">641</a> Document encryptedDoc = builder.build(crypto, key); <a class="jxr_linenumber" name="L642" href="#L642">642</a> -<a class="jxr_linenumber" name="L643" href="#L643">643</a> String outputString = -<a class="jxr_linenumber" name="L644" href="#L644">644</a> XMLUtils.prettyDocumentToString(doc); -<a class="jxr_linenumber" name="L645" href="#L645">645</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L646" href="#L646">646</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L647" href="#L647">647</a> } -<a class="jxr_linenumber" name="L648" href="#L648">648</a> -<a class="jxr_linenumber" name="L649" href="#L649">649</a> verify(doc, <strong class="jxr_keyword">null</strong>, secretKeyCallbackHandler); -<a class="jxr_linenumber" name="L650" href="#L650">650</a> } -<a class="jxr_linenumber" name="L651" href="#L651">651</a> -<a class="jxr_linenumber" name="L652" href="#L652">652</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L653" href="#L653">653</a> <em class="jxr_javadoccomment"> * Test that encrypt and decrypt a WS-Security envelope.</em> -<a class="jxr_linenumber" name="L654" href="#L654">654</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L655" href="#L655">655</a> <em class="jxr_javadoccomment"> * This test uses the RSA_15 algorithm to transport (wrap) the symmetric key.</em> -<a class="jxr_linenumber" name="L656" href="#L656">656</a> <em class="jxr_javadoccomment"> * The test case creates a ReferenceList element that references EncryptedData</em> -<a class="jxr_linenumber" name="L657" href="#L657">657</a> <em class="jxr_javadoccomment"> * elements. The ReferencesList element is put into the Security header, not</em> -<a class="jxr_linenumber" name="L658" href="#L658">658</a> <em class="jxr_javadoccomment"> * as child of the EncryptedKey. The EncryptedData elements contain a KeyInfo</em> -<a class="jxr_linenumber" name="L659" href="#L659">659</a> <em class="jxr_javadoccomment"> * that references the EncryptedKey via a STR/Reference structure.</em> -<a class="jxr_linenumber" name="L660" href="#L660">660</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L661" href="#L661">661</a> <em class="jxr_javadoccomment"> * Refer to OASIS WS Security spec 1.1, chap 7.7</em> -<a class="jxr_linenumber" name="L662" href="#L662">662</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L663" href="#L663">663</a> @Test -<a class="jxr_linenumber" name="L664" href="#L664">664</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionDecryptionRSA15STR() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L665" href="#L665">665</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L666" href="#L666">666</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L667" href="#L667">667</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L668" href="#L668">668</a> -<a class="jxr_linenumber" name="L669" href="#L669">669</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L670" href="#L670">670</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); -<a class="jxr_linenumber" name="L671" href="#L671">671</a> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); -<a class="jxr_linenumber" name="L672" href="#L672">672</a> builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); -<a class="jxr_linenumber" name="L673" href="#L673">673</a> LOG.info(<span class="jxr_string">"Before Encryption Triple DES...."</span>); -<a class="jxr_linenumber" name="L674" href="#L674">674</a> -<a class="jxr_linenumber" name="L675" href="#L675">675</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L676" href="#L676">676</a> <em class="jxr_comment"> * Prepare the Encrypt object with the token, setup data structure</em> -<a class="jxr_linenumber" name="L677" href="#L677">677</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L678" href="#L678">678</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES); -<a class="jxr_linenumber" name="L679" href="#L679">679</a> SecretKey symmetricKey = keyGen.generateKey(); -<a class="jxr_linenumber" name="L680" href="#L680">680</a> builder.prepare(crypto, symmetricKey); -<a class="jxr_linenumber" name="L681" href="#L681">681</a> -<a class="jxr_linenumber" name="L682" href="#L682">682</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L683" href="#L683">683</a> <em class="jxr_comment"> * Set up the parts structure to encrypt the body</em> -<a class="jxr_linenumber" name="L684" href="#L684">684</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L685" href="#L685">685</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc -<a class="jxr_linenumber" name="L686" href="#L686">686</a> .getDocumentElement()); -<a class="jxr_linenumber" name="L687" href="#L687">687</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants -<a class="jxr_linenumber" name="L688" href="#L688">688</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), -<a class="jxr_linenumber" name="L689" href="#L689">689</a> <span class="jxr_string">"Content"</span>); -<a class="jxr_linenumber" name="L690" href="#L690">690</a> builder.getParts().add(encP); -<a class="jxr_linenumber" name="L691" href="#L691">691</a> -<a class="jxr_linenumber" name="L692" href="#L692">692</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L693" href="#L693">693</a> <em class="jxr_comment"> * Encrypt the parts (Body), create EncryptedData elements that reference</em> -<a class="jxr_linenumber" name="L694" href="#L694">694</a> <em class="jxr_comment"> * the EncryptedKey, and get a ReferenceList that can be put into the</em> -<a class="jxr_linenumber" name="L695" href="#L695">695</a> <em class="jxr_comment"> * Security header. Be sure that the ReferenceList is after the</em> -<a class="jxr_linenumber" name="L696" href="#L696">696</a> <em class="jxr_comment"> * EncryptedKey element in the Security header (strict layout)</em> -<a class="jxr_linenumber" name="L697" href="#L697">697</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L698" href="#L698">698</a> Element refs = builder.encrypt(symmetricKey); -<a class="jxr_linenumber" name="L699" href="#L699">699</a> builder.addExternalRefElement(refs); -<a class="jxr_linenumber" name="L700" href="#L700">700</a> -<a class="jxr_linenumber" name="L701" href="#L701">701</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L702" href="#L702">702</a> <em class="jxr_comment"> * now add (prepend) the EncryptedKey element, then a</em> -<a class="jxr_linenumber" name="L703" href="#L703">703</a> <em class="jxr_comment"> * BinarySecurityToken if one was setup during prepare</em> -<a class="jxr_linenumber" name="L704" href="#L704">704</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L705" href="#L705">705</a> builder.prependToHeader(); -<a class="jxr_linenumber" name="L706" href="#L706">706</a> -<a class="jxr_linenumber" name="L707" href="#L707">707</a> builder.prependBSTElementToHeader(); -<a class="jxr_linenumber" name="L708" href="#L708">708</a> -<a class="jxr_linenumber" name="L709" href="#L709">709</a> Document encryptedDoc = doc; -<a class="jxr_linenumber" name="L710" href="#L710">710</a> LOG.info(<span class="jxr_string">"After Encryption Triple DES...."