View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.handler;
21  
22  import java.util.ArrayList;
23  import java.util.Collections;
24  import java.util.List;
25  
26  import javax.crypto.KeyGenerator;
27  import javax.crypto.SecretKey;
28  import javax.security.auth.callback.CallbackHandler;
29  import javax.xml.crypto.dsig.SignatureMethod;
30  
31  import org.apache.wss4j.common.EncryptionActionToken;
32  import org.apache.wss4j.common.SignatureActionToken;
33  import org.apache.wss4j.common.WSEncryptionPart;
34  import org.apache.wss4j.common.crypto.Crypto;
35  import org.apache.wss4j.common.crypto.CryptoFactory;
36  import org.apache.wss4j.common.ext.WSSecurityException;
37  import org.apache.wss4j.common.util.KeyUtils;
38  import org.apache.wss4j.common.util.SOAPUtil;
39  import org.apache.wss4j.common.util.XMLUtils;
40  import org.apache.wss4j.dom.WSConstants;
41  import org.apache.wss4j.dom.common.CombinedCallbackHandler;
42  import org.apache.wss4j.dom.common.CustomHandler;
43  import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
44  import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
45  
46  import org.apache.wss4j.dom.engine.WSSConfig;
47  import org.apache.wss4j.dom.engine.WSSecurityEngine;
48  import org.apache.xml.security.stax.impl.util.IDGenerator;
49  
50  import org.junit.jupiter.api.BeforeEach;
51  import org.junit.jupiter.api.Test;
52  import org.w3c.dom.Document;
53  
54  
55  /**
56   * This is a set of tests for using SecurityActionTokens to configure various Actions.
57   */
58  public class SecurityActionTokenTest {
59      private static final org.slf4j.Logger LOG =
60          org.slf4j.LoggerFactory.getLogger(SecurityActionTokenTest.class);
61      private WSSecurityEngine secEngine = new WSSecurityEngine();
62      private Crypto crypto;
63      private byte[] keyData;
64  
65      @BeforeEach
66      public void setUp() throws Exception {
67          KeyGenerator keyGen = KeyGenerator.getInstance("AES");
68          keyGen.init(128);
69          SecretKey key = keyGen.generateKey();
70          keyData = key.getEncoded();
71      }
72  
73      public SecurityActionTokenTest() throws WSSecurityException {
74          WSSConfig.init();
75          crypto = CryptoFactory.getInstance("wss40.properties");
76      }
77  
78      @Test
79      public void testAsymmetricSignature() throws Exception {
80          final WSSConfig cfg = WSSConfig.getNewInstance();
81          final RequestData reqData = new RequestData();
82          reqData.setWssConfig(cfg);
83          java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
84          messageContext.put(
85              WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
86          );
87          reqData.setMsgContext(messageContext);
88  
89          SignatureActionToken actionToken = new SignatureActionToken();
90          actionToken.setUser("wss40");
91          actionToken.setCryptoProperties("wss40.properties");
92  
93          final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
94          CustomHandler handler = new CustomHandler();
95          List<HandlerAction> actions = new ArrayList<>();
96          actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
97          handler.send(
98              doc,
99              reqData,
100             actions,
101             true
102         );
103 
104         if (LOG.isDebugEnabled()) {
105             String outputString =
106                 XMLUtils.prettyDocumentToString(doc);
107             LOG.debug(outputString);
108         }
109 
110         verify(doc, null);
111     }
112 
113     @Test
114     public void testSymmetricSignature() throws Exception {
115         final WSSConfig cfg = WSSConfig.getNewInstance();
116         final RequestData reqData = new RequestData();
117         reqData.setWssConfig(cfg);
118         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
119         messageContext.put(
120             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
121         );
122         reqData.setMsgContext(messageContext);
123 
124         SignatureActionToken actionToken = new SignatureActionToken();
125         actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
126         actionToken.setKey(keyData);
127         actionToken.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
128 
129         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
130         CustomHandler handler = new CustomHandler();
131         List<HandlerAction> actions = new ArrayList<>();
132         actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
133         handler.send(
134             doc,
135             reqData,
136             actions,
137             true
138         );
139 
140         if (LOG.isDebugEnabled()) {
141             String outputString =
142                 XMLUtils.prettyDocumentToString(doc);
143             LOG.debug(outputString);
144         }
145 
146         SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
147         byte[] encodedBytes = KeyUtils.generateDigest(keyData);
148         String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
149         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
150 
151         verify(doc, secretKeyCallbackHandler);
152     }
153 
154     @Test
155     public void testAsymmetricDoubleSignature() throws Exception {
156         final WSSConfig cfg = WSSConfig.getNewInstance();
157         final RequestData reqData = new RequestData();
158         reqData.setWssConfig(cfg);
159         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
160         messageContext.put(
161             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
162         );
163         reqData.setMsgContext(messageContext);
164 
165         SignatureActionToken actionToken = new SignatureActionToken();
166         actionToken.setUser("wss40");
167         actionToken.setCryptoProperties("wss40.properties");
168         actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
169 
170         SignatureActionToken actionToken2 = new SignatureActionToken();
