1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.InputStream;
24 import java.nio.charset.StandardCharsets;
25 import java.security.cert.X509Certificate;
26 import java.util.ArrayList;
27 import java.util.List;
28 import java.util.Properties;
29
30 import javax.crypto.KeyGenerator;
31 import javax.crypto.SecretKey;
32 import javax.xml.stream.XMLStreamReader;
33 import javax.xml.stream.XMLStreamWriter;
34 import javax.xml.transform.dom.DOMSource;
35 import javax.xml.transform.stream.StreamResult;
36
37 import org.apache.wss4j.common.crypto.Crypto;
38 import org.apache.wss4j.common.crypto.CryptoFactory;
39 import org.apache.wss4j.common.crypto.CryptoType;
40 import org.apache.wss4j.common.derivedKey.ConversationConstants;
41 import org.apache.wss4j.common.token.SecurityTokenReference;
42 import org.apache.wss4j.common.util.KeyUtils;
43 import org.apache.wss4j.common.util.SOAPUtil;
44 import org.apache.wss4j.dom.WSConstants;
45 import org.apache.wss4j.dom.engine.WSSConfig;
46 import org.apache.wss4j.dom.handler.WSHandlerConstants;
47 import org.apache.wss4j.dom.message.WSSecDKEncrypt;
48 import org.apache.wss4j.dom.message.WSSecDKSign;
49 import org.apache.wss4j.dom.message.WSSecEncryptedKey;
50 import org.apache.wss4j.dom.message.WSSecHeader;
51 import org.apache.wss4j.dom.message.WSSecSecurityContextToken;
52 import org.apache.wss4j.stax.ext.WSSConstants;
53 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
54 import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
55 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
56 import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
57 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
58 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
59 import org.apache.wss4j.stax.setup.InboundWSSec;
60 import org.apache.wss4j.stax.setup.OutboundWSSec;
61 import org.apache.wss4j.stax.setup.WSSec;
62 import org.apache.wss4j.stax.test.utils.StAX2DOM;
63 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
64 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
65 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
66 import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
67 import org.junit.jupiter.api.BeforeAll;
68 import org.junit.jupiter.params.ParameterizedTest;
69 import org.junit.jupiter.params.provider.ValueSource;
70 import org.w3c.dom.Attr;
71 import org.w3c.dom.Document;
72 import org.w3c.dom.NodeList;
73
74 import static org.junit.jupiter.api.Assertions.assertEquals;
75
76 public class DerivedKeyTokenTest extends AbstractTestBase {
77
78 @BeforeAll
79 public static void setUp() throws Exception {
80 WSSConfig.init();
81 }
82
83 @ParameterizedTest
84 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
85 public void testEncryptionDecryptionTRIPLEDESOutbound(int version) throws Exception {
86 ByteArrayOutputStream baos = new ByteArrayOutputStream();
87 {
88 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
89 List<WSSConstants.Action> actions = new ArrayList<>();
90 actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
91 securityProperties.setActions(actions);
92 byte[] secret = WSSConstants.generateBytes(192 / 8);
93 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
94 securityProperties.setCallbackHandler(callbackHandler);
95 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
96 securityProperties.setEncryptionUser("receiver");
97 securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
98 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
99
100 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
101 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
102 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
103 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
104 xmlStreamWriter.close();
105
106 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
107 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
108 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
109 }
110 {
111 String action = WSHandlerConstants.ENCRYPTION;
112 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
113 }
114 }
115
116 @ParameterizedTest
117 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
118 public void testEncryptionDecryptionOutboundDeprecatedTag(int version) throws Exception {
119 ByteArrayOutputStream baos = new ByteArrayOutputStream();
120 {
121 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
122 List<WSSConstants.Action> actions = new ArrayList<>();
123 actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
124 securityProperties.setActions(actions);
125 byte[] secret = WSSConstants.generateBytes(192 / 8);
126 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
127 securityProperties.setCallbackHandler(callbackHandler);
128 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
129 securityProperties.setEncryptionUser("receiver");
130 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
131
132 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
133 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
134 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
135 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
136 xmlStreamWriter.close();
137
138 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
139 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
140 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
141 }
142 {
143 String action = WSHandlerConstants.ENCRYPTION;
144 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
145 }
146 }
147
148 @ParameterizedTest
149 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
150 public void testEncryptionDecryptionTRIPLEDESInbound(int version) throws Exception {
151
152 ByteArrayOutputStream baos = new ByteArrayOutputStream();
153 {
