use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.
the class DecryptionTest method checkMultipleEncryptedElementSecurityEvents.
protected void checkMultipleEncryptedElementSecurityEvents(TestSecurityEventListener securityEventListener) {
List<SecurityEvent> encryptedElements = securityEventListener.getSecurityEvents(SecurityEventConstants.EncryptedElement);
assertTrue(encryptedElements.size() == 2);
EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(0);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 2);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertEquals("{urn:example:po}ShippingAddress", encryptedElementEvent.getElementPath().get(1).toString());
assertTrue(encryptedElementEvent.isEncrypted());
encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(1);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 2);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertEquals("{urn:example:po}PaymentInfo", encryptedElementEvent.getElementPath().get(1).toString());
assertTrue(encryptedElementEvent.isEncrypted());
}
use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.
the class DecryptionTest method testDecryptWholeDocumentInDecryptOnlyMode.
@Test
public void testDecryptWholeDocumentInDecryptOnlyMode() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
SecretKey secretKey = generateSecretKey();
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PurchaseOrder");
encryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", secretKey, null, null, document, localNames, false);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
properties.addAction(XMLSecurityConstants.ENCRYPT);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "PurchaseOrder");
Assert.assertEquals(nodeList.getLength(), 1);
// Check the SecurityEvents
EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) securityEventListener.getSecurityEvent(SecurityEventConstants.EncryptedElement);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 1);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertTrue(encryptedElementEvent.isEncrypted());
checkEncryptionToken(securityEventListener, null, secretKey, SecurityTokenConstants.KeyIdentifier_NoKeyInfo, "");
checkEncryptionMethod(securityEventListener, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null);
}
use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project santuario-java by apache.
the class DecryptionTest method checkEncryptedElementSecurityEvents.
protected void checkEncryptedElementSecurityEvents(TestSecurityEventListener securityEventListener) {
EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) securityEventListener.getSecurityEvent(SecurityEventConstants.EncryptedElement);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 2);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertEquals("{urn:example:po}PaymentInfo", encryptedElementEvent.getElementPath().get(1).toString());
assertTrue(encryptedElementEvent.isEncrypted());
}
use of org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent in project testcases by coheigea.
the class EncryptionUtils method decryptUsingStAX.
/**
* Decrypt the document using the StAX API of Apache Santuario - XML Security for Java.
*/
public static void decryptUsingStAX(InputStream inputStream, List<QName> namesToEncrypt, Key privateKey) throws Exception {
// Set up the Configuration
XMLSecurityProperties properties = new XMLSecurityProperties();
List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
actions.add(XMLSecurityConstants.ENCRYPT);
properties.setActions(actions);
properties.setDecryptionKey(privateKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(inputStream);
TestSecurityEventListener eventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, eventListener);
while (securityStreamReader.hasNext()) {
securityStreamReader.next();
}
xmlStreamReader.close();
inputStream.close();
// Check that what we were expecting to be encrypted was actually encrypted
List<EncryptedElementSecurityEvent> encryptedElementEvents = eventListener.getSecurityEvents(SecurityEventConstants.EncryptedElement);
Assert.assertNotNull(encryptedElementEvents);
for (QName nameToEncrypt : namesToEncrypt) {
boolean found = false;
for (EncryptedElementSecurityEvent encryptedElement : encryptedElementEvents) {
if (encryptedElement.isEncrypted() && nameToEncrypt.equals(getEncryptedQName(encryptedElement.getElementPath()))) {
found = true;
break;
}
}
Assert.assertTrue(found);
}
}
Aggregations