</span>); -<a class="jxr_linenumber" name="L711" href="#L711">711</a> -<a class="jxr_linenumber" name="L712" href="#L712">712</a> String outputString = -<a class="jxr_linenumber" name="L713" href="#L713">713</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L714" href="#L714">714</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L715" href="#L715">715</a> LOG.debug(<span class="jxr_string">"Encrypted message, RSA-15 keytransport, 3DES:"</span>); -<a class="jxr_linenumber" name="L716" href="#L716">716</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L717" href="#L717">717</a> } -<a class="jxr_linenumber" name="L718" href="#L718">718</a> assertFalse(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); -<a class="jxr_linenumber" name="L719" href="#L719">719</a> WSHandlerResult results = verify(encryptedDoc, crypto, keystoreCallbackHandler); +<a class="jxr_linenumber" name="L643" href="#L643">643</a> byte[] encodedBytes = KeyUtils.generateDigest(keyData); +<a class="jxr_linenumber" name="L644" href="#L644">644</a> String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes); +<a class="jxr_linenumber" name="L645" href="#L645">645</a> secretKeyCallbackHandler.addSecretKey(identifier, keyData); +<a class="jxr_linenumber" name="L646" href="#L646">646</a> +<a class="jxr_linenumber" name="L647" href="#L647">647</a> String outputString = +<a class="jxr_linenumber" name="L648" href="#L648">648</a> XMLUtils.prettyDocumentToString(encryptedDoc); +<a class="jxr_linenumber" name="L649" href="#L649">649</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L650" href="#L650">650</a> LOG.debug(<span class="jxr_string">"Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:"</span>); +<a class="jxr_linenumber" name="L651" href="#L651">651</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L652" href="#L652">652</a> } +<a class="jxr_linenumber" name="L653" href="#L653">653</a> assertTrue(outputString.contains(<span class="jxr_string">"#EncryptedKeySHA1"</span>)); +<a class="jxr_linenumber" name="L654" href="#L654">654</a> +<a class="jxr_linenumber" name="L655" href="#L655">655</a> LOG.info(<span class="jxr_string">"After Encrypting EncryptedKeySHA1...."</span>); +<a class="jxr_linenumber" name="L656" href="#L656">656</a> verify(encryptedDoc, <strong class="jxr_keyword">null</strong>, secretKeyCallbackHandler); +<a class="jxr_linenumber" name="L657" href="#L657">657</a> } +<a class="jxr_linenumber" name="L658" href="#L658">658</a> +<a class="jxr_linenumber" name="L659" href="#L659">659</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L660" href="#L660">660</a> <em class="jxr_javadoccomment"> * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a</em> +<a class="jxr_linenumber" name="L661" href="#L661">661</a> <em class="jxr_javadoccomment"> * generated session key which is then encrypted using a public key. The request is generated</em> +<a class="jxr_linenumber" name="L662" href="#L662">662</a> <em class="jxr_javadoccomment"> * using WSHandler, instead of coding it.</em> +<a class="jxr_linenumber" name="L663" href="#L663">663</a> <em class="jxr_javadoccomment"> *</em> +<a class="jxr_linenumber" name="L664" href="#L664">664</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in encryption or decryption</em> +<a class="jxr_linenumber" name="L665" href="#L665">665</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L666" href="#L666">666</a> @Test +<a class="jxr_linenumber" name="L667" href="#L667">667</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionSHA1SymmetricBytesHandler() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L668" href="#L668">668</a> <strong class="jxr_keyword">final</strong> WSSConfig cfg = WSSConfig.getNewInstance(); +<a class="jxr_linenumber" name="L669" href="#L669">669</a> <strong class="jxr_keyword">final</strong> RequestData reqData = <strong class="jxr_keyword">new</strong> RequestData(); +<a class="jxr_linenumber" name="L670" href="#L670">670</a> reqData.setWssConfig(cfg); +<a class="jxr_linenumber" name="L671" href="#L671">671</a> java.util.Map<String, Object> messageContext = <strong class="jxr_keyword">new</strong> java.util.TreeMap<>(); +<a class="jxr_linenumber" name="L672" href="#L672">672</a> messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, <span class="jxr_string">"false"</span>); +<a class="jxr_linenumber" name="L673" href="#L673">673</a> messageContext.put(WSHandlerConstants.ENC_KEY_ID, <span class="jxr_string">"EncryptedKeySHA1"</span>); +<a class="jxr_linenumber" name="L674" href="#L674">674</a> secretKeyCallbackHandler.setOutboundSecret(keyData); +<a class="jxr_linenumber" name="L675" href="#L675">675</a> messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, secretKeyCallbackHandler); +<a class="jxr_linenumber" name="L676" href="#L676">676</a> reqData.setMsgContext(messageContext); +<a class="jxr_linenumber" name="L677" href="#L677">677</a> reqData.setUsername(<span class="jxr_string">""</span>); +<a class="jxr_linenumber" name="L678" href="#L678">678</a> +<a class="jxr_linenumber" name="L679" href="#L679">679</a> <strong class="jxr_keyword">final</strong> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L680" href="#L680">680</a> <a name="CustomHandler" href="../../../../../org/apache/wss4j/dom/common/CustomHandler.html#CustomHandler">CustomHandler</a> handler = <strong class="jxr_keyword">new</strong> <a name="CustomHandler" href="../../../../../org/apache/wss4j/dom/common/CustomHandler.html#CustomHandler">CustomHandler</a>(); +<a class="jxr_linenumber" name="L681" href="#L681">681</a> HandlerAction action = <strong class="jxr_keyword">new</strong> HandlerAction(WSConstants.ENCR); +<a class="jxr_linenumber" name="L682" href="#L682">682</a> handler.send( +<a class="jxr_linenumber" name="L683" href="#L683">683</a> doc, +<a class="jxr_linenumber" name="L684" href="#L684">684</a> reqData, +<a class="jxr_linenumber" name="L685" href="#L685">685</a> Collections.singletonList(action), +<a class="jxr_linenumber" name="L686" href="#L686">686</a> <strong class="jxr_keyword">true</strong> +<a class="jxr_linenumber" name="L687" href="#L687">687</a> ); +<a class="jxr_linenumber" name="L688" href="#L688">688</a> +<a class="jxr_linenumber" name="L689" href="#L689">689</a> String outputString = +<a class="jxr_linenumber" name="L690" href="#L690">690</a> XMLUtils.prettyDocumentToString(doc); +<a class="jxr_linenumber" name="L691" href="#L691">691</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L692" href="#L692">692</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L693" href="#L693">693</a> } +<a class="jxr_linenumber" name="L694" href="#L694">694</a> +<a class="jxr_linenumber" name="L695" href="#L695">695</a> verify(doc, <strong class="jxr_keyword">null</strong>, secretKeyCallbackHandler); +<a class="jxr_linenumber" name="L696" href="#L696">696</a> } +<a class="jxr_linenumber" name="L697" href="#L697">697</a> +<a class="jxr_linenumber" name="L698" href="#L698">698</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L699" href="#L699">699</a> <em class="jxr_javadoccomment"> * Test that encrypt and decrypt a WS-Security envelope.</em> +<a class="jxr_linenumber" name="L700" href="#L700">700</a> <em class="jxr_javadoccomment"> *</em> +<a class="jxr_linenumber" name="L701" href="#L701">701</a> <em class="jxr_javadoccomment"> * This test uses the RSA_15 algorithm to transport (wrap) the symmetric key.</em> +<a class="jxr_linenumber" name="L702" href="#L702">702</a> <em class="jxr_javadoccomment"> * The test case creates a ReferenceList element that references EncryptedData</em> +<a class="jxr_linenumber" name="L703" href="#L703">703</a> <em class="jxr_javadoccomment"> * elements. The ReferencesList element is put into the Security header, not</em> +<a class="jxr_linenumber" name="L704" href="#L704">704</a> <em class="jxr_javadoccomment"> * as child of the EncryptedKey. The EncryptedData elements contain a KeyInfo</em> +<a class="jxr_linenumber" name="L705" href="#L705">705</a> <em class="jxr_javadoccomment"> * that references the EncryptedKey via a STR/Reference structure.</em> +<a class="jxr_linenumber" name="L706" href="#L706">706</a> <em class="jxr_javadoccomment"> *</em> +<a class="jxr_linenumber" name="L707" href="#L707">707</a> <em class="jxr_javadoccomment"> * Refer to OASIS WS Security spec 1.1, chap 7.7</em> +<a class="jxr_linenumber" name="L708" href="#L708">708</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L709" href="#L709">709</a> @Test +<a class="jxr_linenumber" name="L710" href="#L710">710</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionDecryptionRSA15STR() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L711" href="#L711">711</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L712" href="#L712">712</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L713" href="#L713">713</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L714" href="#L714">714</a> +<a class="jxr_linenumber" name="L715" href="#L715">715</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L716" href="#L716">716</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); +<a class="jxr_linenumber" name="L717" href="#L717">717</a> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); +<a class="jxr_linenumber" name="L718" href="#L718">718</a> builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); +<a class="jxr_linenumber" name="L719" href="#L719">719</a> LOG.info(<span class="jxr_string">"Before Encryption Triple DES...."