camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From davscl...@apache.org
Subject [4/4] git commit: CAMEL-6622: Support XML Encryption 1.1 features in the camel-xmlsecurity. Thanks to Colm for the patch.
Date Wed, 14 Aug 2013 11:01:06 GMT
CAMEL-6622: Support XML Encryption 1.1 features in the camel-xmlsecurity. Thanks to Colm for
the patch.


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/12fd8617
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/12fd8617
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/12fd8617

Branch: refs/heads/master
Commit: 12fd86170f059183100a507c41cad73237776305
Parents: 58a636b
Author: Claus Ibsen <davsclaus@apache.org>
Authored: Wed Aug 14 12:45:10 2013 +0200
Committer: Claus Ibsen <davsclaus@apache.org>
Committed: Wed Aug 14 12:45:10 2013 +0200

----------------------------------------------------------------------
 .../apache/camel/builder/DataFormatClause.java  |  15 +-
 .../model/dataformat/XMLSecurityDataFormat.java |  27 ++-
 components/camel-xmlsecurity/pom.xml            |   8 +-
 .../xmlsecurity/XMLSecurityDataFormat.java      |  85 ++++++--
 .../xmlsecurity/XMLEncryption11Test.java        | 211 +++++++++++++++++++
 5 files changed, 328 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java b/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java
index beb817b..c2ce089 100644
--- a/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java
+++ b/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java
@@ -570,7 +570,7 @@ public class DataFormatClause<T extends ProcessorDefinition<?>>
{
     }
     
     /**
-     * @deprectaed Use {@link #secureXML(String, Map, boolean, String, String, String, String)
instead.
+     * @deprecated Use {@link #secureXML(String, Map, boolean, String, String, String, String)
instead.
      * Uses the XML Security data format
      */
     @Deprecated
@@ -658,7 +658,18 @@ public class DataFormatClause<T extends ProcessorDefinition<?>>
{
         XMLSecurityDataFormat xsdf = new XMLSecurityDataFormat(secureTag, namespaces, secureTagContents,
recipientKeyAlias, xmlCipherAlgorithm, 
                 keyCipherAlgorithm, keyOrTrustStoreParameters, keyPassword);
         return dataFormat(xsdf);
-    }    
+    }   
+    
+    /**
+     * Uses the XML Security data format
+     */
+    public T secureXML(String secureTag, Map<String, String> namespaces, boolean secureTagContents,
String recipientKeyAlias, 
+            String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters,
String keyPassword,
+            String digestAlgorithm) {
+        XMLSecurityDataFormat xsdf = new XMLSecurityDataFormat(secureTag, namespaces, secureTagContents,
recipientKeyAlias, xmlCipherAlgorithm, 
+                keyCipherAlgorithm, keyOrTrustStoreParameters, keyPassword, digestAlgorithm);
+        return dataFormat(xsdf);
+    }   
     
     /**
      * Uses the xmlBeans data format

http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
index 7670238..581feff 100644
--- a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
+++ b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
@@ -55,6 +55,8 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
     private String keyOrTrustStoreParametersId;
     @XmlAttribute
     private String keyPassword;
+    @XmlAttribute
+    private String digestAlgorithm;
     
     @XmlTransient
     private KeyStoreParameters keyOrTrustStoreParameters;
@@ -211,7 +213,19 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
         this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters);
         this.setKeyPassword(keyPassword);
     }
-        
+    
+    public XMLSecurityDataFormat(String secureTag, Map<String, String> namespaces,
boolean secureTagContents, String recipientKeyAlias,
+             String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters,
String keyPassword,
+             String digestAlgorithm) {
+        this(secureTag, secureTagContents);
+        this.setRecipientKeyAlias(recipientKeyAlias);
+        this.setXmlCipherAlgorithm(xmlCipherAlgorithm);
+        this.setKeyCipherAlgorithm(keyCipherAlgorithm);
+        this.setNamespaces(namespaces);
+        this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters);
+        this.setKeyPassword(keyPassword);
+        this.setDigestAlgorithm(digestAlgorithm);
+    }
 
