@Test public void testEncryptionMethodWithBlacklist() throws ResolverException { KeyDescriptor keyDescriptor = buildKeyDescriptor(rsaCred1KeyName, UsageType.ENCRYPTION, rsaCred1.getPublicKey()); keyDescriptor .getEncryptionMethods() .add(buildEncryptionMethod(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15)); keyDescriptor .getEncryptionMethods() .add(buildEncryptionMethod(EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES)); roleDesc.getKeyDescriptors().add(keyDescriptor); config1.setBlacklistedAlgorithms( Arrays.asList( EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES)); EncryptionParameters params = resolver.resolveSingle(criteriaSet); Assert.assertNotNull(params); Assert.assertEquals( params.getKeyTransportEncryptionCredential().getPublicKey(), rsaCred1.getPublicKey()); Assert.assertEquals(params.getKeyTransportEncryptionAlgorithm(), defaultRSAKeyTransportAlgo); Assert.assertNotNull(params.getKeyTransportKeyInfoGenerator()); Assert.assertNull(params.getDataEncryptionCredential()); Assert.assertEquals(params.getDataEncryptionAlgorithm(), defaultAES128DataAlgo); Assert.assertNull(params.getDataKeyInfoGenerator()); }
@Test public void testEncryptionMethodWithBlacklistedDigest() throws ResolverException { EncryptionMethod rsaEncryptionMethod; DigestMethod digestMethod; KeyDescriptor keyDescriptor = buildKeyDescriptor(rsaCred1KeyName, UsageType.ENCRYPTION, rsaCred1.getPublicKey()); // This one will be effectively blacklist due to the DigestMethod SHA-1, won't be resolved. rsaEncryptionMethod = buildEncryptionMethod(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); digestMethod = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME); digestMethod.setAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1); rsaEncryptionMethod.getUnknownXMLObjects().add(digestMethod); keyDescriptor.getEncryptionMethods().add(rsaEncryptionMethod); // This one will be resolved with DigestMethod SHA-256. rsaEncryptionMethod = buildEncryptionMethod(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); digestMethod = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME); digestMethod.setAlgorithm(EncryptionConstants.ALGO_ID_DIGEST_SHA256); rsaEncryptionMethod.getUnknownXMLObjects().add(digestMethod); keyDescriptor.getEncryptionMethods().add(rsaEncryptionMethod); roleDesc.getKeyDescriptors().add(keyDescriptor); config1.setBlacklistedAlgorithms(Arrays.asList(SignatureConstants.ALGO_ID_DIGEST_SHA1)); EncryptionParameters params = resolver.resolveSingle(criteriaSet); Assert.assertNotNull(params); Assert.assertEquals( params.getKeyTransportEncryptionCredential().getPublicKey(), rsaCred1.getPublicKey()); Assert.assertEquals( params.getKeyTransportEncryptionAlgorithm(), EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); Assert.assertNotNull(params.getKeyTransportKeyInfoGenerator()); Assert.assertNotNull(params.getRSAOAEPParameters()); Assert.assertEquals( params.getRSAOAEPParameters().getDigestMethod(), EncryptionConstants.ALGO_ID_DIGEST_SHA256); Assert.assertNull(params.getRSAOAEPParameters().getMaskGenerationFunction()); Assert.assertNull(params.getRSAOAEPParameters().getOAEPParams()); Assert.assertNull(params.getDataEncryptionCredential()); Assert.assertEquals(params.getDataEncryptionAlgorithm(), defaultAES128DataAlgo); Assert.assertNull(params.getDataKeyInfoGenerator()); }