154 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
155 WSSecHeader secHeader = new WSSecHeader(doc);
156 secHeader.insertSecurityHeader();
157
158 WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
159 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
160 sctBuilder.setWscVersion(version);
161 sctBuilder.prepare(crypto);
162
163
164 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
165 encrKeyBuilder.setUserInfo("receiver");
166 encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
167 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
168 SecretKey symmetricKey = keyGen.generateKey();
169 encrKeyBuilder.prepare(crypto, symmetricKey);
170
171
172 byte[] ek = symmetricKey.getEncoded();
173 String tokenIdentifier = encrKeyBuilder.getId();
174
175
176 WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(secHeader);
177 encrBuilder.setWscVersion(version);
178 encrBuilder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
179 encrBuilder.setTokenIdentifier(tokenIdentifier);
180 encrBuilder.build(ek);
181
182 encrKeyBuilder.prependToHeader();
183 encrKeyBuilder.prependBSTElementToHeader();
184
185 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
186 assertEquals(nodeList.getLength(), 1);
187
188 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
189 transformer.transform(new DOMSource(doc), new StreamResult(baos));
190 }
191
192 {
193 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
194 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
195 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
196 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
197
198 SecurityEventConstants.Event[] expectedSecurityEvents = new SecurityEventConstants.Event[]{
199 WSSecurityEventConstants.AlgorithmSuite,
200 WSSecurityEventConstants.AlgorithmSuite,
201 WSSecurityEventConstants.AlgorithmSuite,
202 WSSecurityEventConstants.AlgorithmSuite,
203 WSSecurityEventConstants.X509Token,
204 WSSecurityEventConstants.ENCRYPTED_PART,
205 WSSecurityEventConstants.OPERATION,
206 };
207 final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
208 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(
209 xmlInputFactory.createXMLStreamReader(
210 new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
211
212 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
213
214 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
215 assertEquals(nodeList.getLength(), 0);
216
217 securityEventListener.compare();
218
219 EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART);
220 OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION);
221 String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
222 String operationCorrelationID = operationSecurityEvent.getCorrelationID();
223
224 List<SecurityEvent> operationSecurityEvents = new ArrayList<>();
225 List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<>();
226
227 List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
228 for (int i = 0; i < securityEvents.size(); i++) {
229 SecurityEvent securityEvent = securityEvents.get(i);
230 if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
231 encryptedPartSecurityEvents.add(securityEvent);
232 } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
233 operationSecurityEvents.add(securityEvent);
234 }
235 }
236
237 assertEquals(6, encryptedPartSecurityEvents.size());
238 assertEquals(1, operationSecurityEvents.size());
239 assertEquals(securityEventListener.getReceivedSecurityEvents().size(), operationSecurityEvents.size() + encryptedPartSecurityEvents.size());
240 }
241 }
242
243 @ParameterizedTest
244 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
245 public void testEncryptionDecryptionTRIPLEDESInboundAction(int version) throws Exception {
246
247 ByteArrayOutputStream baos = new ByteArrayOutputStream();
248 {
249 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
250 String action = WSHandlerConstants.ENCRYPTION_DERIVED;
251
252 Properties properties = new Properties();
253 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
254 if (version == ConversationConstants.VERSION_05_02) {
255 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
256 }
257 properties.put(WSHandlerConstants.USER, "receiver");
258 properties.put(WSHandlerConstants.ENC_SYM_ALGO,
259 "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
260 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
261
262
263 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
264 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
265
266 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
267 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
268 }
269
270 {
271 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
272 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
273 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
274 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
275
276 SecurityEventConstants.Event[] expectedSecurityEvents = new SecurityEventConstants.Event[]{
277 WSSecurityEventConstants.AlgorithmSuite,
278 WSSecurityEventConstants.AlgorithmSuite,
279 WSSecurityEventConstants.AlgorithmSuite,
280 WSSecurityEventConstants.AlgorithmSuite,
281 WSSecurityEventConstants.X509Token,
282 WSSecurityEventConstants.ENCRYPTED_PART,
283 WSSecurityEventConstants.OPERATION,
284 };
285 final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
286 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(
287 xmlInputFactory.createXMLStreamReader(
288 new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
289
290 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
291
292 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
293 assertEquals(nodeList.getLength(), 0);
294
295 securityEventListener.compare();
296