</span>); <a class="jxr_linenumber" name="L720" href="#L720">720</a> -<a class="jxr_linenumber" name="L721" href="#L721">721</a> outputString = -<a class="jxr_linenumber" name="L722" href="#L722">722</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L723" href="#L723">723</a> assertTrue(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); -<a class="jxr_linenumber" name="L724" href="#L724">724</a> -<a class="jxr_linenumber" name="L725" href="#L725">725</a> WSSecurityEngineResult actionResult = -<a class="jxr_linenumber" name="L726" href="#L726">726</a> results.getActionResults().get(WSConstants.ENCR).get(0); -<a class="jxr_linenumber" name="L727" href="#L727">727</a> assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE)); -<a class="jxr_linenumber" name="L728" href="#L728">728</a> assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE)); -<a class="jxr_linenumber" name="L729" href="#L729">729</a> REFERENCE_TYPE referenceType = -<a class="jxr_linenumber" name="L730" href="#L730">730</a> (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE); -<a class="jxr_linenumber" name="L731" href="#L731">731</a> assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF); -<a class="jxr_linenumber" name="L732" href="#L732">732</a> } -<a class="jxr_linenumber" name="L733" href="#L733">733</a> -<a class="jxr_linenumber" name="L734" href="#L734">734</a> -<a class="jxr_linenumber" name="L735" href="#L735">735</a> @Test -<a class="jxr_linenumber" name="L736" href="#L736">736</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testBadAttribute() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L737" href="#L737">737</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L738" href="#L738">738</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L739" href="#L739">739</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L740" href="#L740">740</a> -<a class="jxr_linenumber" name="L741" href="#L741">741</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L742" href="#L742">742</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); -<a class="jxr_linenumber" name="L743" href="#L743">743</a> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); -<a class="jxr_linenumber" name="L744" href="#L744">744</a> builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); -<a class="jxr_linenumber" name="L745" href="#L745">745</a> -<a class="jxr_linenumber" name="L746" href="#L746">746</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L747" href="#L747">747</a> <em class="jxr_comment"> * Prepare the Encrypt object with the token, setup data structure</em> -<a class="jxr_linenumber" name="L748" href="#L748">748</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L749" href="#L749">749</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES); -<a class="jxr_linenumber" name="L750" href="#L750">750</a> SecretKey symmetricKey = keyGen.generateKey(); -<a class="jxr_linenumber" name="L751" href="#L751">751</a> builder.prepare(crypto, symmetricKey); +<a class="jxr_linenumber" name="L721" href="#L721">721</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L722" href="#L722">722</a> <em class="jxr_comment"> * Prepare the Encrypt object with the token, setup data structure</em> +<a class="jxr_linenumber" name="L723" href="#L723">723</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L724" href="#L724">724</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES); +<a class="jxr_linenumber" name="L725" href="#L725">725</a> SecretKey symmetricKey = keyGen.generateKey(); +<a class="jxr_linenumber" name="L726" href="#L726">726</a> builder.prepare(crypto, symmetricKey); +<a class="jxr_linenumber" name="L727" href="#L727">727</a> +<a class="jxr_linenumber" name="L728" href="#L728">728</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L729" href="#L729">729</a> <em class="jxr_comment"> * Set up the parts structure to encrypt the body</em> +<a class="jxr_linenumber" name="L730" href="#L730">730</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L731" href="#L731">731</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc +<a class="jxr_linenumber" name="L732" href="#L732">732</a> .getDocumentElement()); +<a class="jxr_linenumber" name="L733" href="#L733">733</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants +<a class="jxr_linenumber" name="L734" href="#L734">734</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), +<a class="jxr_linenumber" name="L735" href="#L735">735</a> <span class="jxr_string">"Content"</span>); +<a class="jxr_linenumber" name="L736" href="#L736">736</a> builder.getParts().add(encP); +<a class="jxr_linenumber" name="L737" href="#L737">737</a> +<a class="jxr_linenumber" name="L738" href="#L738">738</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L739" href="#L739">739</a> <em class="jxr_comment"> * Encrypt the parts (Body), create EncryptedData elements that reference</em> +<a class="jxr_linenumber" name="L740" href="#L740">740</a> <em class="jxr_comment"> * the EncryptedKey, and get a ReferenceList that can be put into the</em> +<a class="jxr_linenumber" name="L741" href="#L741">741</a> <em class="jxr_comment"> * Security header. Be sure that the ReferenceList is after the</em> +<a class="jxr_linenumber" name="L742" href="#L742">742</a> <em class="jxr_comment"> * EncryptedKey element in the Security header (strict layout)</em> +<a class="jxr_linenumber" name="L743" href="#L743">743</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L744" href="#L744">744</a> Element refs = builder.encrypt(symmetricKey); +<a class="jxr_linenumber" name="L745" href="#L745">745</a> builder.addExternalRefElement(refs); +<a class="jxr_linenumber" name="L746" href="#L746">746</a> +<a class="jxr_linenumber" name="L747" href="#L747">747</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L748" href="#L748">748</a> <em class="jxr_comment"> * now add (prepend) the EncryptedKey element, then a</em> +<a class="jxr_linenumber" name="L749" href="#L749">749</a> <em class="jxr_comment"> * BinarySecurityToken if one was setup during prepare</em> +<a class="jxr_linenumber" name="L750" href="#L750">750</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L751" href="#L751">751</a> builder.prependToHeader(); <a class="jxr_linenumber" name="L752" href="#L752">752</a> -<a class="jxr_linenumber" name="L753" href="#L753">753</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L754" href="#L754">754</a> <em class="jxr_comment"> * Set up the parts structure to encrypt the body</em> -<a class="jxr_linenumber" name="L755" href="#L755">755</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L756" href="#L756">756</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc -<a class="jxr_linenumber" name="L757" href="#L757">757</a> .getDocumentElement()); -<a class="jxr_linenumber" name="L758" href="#L758">758</a> java.util.List<WSEncryptionPart> parts = <strong class="jxr_keyword">new</strong> ArrayList<>(); -<a class="jxr_linenumber" name="L759" href="#L759">759</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants -<a class="jxr_linenumber" name="L760" href="#L760">760</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), -<a class="jxr_linenumber" name="L761" href="#L761">761</a> <span class="jxr_string">"Content"</span>); -<a