1   /*
2    * Copyright 2005-2010 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import javax.security.auth.callback.Callback;
20  import javax.security.auth.callback.CallbackHandler;
21  import javax.xml.soap.SOAPMessage;
22  
23  import org.springframework.core.io.ClassPathResource;
24  import org.springframework.ws.soap.saaj.SaajSoapMessage;
25  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
26  
27  import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
28  import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
29  import org.junit.Test;
30  
31  import static org.junit.Assert.*;
32  
33  public class XwssMessageInterceptorEncryptTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
34  
35      @Test
36      public void testEncryptDefaultCertificate() throws Exception {
37          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-config.xml", getClass()));
38          CallbackHandler handler = new AbstractCallbackHandler() {
39  
40              @Override
41              protected void handleInternal(Callback callback) {
42                  if (callback instanceof EncryptionKeyCallback) {
43                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
44                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
45                          EncryptionKeyCallback.AliasX509CertificateRequest request =
46                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
47                          assertEquals("Invalid alias", "", request.getAlias());
48                          request.setX509Certificate(certificate);
49                      }
50                      else {
51                          fail("Unexpected request");
52                      }
53                  }
54                  else {
55                      fail("Unexpected callback");
56                  }
57              }
58          };
59          interceptor.setCallbackHandler(handler);
60          interceptor.afterPropertiesSet();
61          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
62          interceptor.secureMessage(message, null);
63          SOAPMessage result = message.getSaajMessage();
64          assertNotNull("No result returned", result);
65          assertXpathExists("BinarySecurityToken does not exist",
66                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
67          assertXpathExists("Signature does not exist",
68                  "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
69      }
70  
71      @Test
72      public void testEncryptAlias() throws Exception {
73          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-alias-config.xml", getClass()));
74          CallbackHandler handler = new AbstractCallbackHandler() {
75  
76              @Override
77              protected void handleInternal(Callback callback) {
78                  if (callback instanceof EncryptionKeyCallback) {
79                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
80                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
81                          EncryptionKeyCallback.AliasX509CertificateRequest request =
82                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
83                          assertEquals("Invalid alias", "alias", request.getAlias());
84                          request.setX509Certificate(certificate);
85                      }
86                      else {
87                          fail("Unexpected request");
88                      }
89                  }
90                  else {
91                      fail("Unexpected callback");
92                  }
93              }
94          };
95          interceptor.setCallbackHandler(handler);
96          interceptor.afterPropertiesSet();
97          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
98          interceptor.secureMessage(message, null);
99          SOAPMessage result = message.getSaajMessage();
100         assertNotNull("No result returned", result);
101         assertXpathExists("BinarySecurityToken does not exist",
102                 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
103         assertXpathExists("Signature does not exist",
104                 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
105     }
106 
107     @Test
108     public void testDecrypt() throws Exception {
109         interceptor.setPolicyConfiguration(new ClassPathResource("decrypt-config.xml", getClass()));
110         CallbackHandler handler = new AbstractCallbackHandler() {
111 
112             @Override
113             protected void handleInternal(Callback callback) {
114                 if (callback instanceof DecryptionKeyCallback) {
115                     DecryptionKeyCallback keyCallback = (DecryptionKeyCallback) callback;
116                     if (keyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
117                         DecryptionKeyCallback.X509CertificateBasedRequest request =
118                                 (DecryptionKeyCallback.X509CertificateBasedRequest) keyCallback.getRequest();
119                         assertEquals("Invalid certificate", certificate, request.getX509Certificate());
120                         request.setPrivateKey(privateKey);
121                     }
122                     else {
123                         fail("Unexpected request");
124                     }
125                 }
126                 else {
127                     fail("Unexpected callback");
128                 }
129             }
130         };
131         interceptor.setCallbackHandler(handler);
132         interceptor.afterPropertiesSet();
133         SaajSoapMessage message = loadSaajMessage("encrypted-soap.xml");
134         interceptor.validateMessage(message, null);
135         SOAPMessage result = message.getSaajMessage();
136         assertNotNull("No result returned", result);
137         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
138     }
139 
140 }