View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.ByteArrayOutputStream;
23  import java.io.InputStream;
24  import java.nio.charset.StandardCharsets;
25  import java.util.ArrayList;
26  import java.util.List;
27  import java.util.Properties;
28  
29  import javax.xml.stream.XMLStreamReader;
30  import javax.xml.stream.XMLStreamWriter;
31  import javax.xml.xpath.XPathConstants;
32  import javax.xml.xpath.XPathExpression;
33  
34  import org.apache.wss4j.common.crypto.CryptoFactory;
35  import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
36  import org.apache.wss4j.common.crypto.PasswordEncryptor;
37  import org.apache.wss4j.dom.handler.WSHandlerConstants;
38  import org.apache.wss4j.stax.ext.WSSConstants;
39  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
40  import org.apache.wss4j.stax.setup.OutboundWSSec;
41  import org.apache.wss4j.stax.setup.WSSec;
42  import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
43  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
44  import org.junit.jupiter.api.Test;
45  import org.w3c.dom.Document;
46  import org.w3c.dom.Element;
47  import org.w3c.dom.Node;
48  import org.w3c.dom.NodeList;
49  
50  import static org.junit.jupiter.api.Assertions.assertEquals;
51  import static org.junit.jupiter.api.Assertions.assertNotNull;
52  import static org.junit.jupiter.api.Assertions.assertTrue;
53  import static org.junit.jupiter.api.Assertions.fail;
54  
55  /**
56   * This is a test for signing and encrypting using a Crypto properties file with an encrypted
57   * password
58   */
59  public class PasswordEncryptorTest extends AbstractTestBase {
60  
61      @Test
62      public void testSignatureCryptoPropertiesOutbound() throws Exception {
63  
64          ByteArrayOutputStream baos = new ByteArrayOutputStream();
65          {
66              WSSSecurityProperties securityProperties = new WSSSecurityProperties();
67              List<WSSConstants.Action> actions = new ArrayList<>();
68              actions.add(WSSConstants.SIGNATURE);
69              securityProperties.setActions(actions);
70              Properties properties =
71                  CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
72              PasswordEncryptor passwordEncryptor =
73                  new JasyptPasswordEncryptor(new CallbackHandlerImpl());
74              securityProperties.setSignatureCryptoProperties(properties, passwordEncryptor);
75              securityProperties.setSignatureUser("transmitter");
76              securityProperties.setCallbackHandler(new CallbackHandlerImpl());
77  
78              OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
79              XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
80              XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
81              XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
82              xmlStreamWriter.close();
83  
84              Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
85              NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
86              assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
87  
88              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
89              assertEquals(nodeList.getLength(), 1);
90  
91              nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
92              assertEquals(nodeList.getLength(), 1);
93              String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
94              assertNotNull(idAttrValue);
95              assertTrue(idAttrValue.length() > 0);
96  
97              nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
98              assertEquals(nodeList.getLength(), 2);
99              assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
100             assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
101         }
102         //done signature; now test sig-verification:
103         {
104             String action = WSHandlerConstants.SIGNATURE;
105             doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
106         }
107     }
108 
109     @Test
110     public void testEncDecryptionCryptoPropertiesOutbound() throws Exception {
111 
112         ByteArrayOutputStream baos;
113         {
114             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
115             List<WSSConstants.Action> actions = new ArrayList<>();
116             actions.add(WSSConstants.ENCRYPTION);
117             securityProperties.setActions(actions);
118             Properties properties =
119                 CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
120             PasswordEncryptor passwordEncryptor =
121                 new JasyptPasswordEncryptor(new CallbackHandlerImpl());
122             securityProperties.setEncryptionCryptoProperties(properties, passwordEncryptor);
123             securityProperties.setEncryptionUser("receiver");
124 
125             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
126             baos = doOutboundSecurity(securityProperties, sourceDocument);
127 
128             Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
129             NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
130             assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
131 
132             XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
133             Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
134             assertNotNull(node);
135 
136             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
137             assertEquals(nodeList.getLength(), 1);
138 
139             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
140             assertEquals(nodeList.getLength(), 1);
141 
142             xPathExpression = getXPath("/soap:Envelope/soap:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
143             node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
144             assertNotNull(node);
145 
146             assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
147             NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
148             for (int i = 0; i < childNodes.getLength(); i++) {
149                 Node child = childNodes.item(i);
150                 if (child.getNodeType() == Node.TEXT_NODE) {
151                     assertEquals(child.getTextContent().trim(), "");
152                 } else if (child.getNodeType() == Node.ELEMENT_NODE) {
153                     assertEquals(child, nodeList.item(0));
154                 } else {
155                     fail("Unexpected Node encountered");
156                 }
157             }
158         }
159 
160         //done encryption; now test decryption:
161         {
162             String action = WSHandlerConstants.ENCRYPTION;
163             doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
164         }
165     }
166 
167 }