297 EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART);
298 OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION);
299 String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
300 String operationCorrelationID = operationSecurityEvent.getCorrelationID();
301
302 List<SecurityEvent> operationSecurityEvents = new ArrayList<>();
303 List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<>();
304
305 List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
306 for (int i = 0; i < securityEvents.size(); i++) {
307 SecurityEvent securityEvent = securityEvents.get(i);
308 if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
309 encryptedPartSecurityEvents.add(securityEvent);
310 } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
311 operationSecurityEvents.add(securityEvent);
312 }
313 }
314
315 assertEquals(6, encryptedPartSecurityEvents.size());
316 assertEquals(1, operationSecurityEvents.size());
317 assertEquals(securityEventListener.getReceivedSecurityEvents().size(), operationSecurityEvents.size() + encryptedPartSecurityEvents.size());
318 }
319 }
320
321 @ParameterizedTest
322 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
323 public void testEncryptionDecryptionAES128Outbound(int version) throws Exception {
324 ByteArrayOutputStream baos = new ByteArrayOutputStream();
325 {
326 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
327 List<WSSConstants.Action> actions = new ArrayList<>();
328 actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
329 securityProperties.setActions(actions);
330 byte[] secret = WSSConstants.generateBytes(128 / 8);
331 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
332 securityProperties.setCallbackHandler(callbackHandler);
333 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
334 securityProperties.setEncryptionUser("receiver");
335 securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
336 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
337
338 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
339 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
340 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
341 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
342 xmlStreamWriter.close();
343
344 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
345 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
346 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
347 }
348 {
349 String action = WSHandlerConstants.ENCRYPTION;
350 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
351 }
352 }
353
354 @ParameterizedTest
355 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
356 public void testEncryptionDecryptionAES128Inbound(int version) throws Exception {
357
358 ByteArrayOutputStream baos = new ByteArrayOutputStream();
359 {
360 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
361 WSSecHeader secHeader = new WSSecHeader(doc);
362 secHeader.insertSecurityHeader();
363
364 WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
365 sctBuilder.setWscVersion(version);
366 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
367 sctBuilder.prepare(crypto);
368
369
370 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
371 encrKeyBuilder.setUserInfo("receiver");
372 encrKeyBuilder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
373 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
374 SecretKey symmetricKey = keyGen.generateKey();
375 encrKeyBuilder.prepare(crypto, symmetricKey);
376
377
378 byte[] ek = symmetricKey.getEncoded();
379 String tokenIdentifier = encrKeyBuilder.getId();
380
381
382 WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(secHeader);
383 encrBuilder.setWscVersion(version);
384 encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
385 encrBuilder.setTokenIdentifier(tokenIdentifier);
386 encrBuilder.build(ek);
387
388 encrKeyBuilder.prependToHeader();
389 encrKeyBuilder.prependBSTElementToHeader();
390
391 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
392 assertEquals(nodeList.getLength(), 1);
393
394 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
395 transformer.transform(new DOMSource(doc), new StreamResult(baos));
396 }
397 {
398 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
399 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
400 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
401 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
402 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
403
404 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
405
406 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
407 assertEquals(nodeList.getLength(), 0);
408 }
409 }
410
411 @ParameterizedTest
412 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
413 public void testEncryptionDecryptionAES128InboundAction(int version) throws Exception {
414
415 ByteArrayOutputStream baos = new ByteArrayOutputStream();
416 {
417 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
418 String action = WSHandlerConstants.ENCRYPTION_DERIVED;
419
420 Properties properties = new Properties();
421 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
422 if (version == ConversationConstants.VERSION_05_02) {
423 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
424 }
425 properties.put(WSHandlerConstants.USER, "receiver");
426 properties.put(WSHandlerConstants.ENC_SYM_ALGO,
427 "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
428 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
429
430
431 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
432 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
433
434 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
435 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
436 }
437
438 {
439 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
