1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.nio.charset.StandardCharsets;
26 import java.util.Arrays;
27 import java.util.Collections;
28 import java.util.List;
29 import java.util.Properties;
30 import java.util.UUID;
31
32 import javax.crypto.KeyGenerator;
33 import javax.crypto.SecretKey;
34 import javax.xml.stream.XMLStreamReader;
35 import javax.xml.transform.dom.DOMSource;
36 import javax.xml.transform.stream.StreamResult;
37
38 import org.apache.wss4j.common.WSEncryptionPart;
39 import org.apache.wss4j.common.WSS4JConstants;
40 import org.apache.wss4j.common.crypto.Crypto;
41 import org.apache.wss4j.common.crypto.Merlin;
42 import org.apache.wss4j.common.ext.Attachment;
43 import org.apache.wss4j.common.util.KeyUtils;
44 import org.apache.wss4j.common.util.SOAPUtil;
45 import org.apache.wss4j.common.util.XMLUtils;
46 import org.apache.wss4j.dom.WSConstants;
47 import org.apache.wss4j.dom.message.AttachmentCallbackHandler;
48 import org.apache.wss4j.dom.message.WSSecEncrypt;
49 import org.apache.wss4j.dom.message.WSSecHeader;
50 import org.apache.wss4j.dom.util.WSSecurityUtil;
51 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
52 import org.apache.wss4j.stax.setup.InboundWSSec;
53 import org.apache.wss4j.stax.setup.WSSec;
54 import org.apache.wss4j.stax.test.utils.StAX2DOM;
55 import org.junit.jupiter.api.Test;
56 import org.w3c.dom.Document;
57 import org.w3c.dom.Element;
58 import org.w3c.dom.Node;
59 import org.w3c.dom.NodeList;
60
61 import static org.junit.jupiter.api.Assertions.assertNotNull;
62 import static org.junit.jupiter.api.Assertions.assertEquals;
63 import static org.junit.jupiter.api.Assertions.assertFalse;
64 import static org.junit.jupiter.api.Assertions.assertTrue;
65
66
67
68
69
70 @org.junit.jupiter.api.Disabled
71 public class XOPAttachmentTest extends AbstractTestBase {
72
73 public XOPAttachmentTest() throws Exception {
74 }
75
76 protected byte[] readInputStream(InputStream inputStream) throws IOException {
77 ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
78 int read = 0;
79 byte[] buf = new byte[4096];
80 while ((read = inputStream.read(buf)) != -1) {
81 byteArrayOutputStream.write(buf, 0, read);
82 }
83 return byteArrayOutputStream.toByteArray();
84 }
85
86
87
88
89 @Test
90 public void testEncryptedSOAPBody() throws Exception {
91 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
92 List<Attachment> attachments = createEncryptedBodyInAttachment(doc);
93
94
95 ByteArrayOutputStream baos = new ByteArrayOutputStream();
96 javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
97 transformer.transform(new DOMSource(doc), new StreamResult(baos));
98
99
100 AttachmentCallbackHandler attachmentCallbackHandler = new AttachmentCallbackHandler(attachments);
101 {
102 WSSSecurityProperties securityProperties = new WSSSecurityProperties();
103 securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
104 securityProperties.setCallbackHandler(new CallbackHandlerImpl());
105 securityProperties.setAttachmentCallbackHandler(attachmentCallbackHandler);
106
107 InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
108 XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
109 Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
110
111 NodeList sigReferences = document.getElementsByTagNameNS(WSConstants.SIG_NS, "Reference");
112 assertEquals(2, sigReferences.getLength());
113 }
114 assertFalse(attachmentCallbackHandler.getResponseAttachments().isEmpty());
115 Attachment responseAttachment = attachmentCallbackHandler.getResponseAttachments().get(0);
116
117 byte[] attachmentBytes = readInputStream(responseAttachment.getSourceStream());
118 assertTrue(Arrays.equals(attachmentBytes, SOAPUtil.SAMPLE_SOAP_MSG.getBytes(StandardCharsets.UTF_8)));
