1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.InputStream;
24 import java.util.ArrayList;
25 import java.util.List;
26
27 import javax.xml.xpath.XPathConstants;
28 import javax.xml.xpath.XPathExpression;
29
30 import org.apache.wss4j.common.ext.WSSecurityException;
31 import org.apache.wss4j.stax.ext.WSSConstants;
32 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
33 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
34 import org.junit.jupiter.api.Test;
35 import org.w3c.dom.Document;
36 import org.w3c.dom.Node;
37 import org.w3c.dom.NodeList;
38
39 import static org.junit.jupiter.api.Assertions.assertEquals;
40 import static org.junit.jupiter.api.Assertions.assertNotNull;
41 import static org.junit.jupiter.api.Assertions.assertTrue;
42 import static org.junit.jupiter.api.Assertions.fail;
43
44
45
46
47
48
49 public class EncryptionCRLTest extends AbstractTestBase {
50
51 @Test
52 public void testEncryptionWithOutRevocationCheck() throws Exception {
53
54 ByteArrayOutputStream baos;
55 {
56 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
57 List<WSSConstants.Action> actions = new ArrayList<>();
58 actions.add(WSSConstants.ENCRYPTION);
59 securityProperties.setActions(actions);
60 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("keys/wss40rev.jks"), "security".toCharArray());
61 securityProperties.setEncryptionUser("wss40rev");
62 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
63
64 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
65 baos = doOutboundSecurity(securityProperties, sourceDocument);
66
67 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
68 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
69 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
70
71 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
72 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
73 assertNotNull(node);
74
75 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
76 assertEquals(nodeList.getLength(), 1);
77
78 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
79 assertEquals(nodeList.getLength(), 1);
80
81 xPathExpression = getXPath("/soap:Envelope/soap:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
82 node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
83 assertNotNull(node);
84
85 assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
86 NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
87 for (int i = 0; i < childNodes.getLength(); i++) {
88 Node child = childNodes.item(i);
89 if (child.getNodeType() == Node.TEXT_NODE) {
90 assertEquals(child.getTextContent().trim(), "");
91 } else if (child.getNodeType() == Node.ELEMENT_NODE) {
92 assertEquals(child, nodeList.item(0));
93 } else {
94 fail("Unexpected Node encountered");
95 }
96 }
97 }
98 }
99
100
101
102
103 @Test
104 @org.junit.jupiter.api.Disabled
105 public void testEncryptionWithRevocationCheck() throws Exception {
106 {
107 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
108 List<WSSConstants.Action> actions = new ArrayList<>();
109 actions.add(WSSConstants.ENCRYPTION);
110 securityProperties.setEnableRevocation(true);
111 securityProperties.setActions(actions);
112 securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("keys/wss40rev.jks"), "security".toCharArray());
113 securityProperties.setEncryptionUser("wss40rev");
114 securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
115 securityProperties.loadCRLCertStore(this.getClass().getClassLoader().getResource("wss40CACRL.pem"));
116
117 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
118
119 try {
120 doOutboundSecurity(securityProperties, sourceDocument);
121 fail("Expected failure on a revocation check");
122 } catch (Exception ex) {
123 assertNotNull(ex.getCause());
124 assertTrue(ex.getCause() instanceof WSSecurityException);
125 }
126 }
127 }
128
129 }