Examples of org.apache.wss4j.dom.message.WSSecEncrypt

• org.apache.wss4j.dom.message.WSSecEncrypt
  Encrypts a parts of a message according to WS Specification, X509 profile, and adds the encryption data.

     *             Thrown when there is an error in encryption or decryption
     */
    @org.junit.Test
    public void testDataRefReferenceListProcessor() throws Exception {
        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecEncrypt builder = new WSSecEncrypt();
        builder.setUserInfo("wss40");
        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        LOG.info("Before Encryption Triple DES....");

        /*
         * Prepare the Encrypt object with the token, setup data structure
         */
        builder.prepare(doc, crypto);

        /*
         * Set up the parts structure to encrypt the body
         */
        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
        WSEncryptionPart encP =
            new WSEncryptionPart(
                "add", "http://ws.apache.org/counter/counter_port_type", "Element"
            );
        parts.add(encP);

        /*
         * Encrypt the element (testMethod), create EncryptedData elements that reference
         * the EncryptedKey, and get a ReferenceList that can be put into the
         * Security header. Be sure that the ReferenceList is after the
         * EncryptedKey element in the Security header (strict layout)
         */
        Element refs = builder.encryptForRef(null, parts);
        builder.addExternalRefElement(refs, secHeader);

        /*
         * now add (prepend) the EncryptedKey element, then a
         * BinarySecurityToken if one was setup during prepare
         */
        builder.prependToHeader(secHeader);

        builder.prependBSTElementToHeader(secHeader);

        Document encryptedDoc = doc;
        LOG.info("After Encryption Triple DES....");

        checkDataRef(encryptedDoc);

     *             Thrown when there is an error in encryption or decryption
     */
    @org.junit.Test
    public void testDataRefEncryptedKeyProcessor() throws Exception {
        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecEncrypt builder = new WSSecEncrypt();
        builder.setUserInfo("wss40");
        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        LOG.info("Before Encryption Triple DES....");

        /*
         * Prepare the Encrypt object with the token, setup data structure
         */
        builder.prepare(doc, crypto);

        /*
         * Set up the parts structure to encrypt the body
         */
        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
        WSEncryptionPart encP =
            new WSEncryptionPart(
                "add", "http://ws.apache.org/counter/counter_port_type", "Element"
            );
        parts.add(encP);

        /*
         * Encrypt the element (testMethod), create EncryptedData elements that reference
         * the EncryptedKey, and get a ReferenceList that can be put into the EncryptedKey
         * itself as a child.
         */
        Element refs = builder.encryptForRef(null, parts);

        /*
         * We use this method because we want the reference list to be inside the
         * EncryptedKey element
         */
        builder.addInternalRefElement(refs);

        /*
         * now add (prepend) the EncryptedKey element, then a
         * BinarySecurityToken if one was setup during prepare
         */
        builder.prependToHeader(secHeader);

        builder.prependBSTElementToHeader(secHeader);

        Document encryptedDoc = doc;
        LOG.info("After Encryption Triple DES....");

        checkDataRef(encryptedDoc);

            }
        };
        bst.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        bst.setID("Id-" + bst.hashCode());

        WSSecEncrypt builder = new WSSecEncrypt();
        builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
        SecretKey secretKey = bst.getSecretKey();
        builder.setSymmetricKey(secretKey);
        builder.setEncryptSymmKey(false);
        builder.setCustomReferenceValue(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
        builder.setEncKeyId(bst.getID());

        Document encryptedDoc = builder.build(doc, null, secHeader);

        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());

        if (LOG.isDebugEnabled()) {
            String outputString =

            }
        };
        bst.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        bst.setID("Id-" + bst.hashCode());

        WSSecEncrypt builder = new WSSecEncrypt();
        builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
        SecretKey secretKey = bst.getSecretKey();
        builder.setSymmetricKey(secretKey);
        builder.setEncryptSymmKey(false);
        builder.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);

        byte[] digestBytes = WSSecurityUtil.generateDigest(bst.getToken());
        builder.setEncKeyId(Base64.encode(digestBytes));

        Document encryptedDoc = builder.build(doc, null, secHeader);

        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());

        if (LOG.isDebugEnabled()) {
            String outputString =

public class EncryptionAction implements Action {
    public void execute(WSHandler handler, SecurityActionToken actionToken,
                        Document doc, RequestData reqData)
            throws WSSecurityException {
        WSSecEncrypt wsEncrypt = new WSSecEncrypt(reqData.getWssConfig());