class="jxr_linenumber" name="L762" href="#L762">762</a> parts.add(encP); -<a class="jxr_linenumber" name="L763" href="#L763">763</a> -<a class="jxr_linenumber" name="L764" href="#L764">764</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L765" href="#L765">765</a> <em class="jxr_comment"> * Encrypt the parts (Body), create EncryptedData elements that reference</em> -<a class="jxr_linenumber" name="L766" href="#L766">766</a> <em class="jxr_comment"> * the EncryptedKey, and get a ReferenceList that can be put into the</em> -<a class="jxr_linenumber" name="L767" href="#L767">767</a> <em class="jxr_comment"> * Security header. Be sure that the ReferenceList is after the</em> -<a class="jxr_linenumber" name="L768" href="#L768">768</a> <em class="jxr_comment"> * EncryptedKey element in the Security header (strict layout)</em> -<a class="jxr_linenumber" name="L769" href="#L769">769</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L770" href="#L770">770</a> Element refs = builder.encrypt(symmetricKey); -<a class="jxr_linenumber" name="L771" href="#L771">771</a> builder.addExternalRefElement(refs); -<a class="jxr_linenumber" name="L772" href="#L772">772</a> -<a class="jxr_linenumber" name="L773" href="#L773">773</a> <em class="jxr_comment">/*</em> -<a class="jxr_linenumber" name="L774" href="#L774">774</a> <em class="jxr_comment"> * now add (prepend) the EncryptedKey element, then a</em> -<a class="jxr_linenumber" name="L775" href="#L775">775</a> <em class="jxr_comment"> * BinarySecurityToken if one was setup during prepare</em> -<a class="jxr_linenumber" name="L776" href="#L776">776</a> <em class="jxr_comment"> */</em> -<a class="jxr_linenumber" name="L777" href="#L777">777</a> Element encryptedKeyElement = builder.getEncryptedKeyElement(); -<a class="jxr_linenumber" name="L778" href="#L778">778</a> encryptedKeyElement.setAttributeNS(<strong class="jxr_keyword">null</strong>, <span class="jxr_string">"Type"</span>, <span class="jxr_string">"SomeType"</span>); -<a class="jxr_linenumber" name="L779" href="#L779">779</a> WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), encryptedKeyElement); +<a class="jxr_linenumber" name="L753" href="#L753">753</a> builder.prependBSTElementToHeader(); +<a class="jxr_linenumber" name="L754" href="#L754">754</a> +<a class="jxr_linenumber" name="L755" href="#L755">755</a> Document encryptedDoc = doc; +<a class="jxr_linenumber" name="L756" href="#L756">756</a> LOG.info(<span class="jxr_string">"After Encryption Triple DES...."</span>); +<a class="jxr_linenumber" name="L757" href="#L757">757</a> +<a class="jxr_linenumber" name="L758" href="#L758">758</a> String outputString = +<a class="jxr_linenumber" name="L759" href="#L759">759</a> XMLUtils.prettyDocumentToString(encryptedDoc); +<a class="jxr_linenumber" name="L760" href="#L760">760</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L761" href="#L761">761</a> LOG.debug(<span class="jxr_string">"Encrypted message, RSA-15 keytransport, 3DES:"</span>); +<a class="jxr_linenumber" name="L762" href="#L762">762</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L763" href="#L763">763</a> } +<a class="jxr_linenumber" name="L764" href="#L764">764</a> assertFalse(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); +<a class="jxr_linenumber" name="L765" href="#L765">765</a> WSHandlerResult results = verify(encryptedDoc, crypto, keystoreCallbackHandler); +<a class="jxr_linenumber" name="L766" href="#L766">766</a> +<a class="jxr_linenumber" name="L767" href="#L767">767</a> outputString = +<a class="jxr_linenumber" name="L768" href="#L768">768</a> XMLUtils.prettyDocumentToString(encryptedDoc); +<a class="jxr_linenumber" name="L769" href="#L769">769</a> assertTrue(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); +<a class="jxr_linenumber" name="L770" href="#L770">770</a> +<a class="jxr_linenumber" name="L771" href="#L771">771</a> WSSecurityEngineResult actionResult = +<a class="jxr_linenumber" name="L772" href="#L772">772</a> results.getActionResults().get(WSConstants.ENCR).get(0); +<a class="jxr_linenumber" name="L773" href="#L773">773</a> assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE)); +<a class="jxr_linenumber" name="L774" href="#L774">774</a> assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE)); +<a class="jxr_linenumber" name="L775" href="#L775">775</a> REFERENCE_TYPE referenceType = +<a class="jxr_linenumber" name="L776" href="#L776">776</a> (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE); +<a class="jxr_linenumber" name="L777" href="#L777">777</a> assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF); +<a class="jxr_linenumber" name="L778" href="#L778">778</a> } +<a class="jxr_linenumber" name="L779" href="#L779">779</a> <a class="jxr_linenumber" name="L780" href="#L780">780</a> -<a class="jxr_linenumber" name="L781" href="#L781">781</a> builder.prependBSTElementToHeader(); -<a class="jxr_linenumber" name="L782" href="#L782">782</a> -<a class="jxr_linenumber" name="L783" href="#L783">783</a> Document encryptedDoc = doc; -<a class="jxr_linenumber" name="L784" href="#L784">784</a> -<a class="jxr_linenumber" name="L785" href="#L785">785</a> String outputString = -<a class="jxr_linenumber" name="L786" href="#L786">786</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L787" href="#L787">787</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L788" href="#L788">788</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L789" href="#L789">789</a> } -<a class="jxr_linenumber" name="L790" href="#L790">790</a> -<a class="jxr_linenumber" name="L791" href="#L791">791</a> WSSecurityEngine newEngine = <strong class="jxr_keyword">new</strong> WSSecurityEngine(); -<a class="jxr_linenumber" name="L792" href="#L792">792</a> <strong class="jxr_keyword">try</strong> { -<a class="jxr_linenumber" name="L793" href="#L793">793</a> newEngine.processSecurityHeader(encryptedDoc, <strong class="jxr_keyword">null</strong>, keystoreCallbackHandler, crypto); -<a class="jxr_linenumber" name="L794" href="#L794">794</a> fail(<span class="jxr_string">"Failure expected on a bad attribute type"</span>); -<a class="jxr_linenumber" name="L795" href="#L795">795</a> } <strong class="jxr_keyword">catch</strong> (WSSecurityException ex) { -<a class="jxr_linenumber" name="L796" href="#L796">796</a> assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY); -<a class="jxr_linenumber" name="L797" href="#L797">797</a> } +<a class="jxr_linenumber" name="L781" href="#L781">781</a> @Test +<a class="jxr_linenumber" name="L782" href="#L782">782</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testBadAttribute() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L783" href="#L783">783</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L784" href="#L784">784</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L785" href="#L785">785</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L786" href="#L786">786</a> +<a class="jxr_linenumber" name="L787" href="#L787">787</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L788" href="#L788">788</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); +<a class="jxr_linenumber" name="L789" href="#L789">789</a> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); +<a class="jxr_linenumber" name="L790" href="#L790">790</a> builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); +<a class="jxr_linenumber" name="L791" href="#L791">791</a> +<a class="jxr_linenumber" name="L792" href="#L792">792</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L793" href="#L793">793</a> <em class="jxr_comment"> * Prepare the Encrypt object with the token, setup data structure</em> +<a class="jxr_linenumber" name="L794" href="#L794">794</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L795" href="#L795">795</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES); +<a class="jxr_linenumber" name="L796" href="#L796">796</a> SecretKey symmetricKey = keyGen.generateKey(); +<a class="jxr_linenumber" name="L797" href="#L797">797</a> builder.prepare(crypto, symmetricKey); <a class="jxr_linenumber" name="L798" href="#L798">798</a> -<a class="jxr_linenumber" name="L799" href="#L799">799</a> RequestData data = <strong class="jxr_keyword">new</strong> RequestData(); -<a class="jxr_linenumber" name="L800" href="#L800">800</a> data.setCallbackHandler(keystoreCallbackHandler); -<a class="jxr_linenumber" name="L801" href="#L801">801</a> data.setDecCrypto(crypto); -<a class="jxr_linenumber" name="L802" href="#L802">802</a> data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3209)); -<a class="jxr_linenumber" name="L803" href="#L803">803</a> newEngine.processSecurityHeader(encryptedDoc, data); -<a class="jxr_linenumber" name="L804" href="#L804">804</a> } -<a class="jxr_linenumber" name="L805" href="#L805">805</a> -<a class="jxr_linenumber" name="L806" href="#L806">806</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L807" href="#L807">807</a> <em class="jxr_javadoccomment"> * In this test an EncryptedKey structure is embedded in the EncryptedData structure.