/** * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a * generated session key which is then encrypted using a public key. The request is generated * using WSHandler, instead of coding it. * * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption */ public void testEncryptionSHA1SymmetricBytesHandler() throws Exception { final WSSConfig cfg = WSSConfig.getNewInstance(); final RequestData reqData = new RequestData(); reqData.setWssConfig(cfg); java.util.Map messageContext = new java.util.TreeMap(); messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false"); messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1"); messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this); reqData.setMsgContext(messageContext); reqData.setUsername(""); final java.util.Vector actions = new java.util.Vector(); actions.add(new Integer(WSConstants.ENCR)); Document doc = unsignedEnvelope.getAsDocument(); MyHandler handler = new MyHandler(); handler.send(WSConstants.ENCR, doc, reqData, actions, true); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); if (LOG.isDebugEnabled()) { LOG.debug(outputString); } verify(doc); }
/** * Verifies the soap envelope * * <p> * * @param doc * @throws Exception Thrown when there is a problem in verification */ private void verify(Document doc) throws Exception { secEngine.processSecurityHeader(doc, null, this, crypto); if (LOG.isDebugEnabled()) { LOG.debug("Verfied and decrypted message:"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } }
/** * Test that first signs, then encrypts a WS-Security envelope. * * <p> * * @throws Exception Thrown when there is any problem in signing, encryption, decryption, or * verification */ public void testEncryptedKeySignature() throws Exception { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); LOG.info("Before Sign/Encryption...."); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security"); encrKey.setKeySize(192); encrKey.prepare(doc, crypto); WSSecEncrypt encrypt = new WSSecEncrypt(); encrypt.setEncKeyId(encrKey.getId()); encrypt.setEphemeralKey(encrKey.getEphemeralKey()); encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); encrypt.setEncryptSymmKey(false); encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement()); WSSecSignature sign = new WSSecSignature(); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sign.setCustomTokenId(encrKey.getId()); sign.setSecretKey(encrKey.getEphemeralKey()); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); Document signedDoc = sign.build(doc, crypto, secHeader); Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader); if (LOG.isDebugEnabled()) { LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc); LOG.debug(outputString); } LOG.info("After Sign/Encryption...."); verify(encryptedSignedDoc); }
/** * Test that encrypts and decrypts a WS-Security envelope. The test uses the ThumbprintSHA1 key * identifier type. * * <p> * * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption */ public void testX509EncryptionThumb() throws Exception { WSSecEncrypt builder = new WSSecEncrypt(); builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security"); builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); LOG.info("Before Encrypting ThumbprintSHA1...."); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); Document encryptedDoc = builder.build(doc, crypto, secHeader); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc); if (LOG.isDebugEnabled()) { LOG.debug("Encrypted message with THUMBPRINT_IDENTIFIER:"); LOG.debug(outputString); } assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1); LOG.info("After Encrypting ThumbprintSHA1...."); verify(encryptedDoc); }
/** * Test that signs and verifies a WS-Security envelope. The test uses the ThumbprintSHA1 key * identifier type. * * <p> * * @throws java.lang.Exception Thrown when there is any problem in signing or verification */ public void testX509SignatureThumb() throws Exception { WSSecSignature builder = new WSSecSignature(); builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security"); builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); // builder.setUserInfo("john", "keypass"); LOG.info("Before Signing ThumbprintSHA1...."); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); Document signedDoc = builder.build(doc, crypto, secHeader); if (LOG.isDebugEnabled()) { LOG.debug("Signed message with ThumbprintSHA1 key identifier:"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } LOG.info("After Signing ThumbprintSHA1...."); verify(signedDoc); }
/** * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes), rather than a * generated session key which is then encrypted using a public key. * * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption */ public void testEncryptionSHA1SymmetricBytes() throws Exception { WSSecEncrypt builder = new WSSecEncrypt(); builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); builder.setEphemeralKey(keyData); builder.setEncryptSymmKey(false); builder.setUseKeyIdentifier(true); LOG.info("Before Encrypting EncryptedKeySHA1...."); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); Document encryptedDoc = builder.build(doc, crypto, secHeader); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc); if (LOG.isDebugEnabled()) { LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:"); LOG.debug(outputString); } assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1); LOG.info("After Encrypting EncryptedKeySHA1...."); verify(encryptedDoc); }