1   /*
2    * Copyright 2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss;
18  
19  import javax.security.auth.callback.Callback;
20  import javax.security.auth.callback.CallbackHandler;
21  import javax.xml.soap.SOAPMessage;
22  
23  import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
24  import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
25  
26  import org.springframework.core.io.ClassPathResource;
27  import org.springframework.ws.soap.saaj.SaajSoapMessage;
28  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
29  
30  public class XwssMessageInterceptorEncryptTest extends AbstractXwssMessageInterceptorKeyStoreTestCase {
31  
32      public void testEncryptDefaultCertificate() throws Exception {
33          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-config.xml", getClass()));
34          CallbackHandler handler = new AbstractCallbackHandler() {
35  
36              protected void handleInternal(Callback callback) {
37                  if (callback instanceof EncryptionKeyCallback) {
38                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
39                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
40                          EncryptionKeyCallback.AliasX509CertificateRequest request =
41                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
42                          assertNull("Invalid alias", request.getAlias());
43                          request.setX509Certificate(certificate);
44                      }
45                      else {
46                          fail("Unexpected request");
47                      }
48                  }
49                  else {
50                      fail("Unexpected callback");
51                  }
52              }
53          };
54          interceptor.setCallbackHandler(handler);
55          interceptor.afterPropertiesSet();
56          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
57          interceptor.secureMessage(message, null);
58          SOAPMessage result = message.getSaajMessage();
59          assertNotNull("No result returned", result);
60          assertXpathExists("BinarySecurityToken does not exist",
61                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
62          assertXpathExists("Signature does not exist",
63                  "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
64      }
65  
66      public void testEncryptAlias() throws Exception {
67          interceptor.setPolicyConfiguration(new ClassPathResource("encrypt-alias-config.xml", getClass()));
68          CallbackHandler handler = new AbstractCallbackHandler() {
69  
70              protected void handleInternal(Callback callback) {
71                  if (callback instanceof EncryptionKeyCallback) {
72                      EncryptionKeyCallback keyCallback = (EncryptionKeyCallback) callback;
73                      if (keyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
74                          EncryptionKeyCallback.AliasX509CertificateRequest request =
75                                  (EncryptionKeyCallback.AliasX509CertificateRequest) keyCallback.getRequest();
76                          assertEquals("Invalid alias", "alias", request.getAlias());
77                          request.setX509Certificate(certificate);
78                      }
79                      else {
80                          fail("Unexpected request");
81                      }
82                  }
83                  else {
84                      fail("Unexpected callback");
85                  }
86              }
87          };
88          interceptor.setCallbackHandler(handler);
89          interceptor.afterPropertiesSet();
90          SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
91          interceptor.secureMessage(message, null);
92          SOAPMessage result = message.getSaajMessage();
93          assertNotNull("No result returned", result);
94          assertXpathExists("BinarySecurityToken does not exist",
95                  "SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:BinarySecurityToken", result);
96          assertXpathExists("Signature does not exist",
97                  "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/xenc:EncryptedKey", result);
98      }
99  
100     public void testDecrypt() throws Exception {
101         interceptor.setPolicyConfiguration(new ClassPathResource("decrypt-config.xml", getClass()));
102         CallbackHandler handler = new AbstractCallbackHandler() {
103 
104             protected void handleInternal(Callback callback) {
105                 if (callback instanceof DecryptionKeyCallback) {
106                     DecryptionKeyCallback keyCallback = (DecryptionKeyCallback) callback;
107                     if (keyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
108                         DecryptionKeyCallback.X509CertificateBasedRequest request =
109                                 (DecryptionKeyCallback.X509CertificateBasedRequest) keyCallback.getRequest();
110                         assertEquals("Invalid certificate", certificate, request.getX509Certificate());
111                         request.setPrivateKey(privateKey);
112                     }
113                     else {
114                         fail("Unexpected request");
115                     }
116                 }
117                 else {
118                     fail("Unexpected callback");
119                 }
120             }
121         };
122         interceptor.setCallbackHandler(handler);
123         interceptor.afterPropertiesSet();
124         SaajSoapMessage message = loadSaajMessage("encrypted-soap.xml");
125         interceptor.validateMessage(message, null);
126         SOAPMessage result = message.getSaajMessage();
127         assertNotNull("No result returned", result);
128         assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
129     }
130 
131 }