Search in sources :

Example 1 with EncryptedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.

the class DecryptionTest method checkMultipleEncryptedElementSecurityEvents.

protected void checkMultipleEncryptedElementSecurityEvents(TestSecurityEventListener securityEventListener) {
    List<SecurityEvent> encryptedElements = securityEventListener.getSecurityEvents(SecurityEventConstants.EncryptedElement);
    assertTrue(encryptedElements.size() == 2);
    EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(0);
    assertNotNull(encryptedElementEvent);
    assertEquals(encryptedElementEvent.getElementPath().size(), 2);
    assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
    assertEquals("{urn:example:po}ShippingAddress", encryptedElementEvent.getElementPath().get(1).toString());
    assertTrue(encryptedElementEvent.isEncrypted());
    encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(1);
    assertNotNull(encryptedElementEvent);
    assertEquals(encryptedElementEvent.getElementPath().size(), 2);
    assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
    assertEquals("{urn:example:po}PaymentInfo", encryptedElementEvent.getElementPath().get(1).toString());
    assertTrue(encryptedElementEvent.isEncrypted());
}
Also used : AlgorithmSuiteSecurityEvent(org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent) EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent) EncryptedKeyTokenSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent) DefaultTokenSecurityEvent(org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent) SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent) EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)

Example 2 with EncryptedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.

the class DecryptionTest method testDecryptWholeDocumentInDecryptOnlyMode.

@Test
public void testDecryptWholeDocumentInDecryptOnlyMode() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    SecretKey secretKey = generateSecretKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PurchaseOrder");
    encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", secretKey, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(secretKey);
    properties.addAction(XMLSecurityConstants.ENCRYPT);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
    Assert.assertEquals(nodeList.getLength(), 1);
    // Check the SecurityEvents
    EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) securityEventListener.getSecurityEvent(SecurityEventConstants.EncryptedElement);
    assertNotNull(encryptedElementEvent);
    assertEquals(encryptedElementEvent.getElementPath().size(), 1);
    assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
    assertTrue(encryptedElementEvent.isEncrypted());
    checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_NoKeyInfo, "");
    checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) Test(org.junit.Test)

Example 3 with EncryptedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.

the class DecryptionTest method checkEncryptedElementSecurityEvents.

protected void checkEncryptedElementSecurityEvents(TestSecurityEventListener securityEventListener) {
    EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) securityEventListener.getSecurityEvent(SecurityEventConstants.EncryptedElement);
    assertNotNull(encryptedElementEvent);
    assertEquals(encryptedElementEvent.getElementPath().size(), 2);
    assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
    assertEquals("{urn:example:po}PaymentInfo", encryptedElementEvent.getElementPath().get(1).toString());
    assertTrue(encryptedElementEvent.isEncrypted());
}
Also used : EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)

Example 4 with EncryptedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project testcases by coheigea.

the class EncryptionUtils method decryptUsingStAX.

/**
 * Decrypt the document using the StAX API of Apache Santuario - XML Security for Java.
 */
public static void decryptUsingStAX(InputStream inputStream, List<QName> namesToEncrypt, Key privateKey) throws Exception {
    // Set up the Configuration
    XMLSecurityProperties properties = new XMLSecurityProperties();
    List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
    actions.add(XMLSecurityConstants.ENCRYPT);
    properties.setActions(actions);
    properties.setDecryptionKey(privateKey);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(inputStream);
    TestSecurityEventListener eventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, eventListener);
    while (securityStreamReader.hasNext()) {
        securityStreamReader.next();
    }
    xmlStreamReader.close();
    inputStream.close();
    // Check that what we were expecting to be encrypted was actually encrypted
    List<EncryptedElementSecurityEvent> encryptedElementEvents = eventListener.getSecurityEvents(SecurityEventConstants.EncryptedElement);
    Assert.assertNotNull(encryptedElementEvents);
    for (QName nameToEncrypt : namesToEncrypt) {
        boolean found = false;
        for (EncryptedElementSecurityEvent encryptedElement : encryptedElementEvents) {
            if (encryptedElement.isEncrypted() && nameToEncrypt.equals(getEncryptedQName(encryptedElement.getElementPath()))) {
                found = true;
                break;
            }
        }
        Assert.assertTrue(found);
    }
}
Also used : XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants) XMLStreamReader(javax.xml.stream.XMLStreamReader) EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Aggregations

EncryptedElementSecurityEvent (org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent)4 ContentEncryptedElementSecurityEvent (org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)3 ArrayList (java.util.ArrayList)2 XMLStreamReader (javax.xml.stream.XMLStreamReader)2 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)2 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 InputStream (java.io.InputStream)1 SecretKey (javax.crypto.SecretKey)1 QName (javax.xml.namespace.QName)1 DocumentBuilder (javax.xml.parsers.DocumentBuilder)1 XMLInputFactory (javax.xml.stream.XMLInputFactory)1 DOMSource (javax.xml.transform.dom.DOMSource)1 StreamResult (javax.xml.transform.stream.StreamResult)1 XMLSecurityConstants (org.apache.xml.security.stax.ext.XMLSecurityConstants)1 AlgorithmSuiteSecurityEvent (org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent)1 DefaultTokenSecurityEvent (org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent)1 EncryptedKeyTokenSecurityEvent (org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent)1 SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1