</em> -<a class="jxr_linenumber" name="L808" href="#L808">808</a> <em class="jxr_javadoccomment"> * The EncryptedKey structure refers to a certificate via the SKI_KEY_IDENTIFIER.</em> -<a class="jxr_linenumber" name="L809" href="#L809">809</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L810" href="#L810">810</a> @Test -<a class="jxr_linenumber" name="L811" href="#L811">811</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEmbeddedEncryptedKey() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L812" href="#L812">812</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L813" href="#L813">813</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L814" href="#L814">814</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L815" href="#L815">815</a> -<a class="jxr_linenumber" name="L816" href="#L816">816</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L817" href="#L817">817</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); -<a class="jxr_linenumber" name="L818" href="#L818">818</a> builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); -<a class="jxr_linenumber" name="L819" href="#L819">819</a> builder.setSymmetricEncAlgorithm(WSConstants.AES_128); -<a class="jxr_linenumber" name="L820" href="#L820">820</a> -<a class="jxr_linenumber" name="L821" href="#L821">821</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); -<a class="jxr_linenumber" name="L822" href="#L822">822</a> SecretKey symmetricKey = keyGen.generateKey(); -<a class="jxr_linenumber" name="L823" href="#L823">823</a> builder.prepare(crypto, symmetricKey); -<a class="jxr_linenumber" name="L824" href="#L824">824</a> builder.setEmbedEncryptedKey(<strong class="jxr_keyword">true</strong>); -<a class="jxr_linenumber" name="L825" href="#L825">825</a> -<a class="jxr_linenumber" name="L826" href="#L826">826</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc -<a class="jxr_linenumber" name="L827" href="#L827">827</a> .getDocumentElement()); -<a class="jxr_linenumber" name="L828" href="#L828">828</a> java.util.List<WSEncryptionPart> parts = <strong class="jxr_keyword">new</strong> ArrayList<>(); -<a class="jxr_linenumber" name="L829" href="#L829">829</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants -<a class="jxr_linenumber" name="L830" href="#L830">830</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), -<a class="jxr_linenumber" name="L831" href="#L831">831</a> <span class="jxr_string">"Content"</span>); -<a class="jxr_linenumber" name="L832" href="#L832">832</a> parts.add(encP); -<a class="jxr_linenumber" name="L833" href="#L833">833</a> -<a class="jxr_linenumber" name="L834" href="#L834">834</a> builder.encrypt(symmetricKey); -<a class="jxr_linenumber" name="L835" href="#L835">835</a> -<a class="jxr_linenumber" name="L836" href="#L836">836</a> String outputString = -<a class="jxr_linenumber" name="L837" href="#L837">837</a> XMLUtils.prettyDocumentToString(doc); -<a class="jxr_linenumber" name="L838" href="#L838">838</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L839" href="#L839">839</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L840" href="#L840">840</a> } -<a class="jxr_linenumber" name="L841" href="#L841">841</a> -<a class="jxr_linenumber" name="L842" href="#L842">842</a> verify(doc, crypto, keystoreCallbackHandler); -<a class="jxr_linenumber" name="L843" href="#L843">843</a> } +<a class="jxr_linenumber" name="L799" href="#L799">799</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L800" href="#L800">800</a> <em class="jxr_comment"> * Set up the parts structure to encrypt the body</em> +<a class="jxr_linenumber" name="L801" href="#L801">801</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L802" href="#L802">802</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc +<a class="jxr_linenumber" name="L803" href="#L803">803</a> .getDocumentElement()); +<a class="jxr_linenumber" name="L804" href="#L804">804</a> java.util.List<WSEncryptionPart> parts = <strong class="jxr_keyword">new</strong> ArrayList<>(); +<a class="jxr_linenumber" name="L805" href="#L805">805</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants +<a class="jxr_linenumber" name="L806" href="#L806">806</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), +<a class="jxr_linenumber" name="L807" href="#L807">807</a> <span class="jxr_string">"Content"</span>); +<a class="jxr_linenumber" name="L808" href="#L808">808</a> parts.add(encP); +<a class="jxr_linenumber" name="L809" href="#L809">809</a> +<a class="jxr_linenumber" name="L810" href="#L810">810</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L811" href="#L811">811</a> <em class="jxr_comment"> * Encrypt the parts (Body), create EncryptedData elements that reference</em> +<a class="jxr_linenumber" name="L812" href="#L812">812</a> <em class="jxr_comment"> * the EncryptedKey, and get a ReferenceList that can be put into the</em> +<a class="jxr_linenumber" name="L813" href="#L813">813</a> <em class="jxr_comment"> * Security header. Be sure that the ReferenceList is after the</em> +<a class="jxr_linenumber" name="L814" href="#L814">814</a> <em class="jxr_comment"> * EncryptedKey element in the Security header (strict layout)</em> +<a class="jxr_linenumber" name="L815" href="#L815">815</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L816" href="#L816">816</a> Element refs = builder.encrypt(symmetricKey); +<a class="jxr_linenumber" name="L817" href="#L817">817</a> builder.addExternalRefElement(refs); +<a class="jxr_linenumber" name="L818" href="#L818">818</a> +<a class="jxr_linenumber" name="L819" href="#L819">819</a> <em class="jxr_comment">/*</em> +<a class="jxr_linenumber" name="L820" href="#L820">820</a> <em class="jxr_comment"> * now add (prepend) the EncryptedKey element, then a</em> +<a class="jxr_linenumber" name="L821" href="#L821">821</a> <em class="jxr_comment"> * BinarySecurityToken if one was setup during prepare</em> +<a class="jxr_linenumber" name="L822" href="#L822">822</a> <em class="jxr_comment"> */</em> +<a class="jxr_linenumber" name="L823" href="#L823">823</a> Element encryptedKeyElement = builder.getEncryptedKeyElement(); +<a class="jxr_linenumber" name="L824" href="#L824">824</a> encryptedKeyElement.setAttributeNS(<strong class="jxr_keyword">null</strong>, <span class="jxr_string">"Type"</span>, <span class="jxr_string">"SomeType"</span>); +<a class="jxr_linenumber" name="L825" href="#L825">825</a> WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), encryptedKeyElement); +<a class="jxr_linenumber" name="L826" href="#L826">826</a> +<a class="jxr_linenumber" name="L827" href="#L827">827</a> builder.prependBSTElementToHeader(); +<a class="jxr_linenumber" name="L828" href="#L828">828</a> +<a class="jxr_linenumber" name="L829" href="#L829">829</a> Document encryptedDoc = doc; +<a class="jxr_linenumber" name="L830" href="#L830">830</a> +<a