     @Override
     protected void configureDataFormat(DataFormat dataFormat) {
@@ -251,6 +265,9 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
         if (keyPassword != null) {
             setProperty(dataFormat, "keyPassword", this.getKeyPassword());
         }
+        if (digestAlgorithm != null) {
+            setProperty(dataFormat, "digestAlgorithm", this.getDigestAlgorithm());
+        }
     }
 
     public String getXmlCipherAlgorithm() {
@@ -321,6 +338,14 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
         return this.keyPassword;
     }
     
+    public String getDigestAlgorithm() {
+        return digestAlgorithm;
+    }
+
+    public void setDigestAlgorithm(String digestAlgorithm) {
+        this.digestAlgorithm = digestAlgorithm;
+    }
+
     public void setKeyPassword(String keyPassword) {
         this.keyPassword = keyPassword;
     }

http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/pom.xml
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/pom.xml b/components/camel-xmlsecurity/pom.xml
index 4b33a97..d3749d1 100755
--- a/components/camel-xmlsecurity/pom.xml
+++ b/components/camel-xmlsecurity/pom.xml
@@ -81,7 +81,13 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
             <scope>test</scope>
-        </dependency>        
+        </dependency>   
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>${bouncycastle-version}</version>
+            <scope>test</scope>
+        </dependency>     
     </dependencies>
 
 </project>

http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
index abca6bb..22437a6 100755
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
@@ -101,6 +101,19 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
 
     private String xmlCipherAlgorithm;
     private String keyCipherAlgorithm;
+    
+    /**
+     * Digest Algorithm to be used with RSA-OAEP. The default is SHA-1 (which is not
+     * written out unless it is explicitly configured).
+     */
+    private String digestAlgorithm;
+    
+    /**
+     * MGF Algorithm to be used with RSA-OAEP. The default is MGF-SHA-1 (which is not
+     * written out unless it is explicitly configured).
+     */
+    private String mgfAlgorithm;
+
     private byte[] passPhrase;
 
     private String secureTag;
@@ -301,8 +314,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         this.setKeyCipherAlgorithm(keyCipherAlgorithm);
         this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters);
         this.setKeyPassword(keyPassword);
-    }    
-
+    }
+    
     public XMLSecurityDataFormat(String secureTag, Map<String, String> namespaces,
boolean secureTagContents, String recipientKeyAlias, 
             String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters)
{
         this();
@@ -328,6 +341,21 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         this.setKeyPassword(keyPassword);
     }
     
+    public XMLSecurityDataFormat(String secureTag, Map<String, String> namespaces,
boolean secureTagContents, String recipientKeyAlias, 
+            String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters,
String keyPassword,
+            String digestAlgorithm) {
+        this();
+        this.setSecureTag(secureTag);
+        this.setSecureTagContents(secureTagContents);
+        this.setXmlCipherAlgorithm(xmlCipherAlgorithm);
+        this.setRecipientKeyAlias(recipientKeyAlias);
+        this.setKeyCipherAlgorithm(keyCipherAlgorithm);
+        this.setNamespaces(namespaces);
+        this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters);
+        this.setKeyPassword(keyPassword);
+        this.setDigestAlgorithm(digestAlgorithm);
+    }
+    
     @Override
     public void setCamelContext(CamelContext camelContext) {
         this.camelContext = camelContext;
@@ -389,7 +417,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         Document document = exchange.getContext().getTypeConverter().convertTo(Document.class,
exchange, is);
         
         if (null != keyCipherAlgorithm 
-            && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP)))
{
+            && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP)
+                || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP_11))) {
             encryptAsymmetric(exchange, document, stream);
         } else if (null != recipientKeyAlias) {
             encryptAsymmetric(exchange, document, stream);
@@ -433,10 +462,10 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         Key dataEncryptionKey = generateDataEncryptionKey();
         