171         actionToken2.setUser("16c73ab6-b892-458f-abf5-2f875f74882e");
172         actionToken2.setCryptoProperties("crypto.properties");
173         actionToken2.setIncludeToken(false);
174         WSEncryptionPart encP =
175             new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
176         actionToken2.setParts(Collections.singletonList(encP));
177 
178         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
179         CustomHandler handler = new CustomHandler();
180         List<HandlerAction> actions = new ArrayList<>();
181         actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
182         actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
183         actions.add(new HandlerAction(WSConstants.TS, null));
184         handler.send(
185             doc,
186             reqData,
187             actions,
188             true
189         );
190 
191         if (LOG.isDebugEnabled()) {
192             String outputString =
193                 XMLUtils.prettyDocumentToString(doc);
194             LOG.debug(outputString);
195         }
196 
197         // Not verifying due to two separate Crypto instances...
198     }
199 
200     @Test
201     public void testMixedDoubleSignature() throws Exception {
202         final WSSConfig cfg = WSSConfig.getNewInstance();
203         final RequestData reqData = new RequestData();
204         reqData.setWssConfig(cfg);
205         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
206         messageContext.put(
207             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
208         );
209         reqData.setMsgContext(messageContext);
210 
211         SignatureActionToken actionToken = new SignatureActionToken();
212         actionToken.setUser("wss40");
213         actionToken.setCryptoProperties("wss40.properties");
214         actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
215 
216         SignatureActionToken actionToken2 = new SignatureActionToken();
217         actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
218         actionToken2.setKey(keyData);
219         actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
220         WSEncryptionPart encP =
221             new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
222         actionToken2.setParts(Collections.singletonList(encP));
223 
224         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
225         CustomHandler handler = new CustomHandler();
226         List<HandlerAction> actions = new ArrayList<>();
227         actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
228         actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
229         actions.add(new HandlerAction(WSConstants.TS, null));
230         handler.send(
231             doc,
232             reqData,
233             actions,
234             true
235         );
236 
237         if (LOG.isDebugEnabled()) {
238             String outputString =
239                 XMLUtils.prettyDocumentToString(doc);
240             LOG.debug(outputString);
241         }
242 
243         SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
244         byte[] encodedBytes = KeyUtils.generateDigest(keyData);
245         String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
246         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
247 
248         verify(doc, secretKeyCallbackHandler);
249     }
250 
251     @Test
252     public void testAsymmetricEncryption() throws Exception {
253         final WSSConfig cfg = WSSConfig.getNewInstance();
254         final RequestData reqData = new RequestData();
255         reqData.setWssConfig(cfg);
256         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
257         messageContext.put(
258             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
259         );
260         reqData.setMsgContext(messageContext);
261 
262         EncryptionActionToken actionToken = new EncryptionActionToken();
263         actionToken.setUser("wss40");
264         actionToken.setCryptoProperties("wss40.properties");
265 
266         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
267         CustomHandler handler = new CustomHandler();
268         List<HandlerAction> actions = new ArrayList<>();
269         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
270         handler.send(
271             doc,
272             reqData,
273             actions,
274             true
275         );
276 
277         if (LOG.isDebugEnabled()) {
278             String outputString =
279                 XMLUtils.prettyDocumentToString(doc);
280             LOG.debug(outputString);
281         }
282 
283         verify(doc, new KeystoreCallbackHandler());
284     }
285 
286     @Test
287     public void testAsymmetricEncryptionIncludeToken() throws Exception {
288         final WSSConfig cfg = WSSConfig.getNewInstance();
289         final RequestData reqData = new RequestData();
290         reqData.setWssConfig(cfg);
291         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
292         messageContext.put(
293             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
294         );
295         reqData.setMsgContext(messageContext);
296 
297         EncryptionActionToken actionToken = new EncryptionActionToken();
298         actionToken.setUser("wss40");
299         actionToken.setCryptoProperties("wss40.properties");
300         actionToken.setIncludeToken(true);
301 
302         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
303         CustomHandler handler = new CustomHandler();
304         List<HandlerAction> actions = new ArrayList<>();
305         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
306         handler.send(
307             doc,
308             reqData,
309             actions,
310             true
311         );
312 
313         if (LOG.isDebugEnabled()) {
314             String outputString =
315                 XMLUtils.prettyDocumentToString(doc);
316             LOG.debug(outputString);
317         }
318 
319         verify(doc, new KeystoreCallbackHandler());