440 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
441 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
442 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
443 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
444
445 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
446
447 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
448 assertEquals(nodeList.getLength(), 0);
449 }
450 }
451
452 @ParameterizedTest
453 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
454 public void testSignatureOutbound() throws Exception {
455 ByteArrayOutputStream baos = new ByteArrayOutputStream();
456 {
457 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
458 List<WSSConstants.Action> actions = new ArrayList<>();
459 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
460 securityProperties.setActions(actions);
461 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
462 securityProperties.setCallbackHandler(callbackHandler);
463 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
464 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
465 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
466 securityProperties.setEncryptionUser("receiver");
467 securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
468 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
469 securityProperties.setSignatureUser("receiver");
470
471 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
472 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
473 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
474 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
475 xmlStreamWriter.close();
476
477 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
478 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
479 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
480 }
481 {
482 String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPTION;
483 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
484 }
485 }
486
487 @ParameterizedTest
488 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
489 public void testSignatureInbound(int version) throws Exception {
490
491 ByteArrayOutputStream baos = new ByteArrayOutputStream();
492 {
493 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
494 WSSecHeader secHeader = new WSSecHeader(doc);
495 secHeader.insertSecurityHeader();
496
497
498 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
499 encrKeyBuilder.setUserInfo("receiver");
500 encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
501 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
502
503 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
504 SecretKey symmetricKey = keyGen.generateKey();
505 encrKeyBuilder.prepare(crypto, symmetricKey);
506
507
508 byte[] ek = symmetricKey.getEncoded();
509 String tokenIdentifier = encrKeyBuilder.getId();
510
511
512 WSSecDKSign sigBuilder = new WSSecDKSign(secHeader);
513 sigBuilder.setWscVersion(version);
514 sigBuilder.setTokenIdentifier(tokenIdentifier);
515 sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
516 sigBuilder.build(ek);
517
518 encrKeyBuilder.prependToHeader();
519 encrKeyBuilder.prependBSTElementToHeader();
520
521 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
522 assertEquals(nodeList.getLength(), 1);
523
524 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
525 transformer.transform(new DOMSource(doc), new StreamResult(baos));
526 }
527
528 {
529 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
530 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
531 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
532 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
533 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
534 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
535
536 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
537
538 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
539 assertEquals(nodeList.getLength(), 1);
540 }
541 }
542
543 @ParameterizedTest
544 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
545 public void testSignatureInboundAction(int version) throws Exception {
546
547 ByteArrayOutputStream baos = new ByteArrayOutputStream();
548 {
549 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
550 String action = WSHandlerConstants.SIGNATURE_DERIVED;
551
552 Properties properties = new Properties();
553 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
554 if (version == ConversationConstants.VERSION_05_02) {
555 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
556 }
557 properties.put(WSHandlerConstants.USER, "receiver");
558 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
559
560
561 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
562 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
563
564 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
565 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
566 }
567
568 {
569 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
570 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
571 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
572 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
573 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
574 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
575
576 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
577
578 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
579 assertEquals(nodeList.getLength(), 1);
580 }
581 }
582
583 @ParameterizedTest
584 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
585 public void testSignatureThumbprintSHA1Outbound(int version) throws Exception {
586 ByteArrayOutputStream baos = new ByteArrayOutputStream();
587 {
588 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