119 assertEquals("text/xml", responseAttachment.getMimeType());
120 }
121
122 private List<Attachment> createEncryptedBodyInAttachment(Document doc) throws Exception {
123 WSSecHeader secHeader = new WSSecHeader(doc);
124 secHeader.insertSecurityHeader();
125
126 WSSecEncrypt encrypt = new WSSecEncrypt(secHeader);
127 encrypt.setUserInfo("receiver", "default");
128 encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
129
130 encrypt.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "Content"));
131 encrypt.getParts().add(new WSEncryptionPart("cid:Attachments", "Content"));
132
133 String attachmentId = UUID.randomUUID().toString();
134 final Attachment attachment = new Attachment();
135 attachment.setId(attachmentId);
136 attachment.setSourceStream(new ByteArrayInputStream(SOAPUtil.SAMPLE_SOAP_MSG.getBytes(StandardCharsets.UTF_8)));
137
138 AttachmentCallbackHandler attachmentCallbackHandler =
139 new AttachmentCallbackHandler(Collections.singletonList(attachment));
140 encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
141 List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
142
143 Properties sigProperties = new Properties();
144 sigProperties.setProperty("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
145 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", "transmitter.jks");
146 sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", "default");
147 Crypto crypto = new Merlin(sigProperties, this.getClass().getClassLoader(), null);
148
149 KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
150 SecretKey symmetricKey = keyGen.generateKey();
151 Document encryptedDoc = encrypt.build(crypto, symmetricKey);
152
153
154 Element soapBody = WSSecurityUtil.findBodyElement(encryptedDoc);
155 assertNotNull(soapBody);
156 Element encryptedData =
157 XMLUtils.getDirectChildElement(soapBody, "EncryptedData", WSConstants.ENC_NS);
158 encryptedData.removeAttributeNS(null, "Type");
159 Element cipherData =
160 XMLUtils.getDirectChildElement(encryptedData, "CipherData", WSConstants.ENC_NS);
161 assertNotNull(cipherData);
162 Element cipherValue =
163 XMLUtils.getDirectChildElement(cipherData, "CipherValue", WSConstants.ENC_NS);
164 assertNotNull(cipherValue);
165
166 XMLUtils.setNamespace(cipherValue, WSS4JConstants.XOP_NS, "xop");
167
168 Element cipherValueChild = encryptedDoc.createElementNS(WSConstants.XOP_NS, "Include");
169 cipherValueChild.setAttributeNS(null, "href", "cid:" + encryptedAttachments.get(0).getId());
170 cipherValue.replaceChild(cipherValueChild, cipherValue.getFirstChild());
171
172
173
174 Element securityHeader =
175 WSSecurityUtil.findWsseSecurityHeaderBlock(encryptedDoc, encryptedDoc.getDocumentElement(), false);
176 Element encryptedAttachmentData =
177 XMLUtils.getDirectChildElement(securityHeader, "EncryptedData", WSConstants.ENC_NS);
178 assertNotNull(encryptedAttachmentData);
179 String encryptedDataId = encryptedAttachmentData.getAttributeNS(null, "Id");
180 securityHeader.removeChild(encryptedAttachmentData);
181
182
183 Element encryptedKey =
184 XMLUtils.getDirectChildElement(securityHeader, "EncryptedKey", WSConstants.ENC_NS);
185 assertNotNull(encryptedKey);
186 Element referenceList =
187 XMLUtils.getDirectChildElement(encryptedKey, "ReferenceList", WSConstants.ENC_NS);
188 assertNotNull(referenceList);
189 Node child = referenceList.getFirstChild();
190 while (child != null) {
191 if (child instanceof Element && "DataReference".equals(child.getLocalName())
192 && WSConstants.ENC_NS.equals(child.getNamespaceURI())) {
193 String uri = ((Element)child).getAttributeNS(null, "URI");
194 if (uri.equals("#" + encryptedDataId)) {
195 referenceList.removeChild(child);
196 break;
197 }
198 }
199 child = child.getNextSibling();
200 }
201
202 return encryptedAttachments;
203 }
204
205 }