320     }
321 
322     @Test
323     public void testSymmetricEncryption() throws Exception {
324         final WSSConfig cfg = WSSConfig.getNewInstance();
325         final RequestData reqData = new RequestData();
326         reqData.setWssConfig(cfg);
327         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
328         messageContext.put(
329             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
330         );
331         reqData.setMsgContext(messageContext);
332 
333         EncryptionActionToken actionToken = new EncryptionActionToken();
334         actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
335         actionToken.setKey(keyData);
336         actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
337         actionToken.setEncSymmetricEncryptionKey(false);
338 
339         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
340         CustomHandler handler = new CustomHandler();
341         List<HandlerAction> actions = new ArrayList<>();
342         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
343         handler.send(
344             doc,
345             reqData,
346             actions,
347             true
348         );
349 
350         if (LOG.isDebugEnabled()) {
351             String outputString =
352                 XMLUtils.prettyDocumentToString(doc);
353             LOG.debug(outputString);
354         }
355 
356         SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
357         byte[] encodedBytes = KeyUtils.generateDigest(keyData);
358         String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
359         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
360 
361         verify(doc, secretKeyCallbackHandler);
362     }
363 
364     @Test
365     public void testAsymmetricDoubleEncryption() throws Exception {
366         final WSSConfig cfg = WSSConfig.getNewInstance();
367         final RequestData reqData = new RequestData();
368         reqData.setWssConfig(cfg);
369         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
370         messageContext.put(
371             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
372         );
373         reqData.setMsgContext(messageContext);
374 
375         EncryptionActionToken actionToken = new EncryptionActionToken();
376         actionToken.setUser("wss40");
377         actionToken.setCryptoProperties("wss40.properties");
378 
379         EncryptionActionToken actionToken2 = new EncryptionActionToken();
380         actionToken2.setUser("16c73ab6-b892-458f-abf5-2f875f74882e");
381         actionToken2.setCryptoProperties("crypto.properties");
382         WSEncryptionPart encP =
383             new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
384         actionToken2.setParts(Collections.singletonList(encP));
385 
386         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
387         CustomHandler handler = new CustomHandler();
388         List<HandlerAction> actions = new ArrayList<>();
389         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
390         actions.add(new HandlerAction(WSConstants.TS, null));
391         actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
392         handler.send(
393             doc,
394             reqData,
395             actions,
396             true
397         );
398 
399         if (LOG.isDebugEnabled()) {
400             String outputString =
401                 XMLUtils.prettyDocumentToString(doc);
402             LOG.debug(outputString);
403         }
404 
405         // Not verifying due to two separate Crypto instances...
406     }
407 
408     @Test
409     public void testMixedDoubleEncryption() throws Exception {
410         final WSSConfig cfg = WSSConfig.getNewInstance();
411         final RequestData reqData = new RequestData();
412         reqData.setWssConfig(cfg);
413         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
414         messageContext.put(
415             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
416         );
417         reqData.setMsgContext(messageContext);
418 
419         EncryptionActionToken actionToken = new EncryptionActionToken();
420         actionToken.setUser("wss40");
421         actionToken.setCryptoProperties("wss40.properties");
422 
423         EncryptionActionToken actionToken2 = new EncryptionActionToken();
424         actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
425         actionToken2.setKey(keyData);
426         actionToken2.setSymmetricAlgorithm(WSConstants.AES_128);
427         actionToken2.setEncSymmetricEncryptionKey(false);
428         WSEncryptionPart encP =
429             new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
430         actionToken2.setParts(Collections.singletonList(encP));
431 
432         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
433         CustomHandler handler = new CustomHandler();
434         List<HandlerAction> actions = new ArrayList<>();
435         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
436         actions.add(new HandlerAction(WSConstants.TS, null));
437         actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
438         handler.send(
439             doc,
440             reqData,
441             actions,
442             true
443         );
444 
445         if (LOG.isDebugEnabled()) {
446             String outputString =
447                 XMLUtils.prettyDocumentToString(doc);
448             LOG.debug(outputString);
449         }
450 
451         SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
452         byte[] encodedBytes = KeyUtils.generateDigest(keyData);
453         String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
454         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
455 
456         CombinedCallbackHandler combinedCallbackHandler =
457             new CombinedCallbackHandler(secretKeyCallbackHandler, new KeystoreCallbackHandler());
458 
459         verify(doc, combinedCallbackHandler);
460     }
461 
462     // Using the same key for signature + encryption here for convenience...