class="jxr_linenumber" name="L831" href="#L831">831</a> String outputString = +<a class="jxr_linenumber" name="L832" href="#L832">832</a> XMLUtils.prettyDocumentToString(encryptedDoc); +<a class="jxr_linenumber" name="L833" href="#L833">833</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L834" href="#L834">834</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L835" href="#L835">835</a> } +<a class="jxr_linenumber" name="L836" href="#L836">836</a> +<a class="jxr_linenumber" name="L837" href="#L837">837</a> WSSecurityEngine newEngine = <strong class="jxr_keyword">new</strong> WSSecurityEngine(); +<a class="jxr_linenumber" name="L838" href="#L838">838</a> <strong class="jxr_keyword">try</strong> { +<a class="jxr_linenumber" name="L839" href="#L839">839</a> newEngine.processSecurityHeader(encryptedDoc, <strong class="jxr_keyword">null</strong>, keystoreCallbackHandler, crypto); +<a class="jxr_linenumber" name="L840" href="#L840">840</a> fail(<span class="jxr_string">"Failure expected on a bad attribute type"</span>); +<a class="jxr_linenumber" name="L841" href="#L841">841</a> } <strong class="jxr_keyword">catch</strong> (WSSecurityException ex) { +<a class="jxr_linenumber" name="L842" href="#L842">842</a> assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY); +<a class="jxr_linenumber" name="L843" href="#L843">843</a> } <a class="jxr_linenumber" name="L844" href="#L844">844</a> -<a class="jxr_linenumber" name="L845" href="#L845">845</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L846" href="#L846">846</a> <em class="jxr_javadoccomment"> * Test that encrypt and decrypt a WS-Security envelope.</em> -<a class="jxr_linenumber" name="L847" href="#L847">847</a> <em class="jxr_javadoccomment"> * This test uses the RSA OAEP algorithm to transport (wrap) the symmetric</em> -<a class="jxr_linenumber" name="L848" href="#L848">848</a> <em class="jxr_javadoccomment"> * key and SHA-256.</em> -<a class="jxr_linenumber" name="L849" href="#L849">849</a> <em class="jxr_javadoccomment"> * <p/></em> -<a class="jxr_linenumber" name="L850" href="#L850">850</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L851" href="#L851">851</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in signing or verification</em> -<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L853" href="#L853">853</a> @Test -<a class="jxr_linenumber" name="L854" href="#L854">854</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionDecryptionOAEPSHA256() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L855" href="#L855">855</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L856" href="#L856">856</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L857" href="#L857">857</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L858" href="#L858">858</a> -<a class="jxr_linenumber" name="L859" href="#L859">859</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L860" href="#L860">860</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); -<a class="jxr_linenumber" name="L861" href="#L861">861</a> builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP); -<a class="jxr_linenumber" name="L862" href="#L862">862</a> builder.setDigestAlgorithm(WSConstants.SHA256); -<a class="jxr_linenumber" name="L863" href="#L863">863</a> -<a class="jxr_linenumber" name="L864" href="#L864">864</a> LOG.info(<span class="jxr_string">"Before Encryption Triple DES/RSA-OAEP...."</span>); -<a class="jxr_linenumber" name="L865" href="#L865">865</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); -<a class="jxr_linenumber" name="L866" href="#L866">866</a> SecretKey symmetricKey = keyGen.generateKey(); -<a class="jxr_linenumber" name="L867" href="#L867">867</a> Document encryptedDoc = builder.build(crypto, symmetricKey); -<a class="jxr_linenumber" name="L868" href="#L868">868</a> LOG.info(<span class="jxr_string">"After Encryption Triple DES/RSA-OAEP...."</span>); -<a class="jxr_linenumber" name="L869" href="#L869">869</a> -<a class="jxr_linenumber" name="L870" href="#L870">870</a> String outputString = -<a class="jxr_linenumber" name="L871" href="#L871">871</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L872" href="#L872">872</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L873" href="#L873">873</a> LOG.debug(<span class="jxr_string">"Encrypted message, RSA-OAEP keytransport, 3DES:"</span>); -<a class="jxr_linenumber" name="L874" href="#L874">874</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L875" href="#L875">875</a> } -<a class="jxr_linenumber" name="L876" href="#L876">876</a> assertFalse(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); -<a class="jxr_linenumber" name="L877" href="#L877">877</a> -<a class="jxr_linenumber" name="L878" href="#L878">878</a> WSSecurityEngine newEngine = <strong class="jxr_keyword">new</strong> WSSecurityEngine(); -<a class="jxr_linenumber" name="L879" href="#L879">879</a> WSHandlerResult results = -<a class="jxr_linenumber" name="L880" href="#L880">880</a> newEngine.processSecurityHeader(encryptedDoc, <strong class="jxr_keyword">null</strong>, keystoreCallbackHandler, crypto); +<a class="jxr_linenumber" name="L845" href="#L845">845</a> RequestData data = <strong class="jxr_keyword">new</strong> RequestData(); +<a class="jxr_linenumber" name="L846" href="#L846">846</a> data.setCallbackHandler(keystoreCallbackHandler); +<a class="jxr_linenumber" name="L847" href="#L847">847</a> data.setDecCrypto(crypto); +<a class="jxr_linenumber" name="L848" href="#L848">848</a> data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3209)); +<a class="jxr_linenumber" name="L849" href="#L849">849</a> newEngine.processSecurityHeader(encryptedDoc, data); +<a class="jxr_linenumber" name="L850" href="#L850">850</a> } +<a class="jxr_linenumber" name="L851" href="#L851">851</a> +<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L853" href="#L853">853</a> <em class="jxr_javadoccomment"> * In this test an EncryptedKey structure is embedded in the EncryptedData structure.</em> +<a class="jxr_linenumber" name="L854" href="#L854">854</a> <em class="jxr_javadoccomment"> * The EncryptedKey structure refers to a certificate via the SKI_KEY_IDENTIFIER.</em> +<a class="jxr_linenumber" name="L855" href="#L855">855</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L856" href="#L856">856</a> @Test +<a class="jxr_linenumber" name="L857" href="#L857">857</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEmbeddedEncryptedKey() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L858" href="#L858">858</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L859" href="#L859">859</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L860" href="#L860">860</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L861" href="#L861">861</a> +<a class="jxr_linenumber" name="L862" href="#L862">862</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L863" href="#L863">863</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); +<a class="jxr_linenumber" name="L864" href="#L864">864</a> builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); +<a class="jxr_linenumber" name="L865" href="#L865">865</a> builder.setSymmetricEncAlgorithm(WSConstants.AES_128); +<a class="jxr_linenumber" name="L866" href="#L866">866</a> +<a class="jxr_linenumber" name="L867" href="#L867">867</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); +<a class="jxr_linenumber" name="L868" href="#L868">868</a> SecretKey symmetricKey = keyGen.generateKey(); +<a class="jxr_linenumber" name="L869" href="#L869">869</a> builder.prepare(crypto, symmetricKey); +<a class="jxr_linenumber" name="L870" href="#L870">870</a> builder.setEmbedEncryptedKey(<strong class="jxr_keyword">true</strong>); +<a class="jxr_linenumber" name="L871" href="#L871">871</a> +<a class="jxr_linenumber" name="L872" href="#L872">872</a> SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc +<a class="jxr_linenumber" name="L873" href="#L873">873</a> .getDocumentElement()); +<a class="jxr_linenumber" name="L874" href="#L874">874</a> java.util.List<WSEncryptionPart> parts = <strong class="jxr_keyword">new</strong> ArrayList<>(); +<a class="jxr_linenumber" name="L875" href="#L875">875</a> WSEncryptionPart encP = <strong class="jxr_keyword">new</strong> WSEncryptionPart(soapConstants +<a class="jxr_linenumber" name="L876" href="#L876">876</a> .