589 List<WSSConstants.Action> actions = new ArrayList<>();
590 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
591 securityProperties.setActions(actions);
592 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
593 securityProperties.setCallbackHandler(callbackHandler);
594 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
595 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
596 securityProperties.setSignatureUser("receiver");
597 securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
598 securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
599
600 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
601 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
602 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
603 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
604 xmlStreamWriter.close();
605
606 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
607 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
608 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
609
610 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_SCT.getNamespaceURI(), WSSConstants.TAG_WSC0512_SCT.getLocalPart());
611 assertEquals(nodeList.getLength(), 0);
612 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
613 assertEquals(nodeList.getLength(), 0);
614 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_DKT.getNamespaceURI(), WSSConstants.TAG_WSC0512_DKT.getLocalPart());
615 assertEquals(nodeList.getLength(), 1);
616 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSSE_KEY_IDENTIFIER.getNamespaceURI(), WSSConstants.TAG_WSSE_KEY_IDENTIFIER.getLocalPart());
617 assertEquals(nodeList.getLength(), 1);
618 Attr attr = (Attr) nodeList.item(0).getAttributes().getNamedItem(WSSConstants.ATT_NULL_VALUE_TYPE.getLocalPart());
619 assertEquals(attr.getValue(), WSSConstants.NS_THUMBPRINT);
620 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
621 assertEquals(nodeList.getLength(), 1);
622 }
623 {
624 String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPTION;
625 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
626 }
627 }
628
629 @ParameterizedTest
630 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
631 public void testSignatureThumbprintSHA1Inbound(int version) throws Exception {
632
633 ByteArrayOutputStream baos = new ByteArrayOutputStream();
634 {
635 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
636 WSSecHeader secHeader = new WSSecHeader(doc);
637 secHeader.insertSecurityHeader();
638
639 SecurityTokenReference secToken = new SecurityTokenReference(doc);
640 CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
641 cryptoType.setAlias("transmitter");
642 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
643 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
644 secToken.setKeyIdentifierThumb(certs[0]);
645
646 WSSecDKSign sigBuilder = new WSSecDKSign(secHeader);
647 sigBuilder.setWscVersion(version);
648 java.security.Key key = crypto.getPrivateKey("transmitter", "default");
649 sigBuilder.setStrElem(secToken.getElement());
650 sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
651 sigBuilder.build(key.getEncoded());
652
653 sigBuilder.prependDKElementToHeader();
654
655 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
656 assertEquals(nodeList.getLength(), 1);
657
658 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
659 transformer.transform(new DOMSource(doc), new StreamResult(baos));
660 }
661
662 {
663 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
664 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
665 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
666 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
667 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
668 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
669
670 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
671
672 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
673 assertEquals(nodeList.getLength(), 1);
674 }
675 }
676
677
678 @ParameterizedTest
679 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
680 public void testSignatureThumbprintSHA1InboundAction(int version) throws Exception {
681
682 ByteArrayOutputStream baos = new ByteArrayOutputStream();
683 {
684 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
685 String action = WSHandlerConstants.SIGNATURE_DERIVED;
686
687 Properties properties = new Properties();
688 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
689 if (version == ConversationConstants.VERSION_05_02) {
690 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
691 }
692 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
693
694
695 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
696 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
697
698 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
699 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
700 }
701
702 {
703 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
704 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
705 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
706 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
707 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
708 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
709
710 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
711
712 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
713 assertEquals(nodeList.getLength(), 1);
714 }
715 }
716
717 @ParameterizedTest
718 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
719 public void testSignatureSKIOutbound() throws Exception {
720 ByteArrayOutputStream baos = new ByteArrayOutputStream();
721 {
722 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
723 List<WSSConstants.Action> actions = new ArrayList<>();
