1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss;
18
19 import javax.security.auth.callback.Callback;
20 import javax.security.auth.callback.CallbackHandler;
21 import javax.xml.soap.SOAPMessage;
22
23 import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
24 import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
25
26 import org.springframework.core.io.ClassPathResource;
27 import org.springframework.ws.soap.saaj.SaajSoapMessage;
28 import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
29
30 public class XwssMessageInterceptorEncryptTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
31
32 public void testEncryptDefaultCertificate() throws Exception {
33 interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-config.xml", getClass()));
34 CallbackHandler handler = new AbstractCallbackHandler() {
35
36 protected void handleInternal(Callback callback) {
37 if (callback instanceof EncryptionKeyCallback) {
38 EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
39 if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
40 EncryptionKeyCallback.AliasX509CertificateRequest request =
41 (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
42 assertNull("Invalid alias", request.getAlias());
43 request.setX509Certificate(certificate);
44 }
45 else {
46 fail("Unexpected request");
47 }
48 }
49 else {
50 fail("Unexpected callback");
51 }
52 }
53 };
54 interceptor.setCallbackHandler(handler);
55 interceptor.afterPropertiesSet();
56 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
57 interceptor.secureMessage(message, null);
58 SOAPMessage result = message.getSaajMessage();
59 assertNotNull("No result returned", result);
60 assertXpathExists("BinarySecurityToken does not exist",
61 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
62 assertXpathExists("Signature does not exist",
63 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
64 }
65
66 public void testEncryptAlias() throws Exception {
67 interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-alias-config.xml", getClass()));
68 CallbackHandler handler = new AbstractCallbackHandler() {
69
70 protected void handleInternal(Callback callback) {
71 if (callback instanceof EncryptionKeyCallback) {
72 EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
73 if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
74 EncryptionKeyCallback.AliasX509CertificateRequest request =
75 (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
76 assertEquals("Invalid alias", "alias", request.getAlias());
77 request.setX509Certificate(certificate);
78 }
79 else {
80 fail("Unexpected request");
81 }
82 }
83 else {
84 fail("Unexpected callback");
85 }
86 }
87 };
88 interceptor.setCallbackHandler(handler);
89 interceptor.afterPropertiesSet();
90 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
91 interceptor.secureMessage(message, null);
92 SOAPMessage result = message.getSaajMessage();
93 assertNotNull("No result returned", result);
94 assertXpathExists("BinarySecurityToken does not exist",
95 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
96 assertXpathExists("Signature does not exist",
97 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
98 }
99
100 public void testDecrypt() throws Exception {
101 interceptor.setPolicyConfiguration(new ClassPathResource("decrypt-config.xml", getClass()));
102 CallbackHandler handler = new AbstractCallbackHandler() {
103
104 protected void handleInternal(Callback callback) {
105 if (callback instanceof DecryptionKeyCallback) {
106 DecryptionKeyCallback keyCallback = (DecryptionKeyCallback) callback;
107 if (keyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
108 DecryptionKeyCallback.X509CertificateBasedRequest request =
109 (DecryptionKeyCallback.X509CertificateBasedRequest) keyCallback.getRequest();
110 assertEquals("Invalid certificate", certificate, request.getX509Certificate());
111 request.setPrivateKey(privateKey);
112 }
113 else {
114 fail("Unexpected request");
115 }
116 }
117 else {
118 fail("Unexpected callback");
119 }
120 }
121 };
122 interceptor.setCallbackHandler(handler);
123 interceptor.afterPropertiesSet();
124 SaajSoapMessage message = loadSaajMessage("encrypted-soap.xml");
125 interceptor.validateMessage(message, null);
126 SOAPMessage result = message.getSaajMessage();
127 assertNotNull("No result returned", result);
128 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
129 }
130
131 }