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), +<a class="jxr_linenumber" name="L877" href="#L877">877</a> <span class="jxr_string">"Content"</span>); +<a class="jxr_linenumber" name="L878" href="#L878">878</a> parts.add(encP); +<a class="jxr_linenumber" name="L879" href="#L879">879</a> +<a class="jxr_linenumber" name="L880" href="#L880">880</a> builder.encrypt(symmetricKey); <a class="jxr_linenumber" name="L881" href="#L881">881</a> -<a class="jxr_linenumber" name="L882" href="#L882">882</a> WSSecurityEngineResult actionResult = -<a class="jxr_linenumber" name="L883" href="#L883">883</a> results.getActionResults().get(WSConstants.ENCR).get(0); -<a class="jxr_linenumber" name="L884" href="#L884">884</a> assertNotNull(actionResult); -<a class="jxr_linenumber" name="L885" href="#L885">885</a> } -<a class="jxr_linenumber" name="L886" href="#L886">886</a> -<a class="jxr_linenumber" name="L887" href="#L887">887</a> <em class="jxr_comment">// CN has a "*" in it</em> -<a class="jxr_linenumber" name="L888" href="#L888">888</a> @Test -<a class="jxr_linenumber" name="L889" href="#L889">889</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionWithRegexpCert() <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L890" href="#L890">890</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); -<a class="jxr_linenumber" name="L891" href="#L891">891</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); -<a class="jxr_linenumber" name="L892" href="#L892">892</a> secHeader.insertSecurityHeader(); -<a class="jxr_linenumber" name="L893" href="#L893">893</a> -<a class="jxr_linenumber" name="L894" href="#L894">894</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); -<a class="jxr_linenumber" name="L895" href="#L895">895</a> builder.setUserInfo(<span class="jxr_string">"regexp"</span>); -<a class="jxr_linenumber" name="L896" href="#L896">896</a> builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); -<a class="jxr_linenumber" name="L897" href="#L897">897</a> builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP); -<a class="jxr_linenumber" name="L898" href="#L898">898</a> LOG.info(<span class="jxr_string">"Before Encryption Triple DES/RSA-OAEP...."</span>); -<a class="jxr_linenumber" name="L899" href="#L899">899</a> -<a class="jxr_linenumber" name="L900" href="#L900">900</a> Crypto regexpCrypto = CryptoFactory.getInstance(<span class="jxr_string">"regexp.properties"</span>); -<a class="jxr_linenumber" name="L901" href="#L901">901</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); -<a class="jxr_linenumber" name="L902" href="#L902">902</a> SecretKey symmetricKey = keyGen.generateKey(); -<a class="jxr_linenumber" name="L903" href="#L903">903</a> Document encryptedDoc = builder.build(regexpCrypto, symmetricKey); -<a class="jxr_linenumber" name="L904" href="#L904">904</a> LOG.info(<span class="jxr_string">"After Encryption Triple DES/RSA-OAEP...."</span>); -<a class="jxr_linenumber" name="L905" href="#L905">905</a> -<a class="jxr_linenumber" name="L906" href="#L906">906</a> String outputString = -<a class="jxr_linenumber" name="L907" href="#L907">907</a> XMLUtils.prettyDocumentToString(encryptedDoc); -<a class="jxr_linenumber" name="L908" href="#L908">908</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L909" href="#L909">909</a> LOG.debug(<span class="jxr_string">"Encrypted message, RSA-OAEP keytransport, 3DES:"</span>); -<a class="jxr_linenumber" name="L910" href="#L910">910</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L911" href="#L911">911</a> } -<a class="jxr_linenumber" name="L912" href="#L912">912</a> assertFalse(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); -<a class="jxr_linenumber" name="L913" href="#L913">913</a> -<a class="jxr_linenumber" name="L914" href="#L914">914</a> WSSecurityEngine newEngine = <strong class="jxr_keyword">new</strong> WSSecurityEngine(); -<a class="jxr_linenumber" name="L915" href="#L915">915</a> newEngine.processSecurityHeader(encryptedDoc, <strong class="jxr_keyword">null</strong>, keystoreCallbackHandler, regexpCrypto); -<a class="jxr_linenumber" name="L916" href="#L916">916</a> } -<a class="jxr_linenumber" name="L917" href="#L917">917</a> -<a class="jxr_linenumber" name="L918" href="#L918">918</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L919" href="#L919">919</a> <em class="jxr_javadoccomment"> * Verifies the soap envelope <p/></em> -<a class="jxr_linenumber" name="L920" href="#L920">920</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L921" href="#L921">921</a> <em class="jxr_javadoccomment"> * @param doc</em> -<a class="jxr_linenumber" name="L922" href="#L922">922</a> <em class="jxr_javadoccomment"> * @param decCrypto</em> -<a class="jxr_linenumber" name="L923" href="#L923">923</a> <em class="jxr_javadoccomment"> * @param handler</em> -<a class="jxr_linenumber" name="L924" href="#L924">924</a> <em class="jxr_javadoccomment"> * @throws Exception</em> -<a class="jxr_linenumber" name="L925" href="#L925">925</a> <em class="jxr_javadoccomment"> * Thrown when there is a problem in verification</em> -<a class="jxr_linenumber" name="L926" href="#L926">926</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L927" href="#L927">927</a> <strong class="jxr_keyword">private</strong> WSHandlerResult verify( -<a class="jxr_linenumber" name="L928" href="#L928">928</a> Document doc, Crypto decCrypto, CallbackHandler handler -<a class="jxr_linenumber" name="L929" href="#L929">929</a> ) <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L930" href="#L930">930</a> WSHandlerResult results = -<a class="jxr_linenumber" name="L931" href="#L931">931</a> secEngine.processSecurityHeader(doc, <strong class="jxr_keyword">null</strong>, handler, decCrypto); -<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L933" href="#L933">933</a> String outputString = -<a class="jxr_linenumber" name="L934" href="#L934">934</a> XMLUtils.prettyDocumentToString(doc); -<a class="jxr_linenumber" name="L935" href="#L935">935</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L936" href="#L936">936</a> } -<a class="jxr_linenumber" name="L937" href="#L937">937</a> <strong class="jxr_keyword">return</strong> results; -<a class="jxr_linenumber" name="L938" href="#L938">938</a> } +<a class="jxr_linenumber" name="L882" href="#L882">882</a> String outputString = +<a class="jxr_linenumber" name="L883" href="#L883">883</a> XMLUtils.prettyDocumentToString(doc); +<a class="jxr_linenumber" name="L884" href="#L884">884</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L885" href="#L885">885</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L886" href="#L886">886</a> } +<a class="jxr_linenumber" name="L887" href="#L887">887</a> +<a class="jxr_linenumber" name="L888" href="#L888">888</a> verify(doc, crypto, keystoreCallbackHandler); +<a class="jxr_linenumber" name="L889" href="#L889">889</a> } +<a class="jxr_linenumber" name="L890" href="#L890">890</a> +<a class="jxr_linenumber" name="L891" href="#L891">891</a> <em class="jxr_javadoccomment">/**</em> +<a class="jxr_linenumber" name="L892" href="#L892">892</a> <em class="jxr_javadoccomment"> * Test that encrypt and decrypt a WS-Security envelope.</em> +<a class="jxr_linenumber" name="L893" href="#L893">893</a> <em class="jxr_javadoccomment"> * This test uses the RSA OAEP algorithm to transport (wrap) the symmetric</em> +<a class="jxr_linenumber" name="L894" href="#L894">894</a> <em class="jxr_javadoccomment"> * key and SHA-256.