/** Test for various options relating to specifying a name for encryption */
  @org.junit.Test
  public void testEncryptionName() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - as no encryption name has been specified the token will not be encrypted
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionName("myservicekey");
    service.setEncryptionProperties(encryptionProperties);

    // Issue a (encrypted) token
    response = issueOperation.issue(request, null, msgCtx);
    securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
  }
  /** Test for various options relating to configuring an algorithm for encryption */
  @org.junit.Test
  public void testConfiguredEncryptionAlgorithm() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - this should use a (new) default encryption algorithm as configured
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad encryption algorithm");
    } catch (STSException ex) {
      // expected
    }
  }
  /** Test for various options relating to configuring a key-wrap algorithm */
  @org.junit.Test
  public void testSpecifiedKeyWrapAlgorithm() throws Exception {
    //
    // This test fails (sometimes) with the IBM JDK
    // See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737
    //
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
      return;
    }

    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    JAXBElement<String> encryptionAlgorithmType =
        new JAXBElement<String>(
            QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP);
    request.getAny().add(encryptionAlgorithmType);

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    // Now specify a non-supported algorithm
    String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
    List<String> acceptedAlgorithms = Collections.singletonList(aesKw);
    encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms);
    request.getAny().remove(request.getAny().size() - 1);
    encryptionAlgorithmType =
        new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw);
    request.getAny().add(encryptionAlgorithmType);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad key-wrap algorithm");
    } catch (STSException ex) {
      // expected
    }
  }