/**
* Test that signs (twice) and verifies a WS-Security envelope. The test uses the ThumbprintSHA1
* key identifier type.
*
* <p>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testDoubleX509SignatureThumb() throws Exception {
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
// builder.setUserInfo("john", "keypass");
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, crypto, secHeader);
Document signedDoc1 = builder.build(signedDoc, crypto, secHeader);
verify(signedDoc1);
}
/**
* Test that first signs, then encrypts a WS-Security envelope.
*
* <p>
*
* @throws Exception Thrown when there is any problem in signing, encryption, decryption, or
* verification
*/
public void testEncryptedKeySignature() throws Exception {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
LOG.info("Before Sign/Encryption....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
encrKey.setKeySize(192);
encrKey.prepare(doc, crypto);
WSSecEncrypt encrypt = new WSSecEncrypt();
encrypt.setEncKeyId(encrKey.getId());
encrypt.setEphemeralKey(encrKey.getEphemeralKey());
encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
encrypt.setEncryptSymmKey(false);
encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement());
WSSecSignature sign = new WSSecSignature();
sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sign.setCustomTokenId(encrKey.getId());
sign.setSecretKey(encrKey.getEphemeralKey());
sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
Document signedDoc = sign.build(doc, crypto, secHeader);
Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
LOG.debug(outputString);
}
LOG.info("After Sign/Encryption....");
verify(encryptedSignedDoc);
}
/**
* Test that encrypts and decrypts a WS-Security envelope. The test uses the ThumbprintSHA1 key
* identifier type.
*
* <p>
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testX509EncryptionThumb() throws Exception {
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
LOG.info("Before Encrypting ThumbprintSHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message with THUMBPRINT_IDENTIFIER:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1);
LOG.info("After Encrypting ThumbprintSHA1....");
verify(encryptedDoc);
}
/**
* Test that signs and verifies a WS-Security envelope. The test uses the ThumbprintSHA1 key
* identifier type.
*
* <p>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testX509SignatureThumb() throws Exception {
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
// builder.setUserInfo("john", "keypass");
LOG.info("Before Signing ThumbprintSHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, crypto, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Signed message with ThumbprintSHA1 key identifier:");
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After Signing ThumbprintSHA1....");
verify(signedDoc);
}
/**
* Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes), rather than a
* generated session key which is then encrypted using a public key.
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testEncryptionSHA1SymmetricBytes() throws Exception {
WSSecEncrypt builder = new WSSecEncrypt();
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
builder.setEphemeralKey(keyData);
builder.setEncryptSymmKey(false);
builder.setUseKeyIdentifier(true);
LOG.info("Before Encrypting EncryptedKeySHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
initXpath();
doc = XmlUtils.parseXml(TestUtils.SAMPLE_SOAP_MESSAGE);
secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
manualSAMLentry = new ManualSAMLEntry();
manualSAMLentry.init(wssEntryConfigMock, outgoingWssMock);
when(wssEntryConfigMock.getConfiguration()).thenReturn(xmlObjectMock);
when(contextMock.expand(TestUtils.SAMPLE_SAML_1_ASSERTION))
.thenReturn(TestUtils.SAMPLE_SAML_1_ASSERTION);
}