724 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
725 securityProperties.setActions(actions);
726 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
727 securityProperties.setCallbackHandler(callbackHandler);
728 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
729 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
730 securityProperties.setSignatureUser("receiver");
731 securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
732 securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier);
733
734 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
735 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
736 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
737 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
738 xmlStreamWriter.close();
739
740 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
741 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
742 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
743
744 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_SCT.getNamespaceURI(), WSSConstants.TAG_WSC0512_SCT.getLocalPart());
745 assertEquals(nodeList.getLength(), 0);
746 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
747 assertEquals(nodeList.getLength(), 0);
748 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_DKT.getNamespaceURI(), WSSConstants.TAG_WSC0512_DKT.getLocalPart());
749 assertEquals(nodeList.getLength(), 1);
750 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSSE_KEY_IDENTIFIER.getNamespaceURI(), WSSConstants.TAG_WSSE_KEY_IDENTIFIER.getLocalPart());
751 assertEquals(nodeList.getLength(), 1);
752 Attr attr = (Attr) nodeList.item(0).getAttributes().getNamedItem(WSSConstants.ATT_NULL_VALUE_TYPE.getLocalPart());
753 assertEquals(attr.getValue(), WSSConstants.NS_X509_SKI);
754 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
755 assertEquals(nodeList.getLength(), 1);
756 }
757 {
758 String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPTION;
759 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
760 }
761 }
762
763 @ParameterizedTest
764 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
765 public void testSignatureSKIInbound(int version) throws Exception {
766
767 ByteArrayOutputStream baos = new ByteArrayOutputStream();
768 {
769 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
770 WSSecHeader secHeader = new WSSecHeader(doc);
771 secHeader.insertSecurityHeader();
772
773 SecurityTokenReference secToken = new SecurityTokenReference(doc);
774 CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
775 cryptoType.setAlias("transmitter");
776 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
777 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
778 secToken.setKeyIdentifierSKI(certs[0], crypto);
779
780 WSSecDKSign sigBuilder = new WSSecDKSign(secHeader);
781 sigBuilder.setWscVersion(version);
782 java.security.Key key = crypto.getPrivateKey("transmitter", "default");
783 sigBuilder.setStrElem(secToken.getElement());
784 sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
785 sigBuilder.build(key.getEncoded());
786
787 sigBuilder.prependDKElementToHeader();
788
789 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
790 assertEquals(nodeList.getLength(), 1);
791
792 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
793 transformer.transform(new DOMSource(doc), new StreamResult(baos));
794 }
795
796 {
797 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
798 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
799 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
800 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
801 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
802 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
803
804 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
805
806 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
807 assertEquals(nodeList.getLength(), 1);
808 }
809 }
810
811 @ParameterizedTest
812 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
813 public void testSignatureSKIInboundAction(int version) throws Exception {
814
815 ByteArrayOutputStream baos = new ByteArrayOutputStream();
816 {
817 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
818 String action = WSHandlerConstants.SIGNATURE_DERIVED;
819
820 Properties properties = new Properties();
821 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
822 properties.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "SKIKeyIdentifier");
823 if (version == ConversationConstants.VERSION_05_02) {
824 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
825 }
826 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
827
828
829 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
830 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
831
832 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
833 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
834 }
835
836 {
837 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
838 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
839 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
840 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
841 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
842 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
843
844 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
845
846 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
847 assertEquals(nodeList.getLength(), 1);
848 }
849 }
850
851 @ParameterizedTest
852 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
853 public void testSignatureEncryptOutbound(int version) throws Exception {
854 ByteArrayOutputStream baos = new ByteArrayOutputStream();
855 {
856 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
