1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.InputStream;
24 import java.nio.charset.StandardCharsets;
25 import java.util.ArrayList;
26 import java.util.List;
27 import java.util.Properties;
28
29 import javax.xml.stream.XMLStreamReader;
30 import javax.xml.stream.XMLStreamWriter;
31 import javax.xml.xpath.XPathConstants;
32 import javax.xml.xpath.XPathExpression;
33
34 import org.apache.wss4j.common.crypto.CryptoFactory;
35 import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
36 import org.apache.wss4j.common.crypto.PasswordEncryptor;
37 import org.apache.wss4j.dom.handler.WSHandlerConstants;
38 import org.apache.wss4j.stax.ext.WSSConstants;
39 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
40 import org.apache.wss4j.stax.setup.OutboundWSSec;
41 import org.apache.wss4j.stax.setup.WSSec;
42 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
43 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
44 import org.junit.jupiter.api.Test;
45 import org.w3c.dom.Document;
46 import org.w3c.dom.Element;
47 import org.w3c.dom.Node;
48 import org.w3c.dom.NodeList;
49
50 import static org.junit.jupiter.api.Assertions.assertEquals;
51 import static org.junit.jupiter.api.Assertions.assertNotNull;
52 import static org.junit.jupiter.api.Assertions.assertTrue;
53 import static org.junit.jupiter.api.Assertions.fail;
54
55
56
57
58
59 public class PasswordEncryptorTest extends AbstractTestBase {
60
61 @Test
62 public void testSignatureCryptoPropertiesOutbound() throws Exception {
63
64 ByteArrayOutputStream baos = new ByteArrayOutputStream();
65 {
66 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
67 List<WSSConstants.Action> actions = new ArrayList<>();
68 actions.add(WSSConstants.SIGNATURE);
69 securityProperties.setActions(actions);
70 Properties properties =
71 CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
72 PasswordEncryptor passwordEncryptor =
73 new JasyptPasswordEncryptor(new CallbackHandlerImpl());
74 securityProperties.setSignatureCryptoProperties(properties, passwordEncryptor);
75 securityProperties.setSignatureUser("transmitter");
76 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
77
78 OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
79 XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
80 XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
81 XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
82 xmlStreamWriter.close();
83
84 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
85 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
86 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
87
88 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
89 assertEquals(nodeList.getLength(), 1);
90
91 nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_SOAP_BODY_LN);
92 assertEquals(nodeList.getLength(), 1);
93 String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
94 assertNotNull(idAttrValue);
95 assertTrue(idAttrValue.length() > 0);
96
97 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
98 assertEquals(nodeList.getLength(), 2);
99 assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
100 assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
101 }
102
103 {
104 String action = WSHandlerConstants.SIGNATURE;
105 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
106 }
107 }
108
109 @Test
110 public void testEncDecryptionCryptoPropertiesOutbound() throws Exception {
111
112 ByteArrayOutputStream baos;
113 {
114 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
115 List<WSSConstants.Action> actions = new ArrayList<>();
116 actions.add(WSSConstants.ENCRYPTION);
117 securityProperties.setActions(actions);
118 Properties properties =
119 CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
120 PasswordEncryptor passwordEncryptor =
121 new JasyptPasswordEncryptor(new CallbackHandlerImpl());
122 securityProperties.setEncryptionCryptoProperties(properties, passwordEncryptor);
123 securityProperties.setEncryptionUser("receiver");
124
125 InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
126 baos = doOutboundSecurity(securityProperties, sourceDocument);
127
128 Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
129 NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
130 assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
131
132 XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
133 Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
134 assertNotNull(node);
135
136 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
137 assertEquals(nodeList.getLength(), 1);
138
139 nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
140 assertEquals(nodeList.getLength(), 1);
141
142 xPathExpression = getXPath("/soap:Envelope/soap:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
143 node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
144 assertNotNull(node);
145
146 assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
147 NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
148 for (int i = 0; i < childNodes.getLength(); i++) {
149 Node child = childNodes.item(i);
150 if (child.getNodeType() == Node.TEXT_NODE) {
151 assertEquals(child.getTextContent().trim(), "");
152 } else if (child.getNodeType() == Node.ELEMENT_NODE) {
153 assertEquals(child, nodeList.item(0));
154 } else {
155 fail("Unexpected Node encountered");
156 }
157 }
158 }
159
160
161 {
162 String action = WSHandlerConstants.ENCRYPTION;
163 doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
164 }
165 }
166
167 }