        EncryptionActionToken encryptionToken = null;
        if (actionToken instanceof EncryptionActionToken) {
            encryptionToken = (EncryptionActionToken)actionToken;
        }
        if (encryptionToken == null) {
            encryptionToken = reqData.getEncryptionToken();
        }

        if (encryptionToken.getKeyIdentifierId() != 0) {
            wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());
        }

        if (encryptionToken.getSymmetricAlgorithm() != null) {
            wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
        }
        if (encryptionToken.getKeyTransportAlgorithm() != null) {
            wsEncrypt.setKeyEnc(encryptionToken.getKeyTransportAlgorithm());
        }
        if (encryptionToken.getDigestAlgorithm() != null) {
            wsEncrypt.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
        }

        if (encryptionToken.getMgfAlgorithm() != null) {
            wsEncrypt.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
        }

        wsEncrypt.setUserInfo(encryptionToken.getUser());
        wsEncrypt.setUseThisCert(encryptionToken.getCertificate());
        Crypto crypto = encryptionToken.getCrypto();
        boolean enableRevocation = Boolean.valueOf(handler.getStringOption(WSHandlerConstants.ENABLE_REVOCATION));
        if (enableRevocation && crypto != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(encryptionToken.getUser());
            X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
            if (certs != null && certs.length > 0) {
                crypto.verifyTrust(certs, enableRevocation);
            }
        }
        if (encryptionToken.getParts().size() > 0) {
            wsEncrypt.setParts(encryptionToken.getParts());
        }

        wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
        byte[] ephemeralKey = encryptionToken.getKey();
        if (!encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey == null) {
            CallbackHandler callbackHandler =
                handler.getPasswordCallbackHandler(reqData);
            if (ephemeralKey == null) {
                WSPasswordCallback passwordCallback =
                    handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
                ephemeralKey = passwordCallback.getKey();
            }
        }
        wsEncrypt.setEphemeralKey(ephemeralKey);

        if (encryptionToken.getTokenId() != null) {
            wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
        }
        if (encryptionToken.getTokenType() != null) {
            wsEncrypt.setCustomReferenceValue(encryptionToken.getTokenType());
        }

        try {
            wsEncrypt.build(doc, encryptionToken.getCrypto(), reqData.getSecHeader());
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error during encryption: ");
        }
    }

        X509Certificate cert =
            (X509Certificate)factory.generateCertificate(
                new java.io.ByteArrayInputStream(certBytes)
            );

        WSSecEncrypt encrypt = new WSSecEncrypt();
        encrypt.setUseThisCert(cert);
        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        Document encryptedDoc = encrypt.build(doc, crypto, secHeader);

        if (LOG.isDebugEnabled()) {
            String outputString =
                XMLUtils.PrettyDocumentToString(encryptedDoc);
            LOG.debug(outputString);

        X509Certificate cert =
            (X509Certificate)factory.generateCertificate(
                new java.io.ByteArrayInputStream(certBytes)
            );

        WSSecEncrypt encrypt = new WSSecEncrypt();
        encrypt.setUseThisCert(cert);
        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        Document encryptedDoc = encrypt.build(doc, crypto, secHeader);

        if (LOG.isDebugEnabled()) {
            String outputString =
                XMLUtils.PrettyDocumentToString(encryptedDoc);
            LOG.debug(outputString);

     * Test for the wsse:FailedCheck faultcode. This will fail due to a bad password in
     * the callback handler.
     */
    @org.junit.Test
    public void testFailedCheck() throws Exception {
        WSSecEncrypt builder = new WSSecEncrypt(secEngine.getWssConfig());
        builder.setUserInfo("wss40", "security");
        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        Document encryptedDoc = builder.build(doc, crypto, secHeader);

        try {
            verify(encryptedDoc);
            fail("Failure expected with a bad password");
        } catch (WSSecurityException ex) {

            Document doc = documentBuilderFactory.newDocumentBuilder().parse(sourceDocument);

            WSSecHeader secHeader = new WSSecHeader();
            secHeader.insertSecurityHeader(doc);

            WSSecEncrypt builder = new WSSecEncrypt();
            builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
            builder.setSymmetricKey(key);
            builder.setEncryptSymmKey(false);
            Document securedDocument = builder.build(doc, null, secHeader);

            XPathExpression xPathExpression = getXPath("/soap:Envelope/soap:Body/xenc:EncryptedData/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
            Assert.assertNotNull(node);

            WSSecHeader secHeader = new WSSecHeader();
            secHeader.insertSecurityHeader(doc);
            Element securityHeaderElement = secHeader.getSecurityHeader();
            securityHeaderElement.appendChild(doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/wsdl/", "definitions").item(0));

            WSSecEncrypt builder = new WSSecEncrypt();
            builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            builder.setUserInfo("receiver");
            Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
            builder.prepare(doc, crypto);

            WSEncryptionPart encP = new WSEncryptionPart("definitions", "http://schemas.xmlsoap.org/wsdl/", "Element");
            List<WSEncryptionPart> encryptionParts = new ArrayList<WSEncryptionPart>();
            encryptionParts.add(encP);
            Element ref = builder.encryptForRef(null, encryptionParts);
            ref.removeChild(ref.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "DataReference").item(0));
            builder.addExternalRefElement(ref, secHeader);
            builder.prependToHeader(secHeader);

            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
            transformer.transform(new DOMSource(doc), new StreamResult(baos));
        }