/**
* Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
* generated session key which is then encrypted using a public key. The request is generated
* using WSHandler, instead of coding it.
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
final WSSConfig cfg = WSSConfig.getNewInstance();
final RequestData reqData = new RequestData();
reqData.setWssConfig(cfg);
java.util.Map messageContext = new java.util.TreeMap();
messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1");
messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
reqData.setMsgContext(messageContext);
reqData.setUsername("");
final java.util.Vector actions = new java.util.Vector();
actions.add(new Integer(WSConstants.ENCR));
Document doc = unsignedEnvelope.getAsDocument();
MyHandler handler = new MyHandler();
handler.send(WSConstants.ENCR, doc, reqData, actions, true);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
verify(doc);
}
/**
* The method invoke performs the security checks on the soap headers for the incoming message.
*/
public void invoke(MessageContext msgContext)
throws SecurityException, XFireFault, WSSecurityException {
boolean doDebug = log.isDebugEnabled();
if (doDebug) {
log.debug("MuleWSSInSecurityHandler: enter invoke()");
}
RequestData reqData = new RequestData();
try {
reqData.setMsgContext(msgContext);
Vector actions = new Vector();
String action = null;
// the action property in the security header is necessary to know which
// type of security measure to adopt. It cannot be null.
if ((action = (String) getOption(WSHandlerConstants.ACTION)) == null) {
action = getString(WSHandlerConstants.ACTION, msgContext);
}
if (action == null) {
throw new XFireRuntimeException("MuleWSSInHandler: No action defined");
}
int doAction = WSSecurityUtil.decodeAction(action, actions);
String actor = (String) getOption(WSHandlerConstants.ACTOR);
AbstractMessage sm = msgContext.getCurrentMessage();
Document doc = (Document) sm.getProperty(DOMInHandler.DOM_MESSAGE);
if (doc == null)
throw new XFireRuntimeException("DOMInHandler must be enabled for WS-Security!");
// Check if it's a response and if its a fault it doesn't continue.
if (sm.getBody() instanceof XFireFault) return;
// Get the password using a callback handler
CallbackHandler cbHandler = null;
if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
cbHandler = getPasswordCB(reqData);
}
// Get and check the parameters pertaining to the signature and
// encryption actions. Doesn't get SAML properties, though
doReceiverAction(doAction, reqData);
// If we're using signed SAML, we need to get the signature file in order
// to decrypt the SAML token
if (action.equals(WSHandlerConstants.SAML_TOKEN_SIGNED)) {
reqData.setSigCrypto(loadSignatureCrypto(reqData));
}
Vector wsResult = null;
// process the security header
try {
wsResult =
secEngine.processSecurityHeader(
doc, actor, cbHandler, reqData.getSigCrypto(), reqData.getDecCrypto());
} catch (WSSecurityException ex) {
throw new XFireFault(
"MuleWSSInHandler: security processing failed: " + ex.toString(),
ex,
XFireFault.SENDER);
}
// no security header found we check whether the action was set to
// "no_security" or else we throw an exception
if (wsResult == null) {
if (doAction == WSConstants.NO_SECURITY) {
return;
} else {
throw new XFireFault(
"MuleWSSInHandler: Request does not contain required Security header",
XFireFault.SENDER);
}
}
// confim that the signature is valid
if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
checkSignatureConfirmation(reqData, wsResult);
}
// Extract the signature action result from the action vector
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(wsResult, WSConstants.SIGN);
if (actionResult != null) {
X509Certificate returnCert = actionResult.getCertificate();
if (returnCert != null) {
if (!verifyTrust(returnCert, reqData)) {
throw new XFireFault(
"MuleWSSInHandler: The certificate used for the signature is not trusted",
XFireFault.SENDER);
}
}
}
if (actions.elementAt(0).equals(new Integer(16))) {
actions.clear();
actions.add(new Integer(2));
actions.add(new Integer(8));
}
// now check the security actions: do they match, in right order?
if (!checkReceiverResults(wsResult, actions)) {
throw new XFireFault(
"MuleWSSInHandler: security processing failed (actions mismatch)", XFireFault.SENDER);
}
/*
* Construct and setup the security result structure. The service may
* fetch this and check it.
*/
Vector results = null;
if ((results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
results = new Vector();
msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
results.add(0, rResult);
if (doDebug) {
log.debug("MuleWSSInHandler: exit invoke()");
}
} catch (WSSecurityException e) {
throw new WSSecurityException(e.getErrorCode());
} finally {
reqData.clear();
reqData = null;
}
}