463     @Test
464     public void testAsymmetricSignatureEncryption() throws Exception {
465         final WSSConfig cfg = WSSConfig.getNewInstance();
466         final RequestData reqData = new RequestData();
467         reqData.setWssConfig(cfg);
468         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
469         messageContext.put(
470             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
471         );
472         reqData.setMsgContext(messageContext);
473 
474         SignatureActionToken actionToken = new SignatureActionToken();
475         actionToken.setUser("wss40");
476         actionToken.setCryptoProperties("wss40.properties");
477         actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
478 
479         EncryptionActionToken actionToken2 = new EncryptionActionToken();
480         actionToken2.setUser("wss40");
481         actionToken2.setCryptoProperties("wss40.properties");
482 
483         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
484         CustomHandler handler = new CustomHandler();
485         List<HandlerAction> actions = new ArrayList<>();
486         actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
487         actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
488         handler.send(
489             doc,
490             reqData,
491             actions,
492             true
493         );
494 
495         if (LOG.isDebugEnabled()) {
496             String outputString =
497                 XMLUtils.prettyDocumentToString(doc);
498             LOG.debug(outputString);
499         }
500 
501         verify(doc, new KeystoreCallbackHandler());
502     }
503 
504     @Test
505     public void testSymmetricSignatureEncryption() throws Exception {
506         final WSSConfig cfg = WSSConfig.getNewInstance();
507         final RequestData reqData = new RequestData();
508         reqData.setWssConfig(cfg);
509         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
510         messageContext.put(
511             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
512         );
513         reqData.setMsgContext(messageContext);
514 
515         EncryptionActionToken actionToken = new EncryptionActionToken();
516         actionToken.setKey(keyData);
517         actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
518         actionToken.setKeyIdentifierId(WSConstants.SKI_KEY_IDENTIFIER);
519         actionToken.setUser("wss40");
520         actionToken.setCryptoProperties("wss40.properties");
521         actionToken.setTokenId(IDGenerator.generateID("EK-"));
522 
523         SignatureActionToken actionToken2 = new SignatureActionToken();
524         actionToken2.setKeyIdentifierId(WSConstants.CUSTOM_SYMM_SIGNING);
525         actionToken2.setKey(keyData);
526         actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
527         actionToken2.setTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
528         actionToken2.setTokenId(actionToken.getTokenId());
529 
530         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
531         CustomHandler handler = new CustomHandler();
532         List<HandlerAction> actions = new ArrayList<>();
533         actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
534         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
535         handler.send(
536             doc,
537             reqData,
538             actions,
539             true
540         );
541 
542         if (LOG.isDebugEnabled()) {
543             String outputString =
544                 XMLUtils.prettyDocumentToString(doc);
545             LOG.debug(outputString);
546         }
547 
548         verify(doc, new KeystoreCallbackHandler());
549     }
550 
551     @Test
552     public void testSymmetricSignatureEncryptionResponse() throws Exception {
553         final WSSConfig cfg = WSSConfig.getNewInstance();
554         final RequestData reqData = new RequestData();
555         reqData.setWssConfig(cfg);
556         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
557         messageContext.put(
558             WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
559         );
560         reqData.setMsgContext(messageContext);
561 
562         EncryptionActionToken actionToken = new EncryptionActionToken();
563         actionToken.setKey(keyData);
564         actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
565         actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
566         actionToken.setEncSymmetricEncryptionKey(false);
567 
568         SignatureActionToken actionToken2 = new SignatureActionToken();
569         actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
570         actionToken2.setKey(keyData);
571         actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
572 
573         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
574         CustomHandler handler = new CustomHandler();
575         List<HandlerAction> actions = new ArrayList<>();
576         actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
577         actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
578         handler.send(
579             doc,
580             reqData,
581             actions,
582             true
583         );
584 
585         if (LOG.isDebugEnabled()) {
586             String outputString =
587                 XMLUtils.prettyDocumentToString(doc);
588             LOG.debug(outputString);
589         }
590 
591         SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
592         byte[] encodedBytes = KeyUtils.generateDigest(keyData);
593         String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
594         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
595 
596         verify(doc, secretKeyCallbackHandler);
597     }
598 
599     private WSHandlerResult verify(
600         Document doc, CallbackHandler callbackHandler
601     ) throws Exception {
602         return secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
603     }
604 
605 
606 }