/**
* Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
* generated session key which is then encrypted using a public key. The request is generated
* using WSHandler, instead of coding it.
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
final WSSConfig cfg = WSSConfig.getNewInstance();
final RequestData reqData = new RequestData();
reqData.setWssConfig(cfg);
java.util.Map messageContext = new java.util.TreeMap();
messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1");
messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
reqData.setMsgContext(messageContext);
reqData.setUsername("");
final java.util.Vector actions = new java.util.Vector();
actions.add(new Integer(WSConstants.ENCR));
Document doc = unsignedEnvelope.getAsDocument();
MyHandler handler = new MyHandler();
handler.send(WSConstants.ENCR, doc, reqData, actions, true);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
verify(doc);
}
/**
* Verifies the soap envelope
*
* <p>
*
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
private void verify(Document doc) throws Exception {
secEngine.processSecurityHeader(doc, null, this, crypto);
if (LOG.isDebugEnabled()) {
LOG.debug("Verfied and decrypted message:");
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
}
/**
* Test that first signs, then encrypts a WS-Security envelope.
*
* <p>
*
* @throws Exception Thrown when there is any problem in signing, encryption, decryption, or
* verification
*/
public void testEncryptedKeySignature() throws Exception {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
LOG.info("Before Sign/Encryption....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
encrKey.setKeySize(192);
encrKey.prepare(doc, crypto);
WSSecEncrypt encrypt = new WSSecEncrypt();
encrypt.setEncKeyId(encrKey.getId());
encrypt.setEphemeralKey(encrKey.getEphemeralKey());
encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
encrypt.setEncryptSymmKey(false);
encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement());
WSSecSignature sign = new WSSecSignature();
sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sign.setCustomTokenId(encrKey.getId());
sign.setSecretKey(encrKey.getEphemeralKey());
sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
Document signedDoc = sign.build(doc, crypto, secHeader);
Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
LOG.debug(outputString);
}
LOG.info("After Sign/Encryption....");
verify(encryptedSignedDoc);
}
/**
* Test that encrypts and decrypts a WS-Security envelope. The test uses the ThumbprintSHA1 key
* identifier type.
*
* <p>
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testX509EncryptionThumb() throws Exception {
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
LOG.info("Before Encrypting ThumbprintSHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message with THUMBPRINT_IDENTIFIER:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1);
LOG.info("After Encrypting ThumbprintSHA1....");
verify(encryptedDoc);
}
/**
* Test that signs and verifies a WS-Security envelope. The test uses the ThumbprintSHA1 key
* identifier type.
*
* <p>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testX509SignatureThumb() throws Exception {
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
// builder.setUserInfo("john", "keypass");
LOG.info("Before Signing ThumbprintSHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, crypto, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Signed message with ThumbprintSHA1 key identifier:");
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After Signing ThumbprintSHA1....");
verify(signedDoc);
}
/**
* Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes), rather than a
* generated session key which is then encrypted using a public key.
*
* @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
*/
public void testEncryptionSHA1SymmetricBytes() throws Exception {
WSSecEncrypt builder = new WSSecEncrypt();
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
builder.setEphemeralKey(keyData);
builder.setEncryptSymmKey(false);
builder.setUseKeyIdentifier(true);
LOG.info("Before Encrypting EncryptedKeySHA1....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}