</em> +<a class="jxr_linenumber" name="L895" href="#L895">895</a> <em class="jxr_javadoccomment"> * <p/></em> +<a class="jxr_linenumber" name="L896" href="#L896">896</a> <em class="jxr_javadoccomment"> *</em> +<a class="jxr_linenumber" name="L897" href="#L897">897</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is any problem in signing or verification</em> +<a class="jxr_linenumber" name="L898" href="#L898">898</a> <em class="jxr_javadoccomment"> */</em> +<a class="jxr_linenumber" name="L899" href="#L899">899</a> @Test +<a class="jxr_linenumber" name="L900" href="#L900">900</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionDecryptionOAEPSHA256() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L901" href="#L901">901</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L902" href="#L902">902</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L903" href="#L903">903</a> secHeader.insertSecurityHeader(); +<a class="jxr_linenumber" name="L904" href="#L904">904</a> +<a class="jxr_linenumber" name="L905" href="#L905">905</a> WSSecEncrypt builder = <strong class="jxr_keyword">new</strong> WSSecEncrypt(secHeader); +<a class="jxr_linenumber" name="L906" href="#L906">906</a> builder.setUserInfo(<span class="jxr_string">"wss40"</span>); +<a class="jxr_linenumber" name="L907" href="#L907">907</a> builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP); +<a class="jxr_linenumber" name="L908" href="#L908">908</a> builder.setDigestAlgorithm(WSConstants.SHA256); +<a class="jxr_linenumber" name="L909" href="#L909">909</a> +<a class="jxr_linenumber" name="L910" href="#L910">910</a> LOG.info(<span class="jxr_string">"Before Encryption Triple DES/RSA-OAEP...."</span>); +<a class="jxr_linenumber" name="L911" href="#L911">911</a> KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); +<a class="jxr_linenumber" name="L912" href="#L912">912</a> SecretKey symmetricKey = keyGen.generateKey(); +<a class="jxr_linenumber" name="L913" href="#L913">913</a> Document encryptedDoc = builder.build(crypto, symmetricKey); +<a class="jxr_linenumber" name="L914" href="#L914">914</a> LOG.info(<span class="jxr_string">"After Encryption Triple DES/RSA-OAEP...."</span>); +<a class="jxr_linenumber" name="L915" href="#L915">915</a> +<a class="jxr_linenumber" name="L916" href="#L916">916</a> String outputString = +<a class="jxr_linenumber" name="L917" href="#L917">917</a> XMLUtils.prettyDocumentToString(encryptedDoc); +<a class="jxr_linenumber" name="L918" href="#L918">918</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { +<a class="jxr_linenumber" name="L919" href="#L919">919</a> LOG.debug(<span class="jxr_string">"Encrypted message, RSA-OAEP keytransport, 3DES:"</span>); +<a class="jxr_linenumber" name="L920" href="#L920">920</a> LOG.debug(outputString); +<a class="jxr_linenumber" name="L921" href="#L921">921</a> } +<a class="jxr_linenumber" name="L922" href="#L922">922</a> assertFalse(outputString.contains(<span class="jxr_string">"counter_port_type"</span>)); +<a class="jxr_linenumber" name="L923" href="#L923">923</a> +<a class="jxr_linenumber" name="L924" href="#L924">924</a> WSSecurityEngine newEngine = <strong class="jxr_keyword">new</strong> WSSecurityEngine(); +<a class="jxr_linenumber" name="L925" href="#L925">925</a> WSHandlerResult results = +<a class="jxr_linenumber" name="L926" href="#L926">926</a> newEngine.processSecurityHeader(encryptedDoc, <strong class="jxr_keyword">null</strong>, keystoreCallbackHandler, crypto); +<a class="jxr_linenumber" name="L927" href="#L927">927</a> +<a class="jxr_linenumber" name="L928" href="#L928">928</a> WSSecurityEngineResult actionResult = +<a class="jxr_linenumber" name="L929" href="#L929">929</a> results.getActionResults().get(WSConstants.ENCR).get(0); +<a class="jxr_linenumber" name="L930" href="#L930">930</a> assertNotNull(actionResult); +<a class="jxr_linenumber" name="L931" href="#L931">931</a> } +<a class="jxr_linenumber" name="L932" href="#L932">932</a> +<a class="jxr_linenumber" name="L933" href="#L933">933</a> <em class="jxr_comment">// CN has a "*" in it</em> +<a class="jxr_linenumber" name="L934" href="#L934">934</a> @Test +<a class="jxr_linenumber" name="L935" href="#L935">935</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> testEncryptionWithRegexpCert() <strong class="jxr_keyword">throws</strong> Exception { +<a class="jxr_linenumber" name="L936" href="#L936">936</a> Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); +<a class="jxr_linenumber" name="L937" href="#L937">937</a> WSSecHeader secHeader = <strong class="jxr_keyword">new</strong> WSSecHeader(doc); +<a class="jxr_linenumber" name="L938" href="#L938">938</a> secHeader.insertSecurityHeader(); <a class="jxr_linenumber" name="L939" href="#L939">939</a> -<a class="jxr_linenumber" name="L940" href="#L940">940</a> <em class="jxr_javadoccomment">/**</em> -<a class="jxr_linenumber" name="L941" href="#L941">941</a> <em class="jxr_javadoccomment"> * Verifies the soap envelope</em> -<a class="jxr_linenumber" name="L942" href="#L942">942</a> <em class="jxr_javadoccomment"> * <p/></em> -<a class="jxr_linenumber" name="L943" href="#L943">943</a> <em class="jxr_javadoccomment"> *</em> -<a class="jxr_linenumber" name="L944" href="#L944">944</a> <em class="jxr_javadoccomment"> * @param doc</em> -<a class="jxr_linenumber" name="L945" href="#L945">945</a> <em class="jxr_javadoccomment"> * @param handler</em> -<a class="jxr_linenumber" name="L946" href="#L946">946</a> <em class="jxr_javadoccomment"> * @param expectedEncryptedElement</em> -<a class="jxr_linenumber" name="L947" href="#L947">947</a> <em class="jxr_javadoccomment"> * @throws Exception Thrown when there is a problem in verification</em> -<a class="jxr_linenumber" name="L948" href="#L948">948</a> <em class="jxr_javadoccomment"> */</em> -<a class="jxr_linenumber" name="L949" href="#L949">949</a> @SuppressWarnings(<span class="jxr_string">"unchecked"</span>) -<a class="jxr_linenumber" name="L950" href="#L950">950</a> <strong class="jxr_keyword">private</strong> WSHandlerResult verify( -<a class="jxr_linenumber" name="L951" href="#L951">951</a> Document doc, -<a class="jxr_linenumber" name="L952" href="#L952">952</a> CallbackHandler handler, -<a class="jxr_linenumber" name="L953" href="#L953">953</a> javax.xml.namespace.QName expectedEncryptedElement -<a class="jxr_linenumber" name="L954" href="#L954">954</a> ) <strong class="jxr_keyword">throws</strong> Exception { -<a class="jxr_linenumber" name="L955" href="#L955">955</a> <strong class="jxr_keyword">final</strong> WSHandlerResult results = -<a class="jxr_linenumber" name="L956" href="#L956">956</a> secEngine.processSecurityHeader(doc, <strong class="jxr_keyword">null</strong>, handler, <strong class="jxr_keyword">null</strong>, crypto); -<a class="jxr_linenumber" name="L957" href="#L957">957</a> String outputString = -<a class="jxr_linenumber" name="L958" href="#L958">958</a> XMLUtils.prettyDocumentToString(doc); -<a class="jxr_linenumber" name="L959" href="#L959">959</a> <strong class="jxr_keyword">if</strong> (LOG.isDebugEnabled()) { -<a class="jxr_linenumber" name="L960" href="#L960">960</a> LOG.debug(outputString); -<a class="jxr_linenumber" name="L961" href="#L961">961</a> } -<a class="jxr_linenumber" name="L962" href="#L962">962</a> assertTrue(outputString.indexOf(<span class="jxr_string">"counter_port_type"</span>) > 0 ? <strong class="jxr_keyword">true</strong> : false); -<a class="jxr_linenumber" name="L963" href="#L963">963</a> <em class="jxr_comment">//</em> -<a class="jxr_linenumber" name="L964" href="#L964">964</a> <em class="jxr_comment">// walk through the results, and make sure there is an encryption</em> -<a class="jxr_linenumber" name="L965" href="#L965">965</a> <em class="jxr_comment">// action, together with a reference to the decrypted element</em> -<a class="jxr_linenumber" name="L966" href="#L966">966</a> <em class="jxr_comment">// (as a QName)</em> -<a class="jxr_linenumber" name="L967" href="#L967">967</a> <em class="jxr_comment">//</em>
[... 141 lines stripped ...]
