1   /*
2    * Copyright 2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import javax.security.auth.callback.Callback;
20  import javax.security.auth.callback.CallbackHandler;
21  import javax.xml.soap.SOAPMessage;
22  
23  import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
24  import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
25  import org.springframework.core.io.ClassPathResource;
26  import org.springframework.ws.soap.saaj.SaajSoapMessage;
27  import org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler;
28  
29  public class XwssMessageInterceptorEncryptTest extends XwssMessageInterceptorKeyStoreTestCase {
30  
31      public void testEncryptDefaultCertificate() throws Exception {
32          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-config.xml", getClass()));
33          CallbackHandler handler = new AbstractCallbackHandler() {
34  
35              protected void handleInternal(Callback callback) {
36                  if (callback instanceof EncryptionKeyCallback) {
37                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
38                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
39                          EncryptionKeyCallback.AliasX509CertificateRequest request =
40                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
41                          assertNull("Invalid alias", request.getAlias());
42                          request.setX509Certificate(certificate);
43                      }
44                      else {
45                          fail("Unexpected request");
46                      }
47                  }
48                  else {
49                      fail("Unexpected callback");
50                  }
51              }
52          };
53          interceptor.setCallbackHandler(handler);
54          interceptor.afterPropertiesSet();
55          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
56          interceptor.secureMessage(message);
57          SOAPMessage result = message.getSaajMessage();
58          assertNotNull("No result returned", result);
59          assertXpathExists("BinarySecurityToken does not exist",
60                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
61          assertXpathExists("Signature does not exist",
62                  "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
63      }
64  
65      public void testEncryptAlias() throws Exception {
66          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-alias-config.xml", getClass()));
67          CallbackHandler handler = new AbstractCallbackHandler() {
68  
69              protected void handleInternal(Callback callback) {
70                  if (callback instanceof EncryptionKeyCallback) {
71                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
72                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
73                          EncryptionKeyCallback.AliasX509CertificateRequest request =
74                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
75                          assertEquals("Invalid alias", "alias", request.getAlias());
76                          request.setX509Certificate(certificate);
77                      }
78                      else {
79                          fail("Unexpected request");
80                      }
81                  }
82                  else {
83                      fail("Unexpected callback");
84                  }
85              }
86          };
87          interceptor.setCallbackHandler(handler);
88          interceptor.afterPropertiesSet();
89          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
90          interceptor.secureMessage(message);
91          SOAPMessage result = message.getSaajMessage();
92          assertNotNull("No result returned", result);
93          assertXpathExists("BinarySecurityToken does not exist",
94                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
95          assertXpathExists("Signature does not exist",
96                  "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
97      }
98  
99      public void testDecrypt() throws Exception {
100         interceptor.setPolicyConfiguration(new ClassPathResource("decrypt-config.xml", getClass()));
101         CallbackHandler handler = new AbstractCallbackHandler() {
102 
103             protected void handleInternal(Callback callback) {
104                 if (callback instanceof DecryptionKeyCallback) {
105                     DecryptionKeyCallback keyCallback = (DecryptionKeyCallback) callback;
106                     if (keyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
107                         DecryptionKeyCallback.X509CertificateBasedRequest request =
108                                 (DecryptionKeyCallback.X509CertificateBasedRequest) keyCallback.getRequest();
109                         assertEquals("Invalid certificate", certificate, request.getX509Certificate());
110                         request.setPrivateKey(privateKey);
111                     }
112                     else {
113                         fail("Unexpected request");
114                     }
115                 }
116                 else {
117                     fail("Unexpected callback");
118                 }
119             }
120         };
121         interceptor.setCallbackHandler(handler);
122         interceptor.afterPropertiesSet();
123         SaajSoapMessage message = loadSaajMessage("encrypted-soap.xml");
124         interceptor.validateMessage(message);
125         SOAPMessage result = message.getSaajMessage();
126         assertNotNull("No result returned", result);
127         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
128     }
129 
130 }