EncryptionCRLTest xref


1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.message;
21  
22  import javax.security.auth.callback.CallbackHandler;
23  
24  import org.w3c.dom.Document;
25  
26  import org.apache.ws.security.WSConstants;
27  import org.apache.ws.security.WSSConfig;
28  import org.apache.ws.security.WSSecurityEngine;
29  import org.apache.ws.security.common.CustomHandler;
30  import org.apache.ws.security.common.KeystoreCallbackHandler;
31  import org.apache.ws.security.common.SOAPUtil;
32  import org.apache.ws.security.components.crypto.Crypto;
33  import org.apache.ws.security.components.crypto.CryptoFactory;
34  import org.apache.ws.security.handler.RequestData;
35  import org.apache.ws.security.handler.WSHandlerConstants;
36  
37  
38  /**
39   * This is a test for Certificate Revocation List checking before encryption. 
40   * 
41   * This test reuse the revoked certificate from SignatureCRLTest
42   * 
43    */
44  public class EncryptionCRLTest extends org.junit.Assert {
45      private static final org.apache.commons.logging.Log LOG = 
46          org.apache.commons.logging.LogFactory.getLog(EncryptionCRLTest.class);
47          
48      private WSSecurityEngine secEngine = new WSSecurityEngine();
49      private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
50      private Crypto crypto = null;
51      
52      public EncryptionCRLTest() throws Exception {
53          crypto = CryptoFactory.getInstance("wss40All.properties");
54      }
55      
56      /**
57       * Setup method
58       * 
59       * @throws java.lang.Exception Thrown when there is a problem in setup
60       */
61      @org.junit.Before
62      public void setUp() throws Exception {
63          WSSConfig wssConfig = WSSConfig.getNewInstance();
64          wssConfig.setWsiBSPCompliant(true);
65          secEngine.setWssConfig(wssConfig);
66      }
67      
68      /**
69       * Test that encrypts without certificate revocation check
70       * so it should pass
71       * 
72       * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
73       */
74      @org.junit.Test
75      public void testEncryptionWithOutRevocationCheck() throws Exception {
76          final WSSConfig cfg = WSSConfig.getNewInstance();
77          final RequestData reqData = new RequestData();
78          reqData.setWssConfig(cfg);
79          reqData.setEncUser("wss40rev");
80          reqData.setEncKeyId(WSConstants.BST_DIRECT_REFERENCE);
81          reqData.setEncSymmAlgo(WSConstants.TRIPLE_DES);
82          reqData.setEncCrypto(crypto);
83          java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
84          messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
85          reqData.setMsgContext(messageContext);
86          reqData.setUsername("wss40rev");
87          
88          final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
89          actions.add(Integer.valueOf(WSConstants.ENCR));
90          final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
91          CustomHandler handler = new CustomHandler();
92          handler.send(
93              WSConstants.ENCR, 
94              doc, 
95              reqData, 
96              actions,
97              true
98          );
99          
100         String outputString = 
101             org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
102         if (LOG.isDebugEnabled()) {
103             LOG.debug(outputString);
104         }
105         
106         verify(doc, crypto, keystoreCallbackHandler);
107     }
108     
109     /**
110      * Test that encrypts with certificate revocation check
111      * so it should fail
112      * 
113      * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
114      */
115     @org.junit.Test
116     public void testEncryptionWithRevocationCheck() throws Exception {
117         final WSSConfig cfg = WSSConfig.getNewInstance();
118         final RequestData reqData = new RequestData();
119         reqData.setWssConfig(cfg);
120         reqData.setEncUser("wss40rev");
121         reqData.setEncKeyId(WSConstants.BST_DIRECT_REFERENCE);
122         reqData.setEncSymmAlgo(WSConstants.TRIPLE_DES);
123         reqData.setEncCrypto(crypto);
124         java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
125         messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
126         reqData.setMsgContext(messageContext);
127         reqData.setUsername("wss40rev");
128         
129         final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
130         actions.add(Integer.valueOf(WSConstants.ENCR));
131         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
132         CustomHandler handler = new CustomHandler();
133         handler.setOption(WSHandlerConstants.ENABLE_REVOCATION, "true");
134         try {
135             handler.send(
136                          WSConstants.ENCR, 
137                          doc, 
138                          reqData, 
139                          actions,
140                          true
141             );
142             fail ("Failure expected on a revoked certificate");
143         } catch (Exception ex) {
144             String errorMessage = ex.getMessage();
145             // Different errors using different JDKs...
146             assertTrue(errorMessage.contains("Certificate has been revoked")
147                 || errorMessage.contains("Certificate revocation")
148                 || errorMessage.contains("Error during certificate path validation"));
149         }
150        
151     }
152     
153     /**
154      * Verifies the soap envelope <p/>
155      * 
156      * @param envelope
157      * @throws Exception
158      *             Thrown when there is a problem in verification
159      */
160     private void verify(
161         Document doc, Crypto decCrypto, CallbackHandler handler
162     ) throws Exception {
163         secEngine.processSecurityHeader(doc, null, handler, decCrypto);
164         if (LOG.isDebugEnabled()) {
165             String outputString = 
166                 org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
167             LOG.debug(outputString);
168         }
169     }
170 }