1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.message;
21
22 import java.util.Collections;
23
24 import javax.security.auth.callback.CallbackHandler;
25
26 import org.apache.wss4j.common.util.SOAPUtil;
27 import org.w3c.dom.Document;
28 import org.apache.wss4j.dom.WSConstants;
29 import org.apache.wss4j.dom.common.CustomHandler;
30 import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
31
32 import org.apache.wss4j.dom.engine.WSSConfig;
33 import org.apache.wss4j.dom.engine.WSSecurityEngine;
34 import org.apache.wss4j.common.EncryptionActionToken;
35 import org.apache.wss4j.common.crypto.Crypto;
36 import org.apache.wss4j.common.crypto.CryptoFactory;
37 import org.apache.wss4j.common.ext.WSSecurityException;
38 import org.apache.wss4j.common.util.XMLUtils;
39 import org.apache.wss4j.dom.handler.HandlerAction;
40 import org.apache.wss4j.dom.handler.RequestData;
41 import org.apache.wss4j.dom.handler.WSHandlerConstants;
42
43 import org.junit.jupiter.api.BeforeEach;
44 import org.junit.jupiter.api.Test;
45
46 import static org.junit.jupiter.api.Assertions.assertTrue;
47 import static org.junit.jupiter.api.Assertions.fail;
48
49
50
51
52
53
54
55 public class EncryptionCRLTest {
56 private static final org.slf4j.Logger LOG =
57 org.slf4j.LoggerFactory.getLogger(EncryptionCRLTest.class);
58
59 private WSSecurityEngine secEngine = new WSSecurityEngine();
60 private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
61 private Crypto crypto;
62
63 public EncryptionCRLTest() throws Exception {
64 crypto = CryptoFactory.getInstance("wss40All.properties");
65 }
66
67
68
69
70
71
72 @BeforeEach
73 public void setUp() throws Exception {
74 secEngine.setWssConfig(WSSConfig.getNewInstance());
75 }
76
77
78
79
80
81
82
83 @Test
84 public void testEncryptionWithOutRevocationCheck() throws Exception {
85 final WSSConfig cfg = WSSConfig.getNewInstance();
86 final RequestData reqData = new RequestData();
87 reqData.setWssConfig(cfg);
88 EncryptionActionToken actionToken = new EncryptionActionToken();
89 actionToken.setUser("wss40rev");
90 actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
91 actionToken.setSymmetricAlgorithm(WSConstants.TRIPLE_DES);
92 actionToken.setCrypto(crypto);
93 reqData.setEncryptionToken(actionToken);
94 java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
95 messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
96 reqData.setMsgContext(messageContext);
97 reqData.setUsername("wss40rev");
98
99 final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
100 CustomHandler handler = new CustomHandler();
101 handler.send(
102 doc,
103 reqData,
104 Collections.singletonList(new HandlerAction(WSConstants.ENCR)),
105 true
106 );
107
108 String outputString =
109 XMLUtils.prettyDocumentToString(doc);
110 if (LOG.isDebugEnabled()) {
111 LOG.debug(outputString);
112 }
113
114 verify(doc, crypto, keystoreCallbackHandler);
115 }
116
117
118
119
120
121
122
123
124 @Test
125 @org.junit.jupiter.api.Disabled
126 public void testEncryptionWithRevocationCheck() throws Exception {
127 final WSSConfig cfg = WSSConfig.getNewInstance();
128 final RequestData reqData = new RequestData();
129 reqData.setWssConfig(cfg);
130 EncryptionActionToken actionToken = new EncryptionActionToken();
131 actionToken.setUser("wss40rev");
132 actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
133 actionToken.setSymmetricAlgorithm(WSConstants.TRIPLE_DES);
134 actionToken.setCrypto(crypto);
135 reqData.setEncryptionToken(actionToken);
136 java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
137 messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
138 reqData.setMsgContext(messageContext);
139 reqData.setUsername("wss40rev");
140
141 final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
142 CustomHandler handler = new CustomHandler();
143 handler.setOption(WSHandlerConstants.ENABLE_REVOCATION, "true");
144 try {
145 handler.send(
146 doc,
147 reqData,
148 Collections.singletonList(new HandlerAction(WSConstants.ENCR)),
149 true
150 );
151 fail("Failure expected on a revoked certificate");
152 } catch (WSSecurityException ex) {
153 assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
154 }
155
156 }
157
158
159
160
161
162
163
164
165 private void verify(
166 Document doc, Crypto decCrypto, CallbackHandler handler
167 ) throws Exception {
168 secEngine.processSecurityHeader(doc, null, handler, decCrypto);
169 if (LOG.isDebugEnabled()) {
170 String outputString =
171 XMLUtils.prettyDocumentToString(doc);
172 LOG.debug(outputString);
173 }
174 }
175 }