View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import java.util.Collections;
23  
24  import javax.security.auth.callback.CallbackHandler;
25  
26  import org.apache.wss4j.common.util.SOAPUtil;
27  import org.w3c.dom.Document;
28  import org.apache.wss4j.dom.WSConstants;
29  import org.apache.wss4j.dom.common.CustomHandler;
30  import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
31  
32  import org.apache.wss4j.dom.engine.WSSConfig;
33  import org.apache.wss4j.dom.engine.WSSecurityEngine;
34  import org.apache.wss4j.common.EncryptionActionToken;
35  import org.apache.wss4j.common.crypto.Crypto;
36  import org.apache.wss4j.common.crypto.CryptoFactory;
37  import org.apache.wss4j.common.ext.WSSecurityException;
38  import org.apache.wss4j.common.util.XMLUtils;
39  import org.apache.wss4j.dom.handler.HandlerAction;
40  import org.apache.wss4j.dom.handler.RequestData;
41  import org.apache.wss4j.dom.handler.WSHandlerConstants;
42  
43  import org.junit.jupiter.api.BeforeEach;
44  import org.junit.jupiter.api.Test;
45  
46  import static org.junit.jupiter.api.Assertions.assertTrue;
47  import static org.junit.jupiter.api.Assertions.fail;
48  
49  
50  /**
51   * This is a test for Certificate Revocation List checking before encryption.
52   *
53   * This test reuses the revoked certificate from SignatureCRLTest
54   */
55  public class EncryptionCRLTest {
56      private static final org.slf4j.Logger LOG =
57          org.slf4j.LoggerFactory.getLogger(EncryptionCRLTest.class);
58  
59      private WSSecurityEngine secEngine = new WSSecurityEngine();
60      private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
61      private Crypto crypto;
62  
63      public EncryptionCRLTest() throws Exception {
64          crypto = CryptoFactory.getInstance("wss40All.properties");
65      }
66  
67      /**
68       * Setup method
69       *
70       * @throws Exception Thrown when there is a problem in setup
71       */
72      @BeforeEach
73      public void setUp() throws Exception {
74          secEngine.setWssConfig(WSSConfig.getNewInstance());
75      }
76  
77      /**
78       * Test that encrypts without certificate revocation check
79       * so it should pass
80       *
81       * @throws Exception Thrown when there is any problem in encryption or decryption
82       */
83      @Test
84      public void testEncryptionWithOutRevocationCheck() throws Exception {
85          final WSSConfig cfg = WSSConfig.getNewInstance();
86          final RequestData reqData = new RequestData();
87          reqData.setWssConfig(cfg);
88          EncryptionActionToken actionToken = new EncryptionActionToken();
89          actionToken.setUser("wss40rev");
90          actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
91          actionToken.setSymmetricAlgorithm(WSConstants.TRIPLE_DES);
92          actionToken.setCrypto(crypto);
93          reqData.setEncryptionToken(actionToken);
94          java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
95          messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
96          reqData.setMsgContext(messageContext);
97          reqData.setUsername("wss40rev");
98  
99          final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
100         CustomHandler handler = new CustomHandler();
101         handler.send(
102             doc,
103             reqData,
104             Collections.singletonList(new HandlerAction(WSConstants.ENCR)),
105             true
106         );
107 
108         String outputString =
109             XMLUtils.prettyDocumentToString(doc);
110         if (LOG.isDebugEnabled()) {
111             LOG.debug(outputString);
112         }
113 
114         verify(doc, crypto, keystoreCallbackHandler);
115     }
116 
117     /**
118      * Test that encrypts with certificate revocation check
119      * so it should fail
120      *
121      * @throws Exception Thrown when there is any problem in encryption or decryption
122      * TODO Re-enable once CRL issue fixed
123      */
124     @Test
125     @org.junit.jupiter.api.Disabled
126     public void testEncryptionWithRevocationCheck() throws Exception {
127         final WSSConfig cfg = WSSConfig.getNewInstance();
128         final RequestData reqData = new RequestData();
129         reqData.setWssConfig(cfg);
130         EncryptionActionToken actionToken = new EncryptionActionToken();
131         actionToken.setUser("wss40rev");
132         actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
133         actionToken.setSymmetricAlgorithm(WSConstants.TRIPLE_DES);
134         actionToken.setCrypto(crypto);
135         reqData.setEncryptionToken(actionToken);
136         java.util.Map<String, Object> messageContext = new java.util.TreeMap<>();
137         messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, keystoreCallbackHandler);
138         reqData.setMsgContext(messageContext);
139         reqData.setUsername("wss40rev");
140 
141         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
142         CustomHandler handler = new CustomHandler();
143         handler.setOption(WSHandlerConstants.ENABLE_REVOCATION, "true");
144         try {
145             handler.send(
146                 doc,
147                 reqData,
148                 Collections.singletonList(new HandlerAction(WSConstants.ENCR)),
149                 true
150             );
151             fail("Failure expected on a revoked certificate");
152         } catch (WSSecurityException ex) {
153             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
154         }
155 
156     }
157 
158     /**
159      * Verifies the soap envelope <p/>
160      *
161      * @param envelope
162      * @throws Exception
163      *             Thrown when there is a problem in verification
164      */
165     private void verify(
166         Document doc, Crypto decCrypto, CallbackHandler handler
167     ) throws Exception {
168         secEngine.processSecurityHeader(doc, null, handler, decCrypto);
169         if (LOG.isDebugEnabled()) {
170             String outputString =
171                 XMLUtils.prettyDocumentToString(doc);
172             LOG.debug(outputString);
173         }
174     }
175 }