857 List<WSSConstants.Action> actions = new ArrayList<>();
858 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
859 actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
860 securityProperties.setActions(actions);
861 CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
862 securityProperties.setCallbackHandler(callbackHandler);
863 securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
864 securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
865 securityProperties.setSignatureUser("receiver");
866 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
867 securityProperties.setEncryptionUser("receiver");
868 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
869 securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
870
871 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
872 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
873 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
874 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
875 xmlStreamWriter.close();
876
877 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
878 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
879 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
880
881 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_SCT.getNamespaceURI(), WSSConstants.TAG_WSC0512_SCT.getLocalPart());
882 assertEquals(nodeList.getLength(), 0);
883 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
884 assertEquals(nodeList.getLength(), 1);
885 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_WSC0512_DKT.getNamespaceURI(), WSSConstants.TAG_WSC0512_DKT.getLocalPart());
886 assertEquals(nodeList.getLength(), 2);
887 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
888 assertEquals(nodeList.getLength(), 1);
889 }
890 {
891 String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPTION;
892 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
893 }
894 }
895
896 @ParameterizedTest
897 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
898 public void testSignatureEncryptInbound(int version) throws Exception {
899
900 ByteArrayOutputStream baos = new ByteArrayOutputStream();
901 {
902 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
903 WSSecHeader secHeader = new WSSecHeader(doc);
904 secHeader.insertSecurityHeader();
905
906 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
907
908
909 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
910 encrKeyBuilder.setUserInfo("receiver");
911 encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
912
913 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
914 SecretKey symmetricKey = keyGen.generateKey();
915 encrKeyBuilder.prepare(crypto, symmetricKey);
916
917
918 byte[] ek = symmetricKey.getEncoded();
919 String tokenIdentifier = encrKeyBuilder.getId();
920
921
922 WSSecDKSign sigBuilder = new WSSecDKSign(secHeader);
923 sigBuilder.setWscVersion(version);
924 sigBuilder.setTokenIdentifier(tokenIdentifier);
925 sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
926 sigBuilder.build(ek);
927
928
929 WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(secHeader);
930 encrBuilder.setWscVersion(version);
931 encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
932 encrBuilder.setTokenIdentifier(tokenIdentifier);
933 encrBuilder.build(ek);
934
935 encrKeyBuilder.prependToHeader();
936 encrKeyBuilder.prependBSTElementToHeader();
937
938 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
939 assertEquals(nodeList.getLength(), 1);
940
941 nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
942 assertEquals(nodeList.getLength(), 1);
943
944 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
945 transformer.transform(new DOMSource(doc), new StreamResult(baos));
946 }
947
948 {
949 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
950 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
951 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
952 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
953 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
954
955 WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{
956 WSSecurityEventConstants.AlgorithmSuite,
957 WSSecurityEventConstants.AlgorithmSuite,
958 WSSecurityEventConstants.AlgorithmSuite,
959 WSSecurityEventConstants.AlgorithmSuite,
960 WSSecurityEventConstants.AlgorithmSuite,
961 WSSecurityEventConstants.AlgorithmSuite,
962 WSSecurityEventConstants.AlgorithmSuite,
963 WSSecurityEventConstants.AlgorithmSuite,
964 WSSecurityEventConstants.AlgorithmSuite,
965 WSSecurityEventConstants.AlgorithmSuite,
966 WSSecurityEventConstants.X509Token,
967 WSSecurityEventConstants.SignatureValue,
968 WSSecurityEventConstants.SIGNED_PART,
969 WSSecurityEventConstants.ENCRYPTED_PART,
970 WSSecurityEventConstants.OPERATION,
971 };
972 final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
973
974 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
975
976 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
977
978 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
979 assertEquals(nodeList.getLength(), 1);
980
981 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
982 assertEquals(nodeList.getLength(), 0);
983
984 securityEventListener.compare();
985
986 EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.ENCRYPTED_PART);
987 SignedPartSecurityEvent signedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SIGNED_PART);
988 SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue);
989 OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.OPERATION);
990 String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
991 String signedElementCorrelationID = signedPartSecurityEvent.getCorrelationID();
992 String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID();