         XMLCipher keyCipher;
-        if (null != this.getKeyCyperAlgorithm()) {
-            keyCipher = XMLCipher.getInstance(this.getKeyCyperAlgorithm());
+        if (null != this.getKeyCipherAlgorithm()) {
+            keyCipher = XMLCipher.getInstance(this.getKeyCipherAlgorithm(), null, digestAlgorithm);
         } else {
-            keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
+            keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5, null, digestAlgorithm);
         }
         keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey);
         encrypt(exchange, document, stream, dataEncryptionKey, keyCipher);
@@ -535,7 +564,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         Document encodedDocument = exchange.getContext().getTypeConverter().convertTo(Document.class,
exchange, stream);        
         
         if (null != keyCipherAlgorithm 
-            && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP)))
{
+            && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP)
+                || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP_11))) {
             return decodeWithAsymmetricKey(exchange, encodedDocument);
         } else {
             return decodeWithSymmetricKey(exchange, encodedDocument);
@@ -647,11 +677,14 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         } else {
             keyGenerator = KeyGenerator.getInstance("AES");
         }
-        if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)) {
+        if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)) {
             keyGenerator.init(128);
-        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)) {
+        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)) {
             keyGenerator.init(192);
-        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)) {
+        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) {
             keyGenerator.init(256);
         }
         return keyGenerator.generateKey();
@@ -660,7 +693,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
     private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher
xmlCipher, Key dataEncryptionkey) 
         throws XMLEncryptionException {
 
-        EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey);
+        EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm,
null);
         KeyInfo keyInfo = new KeyInfo(document);
         keyInfo.add(encryptedKey);    
         EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
@@ -671,11 +704,14 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         String algorithmKeyWrap = null;
         if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.TRIPLEDES)) {
             algorithmKeyWrap = XMLCipher.TRIPLEDES_KeyWrap;
-        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)) {
+        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)) {
             algorithmKeyWrap = XMLCipher.AES_128_KeyWrap;
-        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)) {
+        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)) {
             algorithmKeyWrap = XMLCipher.AES_192_KeyWrap;
-        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)) {
+        } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)
+            || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) {
             algorithmKeyWrap = XMLCipher.AES_256_KeyWrap;
         }
 
@@ -704,10 +740,15 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         this.xmlCipherAlgorithm = xmlCipherAlgorithm;
     }
     
+    @Deprecated
     public String getKeyCyperAlgorithm() {
         return keyCipherAlgorithm;
     }
     
