/** Test for various options relating to configuring a key-wrap algorithm */ @org.junit.Test public void testConfiguredKeyWrapAlgorithm() throws Exception { // // This test fails (sometimes) with the IBM JDK // See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737 // if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { return; } TokenIssueOperation issueOperation = new TokenIssueOperation(); issueOperation.setEncryptIssuedToken(true); // Add Token Provider List<TokenProvider> providerList = new ArrayList<TokenProvider>(); providerList.add(new DummyTokenProvider()); issueOperation.setTokenProviders(providerList); // Add Service ServiceMBean service = new StaticService(); service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128); } encryptionProperties.setKeyWrapAlgorithm(WSConstants.KEYTRANSPORT_RSAOAEP); service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(encryptionCrypto); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); issueOperation.setStsProperties(stsProperties); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement<String> tokenType = new JAXBElement<String>( QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE); request.getAny().add(tokenType); request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); // Issue a token - this should use a (new) default key-wrap algorithm as configured RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx); List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); encryptionProperties.setKeyWrapAlgorithm(WSConstants.AES_128); try { issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad key-wrap algorithm"); } catch (STSException ex) { // expected } }