993 String operationCorrelationID = operationSecurityEvent.getCorrelationID();
994
995 List<SecurityEvent> operationSecurityEvents = new ArrayList<>();
996 List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<>();
997 List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
998 List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<>();
999
1000 List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
1001 for (int i = 0; i < securityEvents.size(); i++) {
1002 SecurityEvent securityEvent = securityEvents.get(i);
1003 if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
1004 encryptedPartSecurityEvents.add(securityEvent);
1005 } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
1006 operationSecurityEvents.add(securityEvent);
1007 } else if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
1008 signedElementSecurityEvents.add(securityEvent);
1009 } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) {
1010 signatureValueSecurityEvents.add(securityEvent);
1011 }
1012 }
1013
1014 assertEquals(5, encryptedPartSecurityEvents.size());
1015 assertEquals(3, signedElementSecurityEvents.size());
1016 assertEquals(6, signatureValueSecurityEvents.size());
1017 assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
1018 operationSecurityEvents.size() + encryptedPartSecurityEvents.size() +
1019 signedElementSecurityEvents.size() + signatureValueSecurityEvents.size());
1020 }
1021 }
1022
1023 @ParameterizedTest
1024 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
1025 public void testEncryptSignatureInbound(int version) throws Exception {
1026
1027 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1028 {
1029 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
1030 WSSecHeader secHeader = new WSSecHeader(doc);
1031 secHeader.insertSecurityHeader();
1032
1033 Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
1034
1035
1036 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
1037 encrKeyBuilder.setUserInfo("receiver");
1038 encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
1039
1040 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
1041 SecretKey symmetricKey = keyGen.generateKey();
1042 encrKeyBuilder.prepare(crypto, symmetricKey);
1043
1044
1045 byte[] ek = symmetricKey.getEncoded();
1046 String tokenIdentifier = encrKeyBuilder.getId();
1047
1048
1049 WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(secHeader);
1050 encrBuilder.setWscVersion(version);
1051 encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
1052 encrBuilder.setTokenIdentifier(tokenIdentifier);
1053 encrBuilder.build(ek);
1054
1055
1056 WSSecDKSign sigBuilder = new WSSecDKSign(secHeader);
1057 sigBuilder.setWscVersion(version);
1058 sigBuilder.setTokenIdentifier(tokenIdentifier);
1059 sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
1060 sigBuilder.build(ek);
1061
1062 encrKeyBuilder.prependToHeader();
1063 encrKeyBuilder.prependBSTElementToHeader();
1064
1065 NodeList nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1066 assertEquals(nodeList.getLength(), 1);
1067
1068 nodeList = doc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
1069 assertEquals(nodeList.getLength(), 1);
1070
1071 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1072 transformer.transform(new DOMSource(doc), new StreamResult(baos));
1073 }
1074
1075 {
1076 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1077 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1078 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1079 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1080 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1081 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1082
1083 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1084
1085 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1086 assertEquals(nodeList.getLength(), 1);
1087
1088 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
1089 assertEquals(nodeList.getLength(), 0);
1090 }
1091 }
1092
1093 @ParameterizedTest
1094 @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
1095 public void testEncryptSignatureInboundAction(int version) throws Exception {
1096
1097 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1098
1099 {
1100 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
1101 String action = WSHandlerConstants.SIGNATURE_DERIVED + " " + WSHandlerConstants.ENCRYPTION_DERIVED;
1102
1103 Properties properties = new Properties();
1104 properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
1105 if (version == ConversationConstants.VERSION_05_02) {
1106 properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
1107 }
1108 properties.put(WSHandlerConstants.USER, "receiver");
1109 properties.put(WSHandlerConstants.SIG_ALGO,
1110 "http://www.w3.org/2000/09/xmldsig#hmac-sha1");
1111 Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
1112
1113
1114 NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
1115 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
1116
1117 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
1118 transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
1119 }
1120
1121 {
1122 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
1123 securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1124 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
1125 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
1126 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
1127 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
1128
1129 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
1130
1131 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
1132 assertEquals(nodeList.getLength(), 1);
1133
1134 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
1135 assertEquals(nodeList.getLength(), 0);
1136 }
1137 }
1138 }