Search in sources :

Example 26 with TestSecurityEventListener

use of org.apache.xml.security.test.stax.signature.TestSecurityEventListener in project santuario-java by apache.

the class KeyWrapEncryptionVerificationTest method testTripleDESKW.

@Test
public void testTripleDESKW() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("DESede");
    SecretKey key = keygen.generateKey();
    // Set up the Key Wrapping Key
    XMLCipher cipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES_KeyWrap);
    keygen = KeyGenerator.getInstance("DESede");
    SecretKey keyWrappingKey = keygen.generateKey();
    cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
    EncryptedKey encryptedKey = cipher.encryptKey(document, key);
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String encryptionAlgorithm = XMLCipher.TRIPLEDES;
    encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(keyWrappingKey);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) Test(org.junit.Test)

Example 27 with TestSecurityEventListener

use of org.apache.xml.security.test.stax.signature.TestSecurityEventListener in project santuario-java by apache.

the class KeyWrapEncryptionVerificationTest method testAES256KW.

@Test
public void testAES256KW() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(256);
    SecretKey key = keygen.generateKey();
    // Set up the Key Wrapping Key
    XMLCipher cipher = XMLCipher.getInstance(XMLCipher.AES_256_KeyWrap);
    keygen = KeyGenerator.getInstance("AES");
    keygen.init(256);
    SecretKey keyWrappingKey = keygen.generateKey();
    cipher.init(XMLCipher.WRAP_MODE, keyWrappingKey);
    EncryptedKey encryptedKey = cipher.encryptKey(document, key);
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String encryptionAlgorithm = XMLCipher.AES_256;
    encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(keyWrappingKey);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) EncryptedKey(org.apache.xml.security.encryption.EncryptedKey) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) XMLCipher(org.apache.xml.security.encryption.XMLCipher) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) Test(org.junit.Test)

Example 28 with TestSecurityEventListener

use of org.apache.xml.security.test.stax.signature.TestSecurityEventListener in project santuario-java by apache.

the class SymmetricEncryptionVerificationTest method testSEED_128.

@Test
public void testSEED_128() throws Exception {
    org.junit.Assume.assumeTrue(bcInstalled);
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("SEED");
    keygen.init(128);
    SecretKey key = keygen.generateKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String algorithm = "http://www.w3.org/2007/05/xmldsig-more#seed128-cbc";
    encryptUsingDOM(algorithm, key, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) Test(org.junit.Test)

Example 29 with TestSecurityEventListener

use of org.apache.xml.security.test.stax.signature.TestSecurityEventListener in project santuario-java by apache.

the class SymmetricEncryptionVerificationTest method testTRIPLE_DES.

@Test
public void testTRIPLE_DES() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("DESede");
    SecretKey key = keygen.generateKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
    encryptUsingDOM(algorithm, key, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) Test(org.junit.Test)

Example 30 with TestSecurityEventListener

use of org.apache.xml.security.test.stax.signature.TestSecurityEventListener in project santuario-java by apache.

the class SymmetricEncryptionVerificationTest method testAES256.

@Test
public void testAES256() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(256);
    SecretKey key = keygen.generateKey();
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String algorithm = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
    encryptUsingDOM(algorithm, key, null, null, document, localNames, false);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) Test(org.junit.Test)

Aggregations

XMLStreamReader (javax.xml.stream.XMLStreamReader)58 DOMSource (javax.xml.transform.dom.DOMSource)58 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)58 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)58 TestSecurityEventListener (org.apache.xml.security.test.stax.signature.TestSecurityEventListener)58 ByteArrayInputStream (java.io.ByteArrayInputStream)57 ByteArrayOutputStream (java.io.ByteArrayOutputStream)57 InputStream (java.io.InputStream)57 DocumentBuilder (javax.xml.parsers.DocumentBuilder)57 StreamResult (javax.xml.transform.stream.StreamResult)57 Test (org.junit.Test)57 SecretKey (javax.crypto.SecretKey)55 ArrayList (java.util.ArrayList)48 KeyGenerator (javax.crypto.KeyGenerator)34 Document (org.w3c.dom.Document)31 NodeList (org.w3c.dom.NodeList)22 EncryptedKey (org.apache.xml.security.encryption.EncryptedKey)12 SecretKeySpec (javax.crypto.spec.SecretKeySpec)11 XMLCipher (org.apache.xml.security.encryption.XMLCipher)11 PrivateKey (java.security.PrivateKey)10