View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import java.util.Collections;
23  import java.util.Properties;
24  
25  import javax.crypto.KeyGenerator;
26  import javax.crypto.SecretKey;
27  import javax.security.auth.callback.CallbackHandler;
28  
29  import org.apache.wss4j.common.crypto.Crypto;
30  import org.apache.wss4j.common.crypto.CryptoFactory;
31  import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
32  import org.apache.wss4j.common.crypto.PasswordEncryptor;
33  import org.apache.wss4j.common.util.KeyUtils;
34  import org.apache.wss4j.common.util.Loader;
35  import org.apache.wss4j.common.util.SOAPUtil;
36  import org.apache.wss4j.common.util.XMLUtils;
37  import org.apache.wss4j.dom.WSConstants;
38  import org.apache.wss4j.dom.common.CustomHandler;
39  import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
40  
41  import org.apache.wss4j.dom.engine.WSSConfig;
42  import org.apache.wss4j.dom.engine.WSSecurityEngine;
43  import org.apache.wss4j.dom.handler.HandlerAction;
44  import org.apache.wss4j.dom.handler.RequestData;
45  import org.apache.wss4j.dom.handler.WSHandlerConstants;
46  import org.apache.wss4j.dom.handler.WSHandlerResult;
47  
48  import org.junit.jupiter.api.Test;
49  import org.w3c.dom.Document;
50  
51  import static org.junit.jupiter.api.Assertions.assertNotNull;
52  
53  
54  /**
55   * This is a test for signing and encrypting using a Crypto properties file with an encrypted
56   * password
57   */
58  public class PasswordEncryptorTest {
59      private static final org.slf4j.Logger LOG =
60          org.slf4j.LoggerFactory.getLogger(PasswordEncryptorTest.class);
61  
62      private WSSecurityEngine secEngine = new WSSecurityEngine();
63      private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
64      private PasswordEncryptor passwordEncryptor =
65          new JasyptPasswordEncryptor("this-is-a-secret");
66      private Crypto crypto;
67  
68      public PasswordEncryptorTest() throws Exception {
69          WSSConfig.init();
70          Properties properties =
71              CryptoFactory.getProperties("crypto_enc.properties",
72                                          Loader.getClassLoader(CryptoFactory.class));
73          crypto =
74              CryptoFactory.getInstance(properties,
75                                        Loader.getClassLoader(CryptoFactory.class),
76                                        passwordEncryptor);
77      }
78  
79      @Test
80      public void testEncryptedPassword() throws Exception {
81          String encryptedPassword = passwordEncryptor.encrypt("security");
82          //System.out.println(encryptedPassword);
83          assertNotNull(encryptedPassword);
84      }
85  
86      @Test
87      public void testSignature() throws Exception {
88          Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
89          WSSecHeader secHeader = new WSSecHeader(doc);
90          secHeader.insertSecurityHeader();
91  
92          WSSecSignature builder = new WSSecSignature(secHeader);
93          builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
94          builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
95  
96          Document signedDoc = builder.build(crypto);
97  
98          if (LOG.isDebugEnabled()) {
99              String outputString =
100                 XMLUtils.prettyDocumentToString(signedDoc);
101             LOG.debug(outputString);
102         }
103         verify(signedDoc);
104     }
105 
106     @Test
107     public void testSignatureWSHandler() throws Exception {
108         final WSSConfig cfg = WSSConfig.getNewInstance();
109         final RequestData reqData = new RequestData();
110         reqData.setWssConfig(cfg);
111         reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
112         java.util.Map<String, Object> config = new java.util.TreeMap<>();
113         config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto_enc.properties");
114         config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
115         reqData.setMsgContext(config);
116 
117         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
118         CustomHandler handler = new CustomHandler();
119         HandlerAction action = new HandlerAction(WSConstants.SIGN);
120         handler.send(
121             doc,
122             reqData,
123             Collections.singletonList(action),
124             true
125         );
126 
127         String outputString =
128             XMLUtils.prettyDocumentToString(doc);
129         if (LOG.isDebugEnabled()) {
130             LOG.debug(outputString);
131         }
132 
133         verify(doc);
134     }
135 
136     @Test
137     public void testDecryption() throws Exception {
138         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
139         WSSecHeader secHeader = new WSSecHeader(doc);
140         secHeader.insertSecurityHeader();
141 
142         WSSecEncrypt builder = new WSSecEncrypt(secHeader);
143         builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
144         builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
145         builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP);
146 
147         KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
148         SecretKey symmetricKey = keyGen.generateKey();
149         Document encryptedDoc = builder.build(crypto, symmetricKey);
150 
151         String outputString =
152             XMLUtils.prettyDocumentToString(encryptedDoc);
153         if (LOG.isDebugEnabled()) {
154             LOG.debug(outputString);
155         }
156 
157         verify(encryptedDoc);
158     }
159 
160     @Test
161     public void testDecryptionWSHandler() throws Exception {
162         final WSSConfig cfg = WSSConfig.getNewInstance();
163         final RequestData reqData = new RequestData();
164         reqData.setWssConfig(cfg);
165         reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
166         java.util.Map<String, Object> config = new java.util.TreeMap<>();
167         config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto_enc.properties");
168         config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
169         reqData.setMsgContext(config);
170 
171         final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
172         CustomHandler handler = new CustomHandler();
173         HandlerAction action = new HandlerAction(WSConstants.ENCR);
174         handler.send(
175             doc,
176             reqData,
177             Collections.singletonList(action),
178             true
179         );
180 
181         String outputString =
182             XMLUtils.prettyDocumentToString(doc);
183         if (LOG.isDebugEnabled()) {
184             LOG.debug(outputString);
185         }
186 
187         verify(doc);
188     }
189 
190     /**
191      * Verifies the soap envelope.
192      * This method verifies all the signature generated.
193      *
194      * @param doc soap document
195      * @throws Exception Thrown when there is a problem in verification
196      */
197     private WSHandlerResult verify(Document doc) throws Exception {
198         return secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
199     }
200 
201 }