public void testLowIterationEncryption() throws Exception {
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
UsernameToken usernameToken = new UsernameToken(true, doc, null);
usernameToken.setName("bob");
WSSConfig config = WSSConfig.getNewInstance();
usernameToken.setID(config.getIdAllocator().createId("UsernameToken-", usernameToken));
usernameToken.addIteration(doc, 500);
byte[] salt = usernameToken.addSalt(doc, null, false);
byte[] derivedKey = UsernameTokenUtil.generateDerivedKey("security", salt, 500);
//
// Derived key encryption
//
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(derivedKey, usernameToken.getID());
encrBuilder.setCustomValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
Document encryptedDoc = encrBuilder.build(doc, secHeader);
WSSecurityUtil.prependChildElement(
secHeader.getSecurityHeader(), usernameToken.getElement()
);
String outputString =
XMLUtils.PrettyDocumentToString(doc);
assertTrue(outputString.contains("wsse:Username"));