1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss;
18
19 import javax.security.auth.callback.Callback;
20 import javax.security.auth.callback.CallbackHandler;
21 import javax.xml.soap.SOAPMessage;
22
23 import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
24 import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
25 import org.springframework.core.io.ClassPathResource;
26 import org.springframework.ws.soap.saaj.SaajSoapMessage;
27 import org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler;
28
29 public class XwssMessageInterceptorEncryptTest extends XwssMessageInterceptorKeyStoreTestCase {
30
31 public void testEncryptDefaultCertificate() throws Exception {
32 interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-config.xml", getClass()));
33 CallbackHandler handler = new AbstractCallbackHandler() {
34
35 protected void handleInternal(Callback callback) {
36 if (callback instanceof EncryptionKeyCallback) {
37 EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
38 if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
39 EncryptionKeyCallback.AliasX509CertificateRequest request =
40 (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
41 assertNull("Invalid alias", request.getAlias());
42 request.setX509Certificate(certificate);
43 }
44 else {
45 fail("Unexpected request");
46 }
47 }
48 else {
49 fail("Unexpected callback");
50 }
51 }
52 };
53 interceptor.setCallbackHandler(handler);
54 interceptor.afterPropertiesSet();
55 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
56 interceptor.secureMessage(message);
57 SOAPMessage result = message.getSaajMessage();
58 assertNotNull("No result returned", result);
59 assertXpathExists("BinarySecurityToken does not exist",
60 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
61 assertXpathExists("Signature does not exist",
62 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
63 }
64
65 public void testEncryptAlias() throws Exception {
66 interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-alias-config.xml", getClass()));
67 CallbackHandler handler = new AbstractCallbackHandler() {
68
69 protected void handleInternal(Callback callback) {
70 if (callback instanceof EncryptionKeyCallback) {
71 EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
72 if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
73 EncryptionKeyCallback.AliasX509CertificateRequest request =
74 (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
75 assertEquals("Invalid alias", "alias", request.getAlias());
76 request.setX509Certificate(certificate);
77 }
78 else {
79 fail("Unexpected request");
80 }
81 }
82 else {
83 fail("Unexpected callback");
84 }
85 }
86 };
87 interceptor.setCallbackHandler(handler);
88 interceptor.afterPropertiesSet();
89 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
90 interceptor.secureMessage(message);
91 SOAPMessage result = message.getSaajMessage();
92 assertNotNull("No result returned", result);
93 assertXpathExists("BinarySecurityToken does not exist",
94 "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
95 assertXpathExists("Signature does not exist",
96 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
97 }
98
99 public void testDecrypt() throws Exception {
100 interceptor.setPolicyConfiguration(new ClassPathResource("decrypt-config.xml", getClass()));
101 CallbackHandler handler = new AbstractCallbackHandler() {
102
103 protected void handleInternal(Callback callback) {
104 if (callback instanceof DecryptionKeyCallback) {
105 DecryptionKeyCallback keyCallback = (DecryptionKeyCallback) callback;
106 if (keyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
107 DecryptionKeyCallback.X509CertificateBasedRequest request =
108 (DecryptionKeyCallback.X509CertificateBasedRequest) keyCallback.getRequest();
109 assertEquals("Invalid certificate", certificate, request.getX509Certificate());
110 request.setPrivateKey(privateKey);
111 }
112 else {
113 fail("Unexpected request");
114 }
115 }
116 else {
117 fail("Unexpected callback");
118 }
119 }
120 };
121 interceptor.setCallbackHandler(handler);
122 interceptor.afterPropertiesSet();
123 SaajSoapMessage message = loadSaajMessage("encrypted-soap.xml");
124 interceptor.validateMessage(message);
125 SOAPMessage result = message.getSaajMessage();
126 assertNotNull("No result returned", result);
127 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
128 }
129
130 }