Search in sources :

Example 6 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class DecryptionTest method testPhysicalRepresentation.

@Test
public void testPhysicalRepresentation() throws Exception {
    final String DATA1 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><ns:root xmlns:ns=\"ns.com\"><ns:elem xmlns:ns2=\"ns2.com\">11</ns:elem></ns:root>";
    DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
    Document document = null;
    try (InputStream is = new ByteArrayInputStream(DATA1.getBytes(StandardCharsets.UTF_8))) {
        document = db.parse(is);
    }
    // Set up the Key
    byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
    DESedeKeySpec keySpec = new DESedeKeySpec(bits192);
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
    SecretKey secretKey = keyFactory.generateSecret(keySpec);
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("elem");
    encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", secretKey, "", null, document, localNames, false);
    // Check the element encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("ns.com", "elem");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(secretKey);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the element decrypted ok
    nodeList = document.getElementsByTagNameNS("ns.com", "elem");
    Assert.assertEquals(nodeList.getLength(), 1);
    Element decrElem = (Element) document.getDocumentElement().getFirstChild();
    assertEquals("ns:elem", decrElem.getNodeName());
    assertEquals("ns.com", decrElem.getNamespaceURI());
    assertEquals(1, decrElem.getAttributes().getLength());
    Attr attr = (Attr) decrElem.getAttributes().item(0);
    assertEquals("xmlns:ns2", attr.getName());
    assertEquals("ns2.com", attr.getValue());
    // Check the SecurityEvents
    checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_NoKeyInfo, "");
    checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", "");
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) SecretKeyFactory(javax.crypto.SecretKeyFactory) Test(org.junit.Test)

Example 7 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class DecryptionTest method testAES192Element3DESKWCipherInbound.

/**
 * Test encryption using a generated AES 192 bit key that is
 * encrypted using a 3DES key.  Then reverse by decrypting EncryptedKey.
 */
@Test
public void testAES192Element3DESKWCipherInbound() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
    DESedeKeySpec keySpec = new DESedeKeySpec(bits192);
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
    Key kek = keyFactory.generateSecret(keySpec);
    // Generate a traffic key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(192);
    SecretKey secretKey = keygen.generateKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#aes192-cbc", secretKey, "http://www.w3.org/2001/04/xmlenc#kw-tripledes", kek, document, localNames, true);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(kek);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
    // Check the SecurityEvents
    checkEncryptedContentSecurityEvents(securityEventListener);
    checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_EncryptedKey, "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
    checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyGenerator(javax.crypto.KeyGenerator) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) PublicKey(java.security.PublicKey) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) Test(org.junit.Test)

Example 8 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class DecryptionTest method testX509Certificate.

@Test
public void testX509Certificate() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128);
    SecretKey key = keygen.generateKey();
    // Set the key up
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    PrivateKey priv = (PrivateKey) keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    KeyInfo encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
    X509Data x509Data = new X509Data(document);
    x509Data.addCertificate(cert);
    encryptedKeyKeyInfo.add(x509Data);
    encryptUsingDOM(XMLCipher.AES_128, key, XMLCipher.RSA_OAEP, cert.getPublicKey(), encryptedKeyKeyInfo, document, localNames, true);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(priv);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) PrivateKey(java.security.PrivateKey) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 9 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class DecryptionTest method testDecryptWholeDocumentInDecryptOnlyMode.

@Test
public void testDecryptWholeDocumentInDecryptOnlyMode() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    SecretKey secretKey = generateSecretKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PurchaseOrder");
    encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", secretKey, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(secretKey);
    properties.addAction(XMLSecurityConstants.ENCRYPT);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
    Assert.assertEquals(nodeList.getLength(), 1);
    // Check the SecurityEvents
    EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) securityEventListener.getSecurityEvent(SecurityEventConstants.EncryptedElement);
    assertNotNull(encryptedElementEvent);
    assertEquals(encryptedElementEvent.getElementPath().size(), 1);
    assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
    assertTrue(encryptedElementEvent.isEncrypted());
    checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_NoKeyInfo, "");
    checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) Test(org.junit.Test)

Example 10 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class DecryptionTest method testDecryptMultipleElements.

@Test
public void testDecryptMultipleElements() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    SecretKey secretKey = generateSecretKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    localNames.add("ShippingAddress");
    encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", secretKey, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(secretKey);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
    // Check the ShippingAddress decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "ShippingAddress");
    Assert.assertEquals(nodeList.getLength(), 1);
    // Check the SecurityEvents
    checkMultipleEncryptedElementSecurityEvents(securityEventListener);
    checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_NoKeyInfo, "");
    checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) Test(org.junit.Test)

Aggregations

XMLStreamReader (javax.xml.stream.XMLStreamReader)155 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)155 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)155 Test (org.junit.Test)151 InputStream (java.io.InputStream)150 DOMSource (javax.xml.transform.dom.DOMSource)150 ByteArrayInputStream (java.io.ByteArrayInputStream)149 ByteArrayOutputStream (java.io.ByteArrayOutputStream)149 DocumentBuilder (javax.xml.parsers.DocumentBuilder)149 StreamResult (javax.xml.transform.stream.StreamResult)149 Document (org.w3c.dom.Document)123 ArrayList (java.util.ArrayList)89 SecretKey (javax.crypto.SecretKey)79 TestSecurityEventListener (org.apache.xml.security.test.stax.signature.TestSecurityEventListener)58 KeyGenerator (javax.crypto.KeyGenerator)34 Key (java.security.Key)31 KeyStore (java.security.KeyStore)27 X509Certificate (java.security.cert.X509Certificate)27 SecretKeySpec (javax.crypto.spec.SecretKeySpec)26 InetSocketAddress (java.net.InetSocketAddress)22