/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ws.security.message;
import javax.security.auth.callback.CallbackHandler;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.common.KeystoreCallbackHandler;
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.w3c.dom.Document;
/**
* A set of test-cases for encrypting and decrypting SOAP requests using GCM. See:
* https://issues.apache.org/jira/browse/WSS-325
*/
public class EncryptionGCMTest extends org.junit.Assert {
private static final org.apache.commons.logging.Log LOG =
org.apache.commons.logging.LogFactory.getLog(EncryptionGCMTest.class);
private static final javax.xml.namespace.QName SOAP_BODY =
new javax.xml.namespace.QName(
WSConstants.URI_SOAP11_ENV,
"Body"
);
private WSSecurityEngine secEngine = new WSSecurityEngine();
private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
private Crypto crypto = null;
public EncryptionGCMTest() throws Exception {
crypto = CryptoFactory.getInstance("wss40.properties");
}
/**
* Setup method
*
* @throws java.lang.Exception Thrown when there is a problem in setup
*/
@org.junit.Before
public void setUp() throws Exception {
WSSConfig wssConfig = WSSConfig.getNewInstance();
wssConfig.setWsiBSPCompliant(true);
secEngine.setWssConfig(wssConfig);
}
@org.junit.Test
public void testAES128GCM() throws Exception {
//
// This test fails with the IBM JDK 7
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))
&& System.getProperty("java.version") != null
&& System.getProperty("java.version").startsWith("1.7")) {
return;
}
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128_GCM);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
}
@org.junit.Test
public void testAES192GCM() throws Exception {
//
// This test fails with the IBM JDK 7
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))
&& System.getProperty("java.version") != null
&& System.getProperty("java.version").startsWith("1.7")) {
return;
}
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_192_GCM);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
WSSecurityEngine newEngine = new WSSecurityEngine();
WSSConfig wssConfig = WSSConfig.getNewInstance();
wssConfig.setWsiBSPCompliant(false);
newEngine.setWssConfig(wssConfig);
verify(encryptedDoc, newEngine, keystoreCallbackHandler, SOAP_BODY);
}
@org.junit.Test
public void testAES256GCM() throws Exception {
//
// This test fails with the IBM JDK 7
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))
&& System.getProperty("java.version") != null
&& System.getProperty("java.version").startsWith("1.7")) {
return;
}
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_256_GCM);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = builder.build(doc, crypto, secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted message:");
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
}
private void verify(
Document doc,
CallbackHandler handler,
javax.xml.namespace.QName expectedEncryptedElement
) throws Exception {
verify(doc, secEngine, handler, expectedEncryptedElement);
}
@SuppressWarnings("unchecked")
private void verify(
Document doc,
WSSecurityEngine wsSecurityEngine,
CallbackHandler handler,
javax.xml.namespace.QName expectedEncryptedElement
) throws Exception {
final java.util.List<WSSecurityEngineResult> results =
wsSecurityEngine.processSecurityHeader(doc, null, handler, null, crypto);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
//
// walk through the results, and make sure there is an encryption
// action, together with a reference to the decrypted element
// (as a QName)
//
boolean encrypted = false;
for (java.util.Iterator<WSSecurityEngineResult> ipos = results.iterator();
ipos.hasNext();) {
final WSSecurityEngineResult result = ipos.next();
final Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
assertNotNull(action);
if ((action.intValue() & WSConstants.ENCR) != 0) {
final java.util.List<WSDataRef> refs =
(java.util.List<WSDataRef>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
assertNotNull(refs);
encrypted = true;
for (java.util.Iterator<WSDataRef> jpos = refs.iterator(); jpos.hasNext();) {
final WSDataRef ref = jpos.next();
assertNotNull(ref);
assertNotNull(ref.getName());
assertEquals(
expectedEncryptedElement,
ref.getName()
);
assertNotNull(ref.getProtectedElement());
if (LOG.isDebugEnabled()) {
LOG.debug("WSDataRef element: ");
LOG.debug(
org.apache.ws.security.util.DOM2Writer.nodeToString(
ref.getProtectedElement()
)
);
}
}
}
}
assertTrue(encrypted);
}
}