+    public String getKeyCipherAlgorithm() {
+        return keyCipherAlgorithm;
+    }
+    
     public void setKeyCipherAlgorithm(String keyCipherAlgorithm) {
         this.keyCipherAlgorithm = keyCipherAlgorithm;
     }
@@ -866,4 +907,20 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
     public void setKeyPassword(String keyPassword) {
         this.keyPassword = keyPassword;
     }
+
+    public String getDigestAlgorithm() {
+        return digestAlgorithm;
+    }
+
+    public void setDigestAlgorithm(String digestAlgorithm) {
+        this.digestAlgorithm = digestAlgorithm;
+    }
+
+    public String getMgfAlgorithm() {
+        return mgfAlgorithm;
+    }
+
+    public void setMgfAlgorithm(String mgfAlgorithm) {
+        this.mgfAlgorithm = mgfAlgorithm;
+    }
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java
b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java
new file mode 100644
index 0000000..9a8ac0a
--- /dev/null
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java
@@ -0,0 +1,211 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.dataformat.xmlsecurity;
+
+import java.lang.reflect.Constructor;
+import java.security.Provider;
+import java.security.Security;
+import java.util.HashMap;
+
+import javax.xml.transform.OutputKeys;
+
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.converter.jaxp.XmlConverter;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.apache.camel.util.jsse.KeyStoreParameters;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.junit.Test;
+
+/**
+ * Some unit tests for XML Encryption 1.1 functionality
+ */
+public class XMLEncryption11Test extends CamelTestSupport {
+    
+    TestHelper xmlsecTestHelper = new TestHelper();
+
+    public XMLEncryption11Test() throws Exception {
+        //
+        // BouncyCastle is required for GCM support
+        //
+        if (Security.getProvider("BC") == null) {
+            Constructor<?> cons = null;
+            Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+            cons = c.getConstructor(new Class[] {});
+            
+            Provider provider = (java.security.Provider)cons.newInstance();
+            Security.insertProviderAt(provider, 2);
+        }
+    }
+
+    @Override
+    public boolean isUseRouteBuilder() {
+        return false;
+    }
+
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        context.getProperties().put(XmlConverter.OUTPUT_PROPERTIES_PREFIX + OutputKeys.ENCODING,
"UTF-8");
+    }
+    
+    /*
+     * Encryption Tests
+     */
+    @Test
+    public void testFullPayloadAsymmetricKeyEncryptionGCM() throws Exception {
+        KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128_GCM);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted");
+            }
+        });
+        xmlsecTestHelper.testEncryption(context);
+    }
+    
+    @Test
+    public void testFullPayloadAsymmetricKeyEncryptionSHA256() throws Exception {
+        KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+        xmlEncDataFormat.setDigestAlgorithm(XMLCipher.SHA256);
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted");
+            }
+        });
+        xmlsecTestHelper.testEncryption(context);
+    }
+    
+    @Test
+    public void testFullPayloadAsymmetricKeyEncryptionMGF256() throws Exception {
+        KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11);
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+        xmlEncDataFormat.setMgfAlgorithm(EncryptionConstants.MGF1_SHA256);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted");
+            }
+        });
+        xmlsecTestHelper.testEncryption(context);
+    }
+
+    /*
+     * Decryption Tests
+     */
+    @Test
+    public void testFullPayloadAsymmetricKeyDecryptionGCM() throws Exception {
+                      
+        final KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+        
+        final KeyStoreParameters ksParameters = new KeyStoreParameters();
+        ksParameters.setPassword("password");
+        ksParameters.setResource("recipient.ks");
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal().secureXML("", true, "recipient", XMLCipher.AES_128_GCM, XMLCipher.RSA_OAEP,
tsParameters).to("mock:encrypted")
+                    .unmarshal().secureXML("", true, "recipient", XMLCipher.AES_128_GCM,
XMLCipher.RSA_OAEP, ksParameters).to("mock:decrypted");
+            }
+        });
+        xmlsecTestHelper.testDecryption(context);
+    }
+    
+    @Test
+    public void testFullPayloadAsymmetricKeyDecryptionSHA256() throws Exception {
+                      
+        final KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+        
+        final KeyStoreParameters ksParameters = new KeyStoreParameters();
+        ksParameters.setPassword("password");
+        ksParameters.setResource("recipient.ks");
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal().secureXML("", new HashMap<String, String>(), true, "recipient",
XMLCipher.AES_128, 
+                                         XMLCipher.RSA_OAEP, tsParameters, null, XMLCipher.SHA256).to("mock:encrypted")
+                    .unmarshal().secureXML("", new HashMap<String, String>(), true,
"recipient", XMLCipher.AES_128, 
+                                         XMLCipher.RSA_OAEP, ksParameters, null, XMLCipher.SHA256).to("mock:decrypted");
+            }
+        });
+        xmlsecTestHelper.testDecryption(context);
+    }
+    
+    @Test
+    public void testFullPayloadAsymmetricKeyDecryptionMGF256() throws Exception {
+                      
+        final KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+        
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11);
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+        xmlEncDataFormat.setMgfAlgorithm(EncryptionConstants.MGF1_SHA256);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+        
+        final KeyStoreParameters ksParameters = new KeyStoreParameters();
+        ksParameters.setPassword("password");
+        ksParameters.setResource("recipient.ks");
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted")
+                    // .log("Body: + ${body}")
+                    .unmarshal().secureXML("", new HashMap<String, String>(), true,
"recipient", XMLCipher.AES_128, 
+                                         XMLCipher.RSA_OAEP, ksParameters).to("mock:decrypted");
+            }
+        });
+        xmlsecTestHelper.testDecryption(context);
+    }
+    
+}


Mime
View raw message