Return-Path: X-Original-To: apmail-camel-commits-archive@www.apache.org Delivered-To: apmail-camel-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9F5A5109DC for ; Wed, 14 Aug 2013 11:01:08 +0000 (UTC) Received: (qmail 98509 invoked by uid 500); 14 Aug 2013 11:01:07 -0000 Delivered-To: apmail-camel-commits-archive@camel.apache.org Received: (qmail 98391 invoked by uid 500); 14 Aug 2013 11:01:07 -0000 Mailing-List: contact commits-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@camel.apache.org Delivered-To: mailing list commits@camel.apache.org Received: (qmail 97729 invoked by uid 99); 14 Aug 2013 11:01:04 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Aug 2013 11:01:04 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id C1AFB8BE806; Wed, 14 Aug 2013 11:01:03 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: davsclaus@apache.org To: commits@camel.apache.org Date: Wed, 14 Aug 2013 11:01:06 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [4/4] git commit: CAMEL-6622: Support XML Encryption 1.1 features in the camel-xmlsecurity. Thanks to Colm for the patch. CAMEL-6622: Support XML Encryption 1.1 features in the camel-xmlsecurity. Thanks to Colm for the patch. Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/12fd8617 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/12fd8617 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/12fd8617 Branch: refs/heads/master Commit: 12fd86170f059183100a507c41cad73237776305 Parents: 58a636b Author: Claus Ibsen Authored: Wed Aug 14 12:45:10 2013 +0200 Committer: Claus Ibsen Committed: Wed Aug 14 12:45:10 2013 +0200 ---------------------------------------------------------------------- .../apache/camel/builder/DataFormatClause.java | 15 +- .../model/dataformat/XMLSecurityDataFormat.java | 27 ++- components/camel-xmlsecurity/pom.xml | 8 +- .../xmlsecurity/XMLSecurityDataFormat.java | 85 ++++++-- .../xmlsecurity/XMLEncryption11Test.java | 211 +++++++++++++++++++ 5 files changed, 328 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java b/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java index beb817b..c2ce089 100644 --- a/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java +++ b/camel-core/src/main/java/org/apache/camel/builder/DataFormatClause.java @@ -570,7 +570,7 @@ public class DataFormatClause> { } /** - * @deprectaed Use {@link #secureXML(String, Map, boolean, String, String, String, String) instead. + * @deprecated Use {@link #secureXML(String, Map, boolean, String, String, String, String) instead. * Uses the XML Security data format */ @Deprecated @@ -658,7 +658,18 @@ public class DataFormatClause> { XMLSecurityDataFormat xsdf = new XMLSecurityDataFormat(secureTag, namespaces, secureTagContents, recipientKeyAlias, xmlCipherAlgorithm, keyCipherAlgorithm, keyOrTrustStoreParameters, keyPassword); return dataFormat(xsdf); - } + } + + /** + * Uses the XML Security data format + */ + public T secureXML(String secureTag, Map namespaces, boolean secureTagContents, String recipientKeyAlias, + String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters, String keyPassword, + String digestAlgorithm) { + XMLSecurityDataFormat xsdf = new XMLSecurityDataFormat(secureTag, namespaces, secureTagContents, recipientKeyAlias, xmlCipherAlgorithm, + keyCipherAlgorithm, keyOrTrustStoreParameters, keyPassword, digestAlgorithm); + return dataFormat(xsdf); + } /** * Uses the xmlBeans data format http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java index 7670238..581feff 100644 --- a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java +++ b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java @@ -55,6 +55,8 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements Names private String keyOrTrustStoreParametersId; @XmlAttribute private String keyPassword; + @XmlAttribute + private String digestAlgorithm; @XmlTransient private KeyStoreParameters keyOrTrustStoreParameters; @@ -211,7 +213,19 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements Names this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters); this.setKeyPassword(keyPassword); } - + + public XMLSecurityDataFormat(String secureTag, Map namespaces, boolean secureTagContents, String recipientKeyAlias, + String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters, String keyPassword, + String digestAlgorithm) { + this(secureTag, secureTagContents); + this.setRecipientKeyAlias(recipientKeyAlias); + this.setXmlCipherAlgorithm(xmlCipherAlgorithm); + this.setKeyCipherAlgorithm(keyCipherAlgorithm); + this.setNamespaces(namespaces); + this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters); + this.setKeyPassword(keyPassword); + this.setDigestAlgorithm(digestAlgorithm); + } @Override protected void configureDataFormat(DataFormat dataFormat) { @@ -251,6 +265,9 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements Names if (keyPassword != null) { setProperty(dataFormat, "keyPassword", this.getKeyPassword()); } + if (digestAlgorithm != null) { + setProperty(dataFormat, "digestAlgorithm", this.getDigestAlgorithm()); + } } public String getXmlCipherAlgorithm() { @@ -321,6 +338,14 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements Names return this.keyPassword; } + public String getDigestAlgorithm() { + return digestAlgorithm; + } + + public void setDigestAlgorithm(String digestAlgorithm) { + this.digestAlgorithm = digestAlgorithm; + } + public void setKeyPassword(String keyPassword) { this.keyPassword = keyPassword; } http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/pom.xml ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/pom.xml b/components/camel-xmlsecurity/pom.xml index 4b33a97..d3749d1 100755 --- a/components/camel-xmlsecurity/pom.xml +++ b/components/camel-xmlsecurity/pom.xml @@ -81,7 +81,13 @@ org.springframework spring-test test - + + + org.bouncycastle + bcprov-jdk15on + ${bouncycastle-version} + test + http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java index abca6bb..22437a6 100755 --- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java +++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java @@ -101,6 +101,19 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { private String xmlCipherAlgorithm; private String keyCipherAlgorithm; + + /** + * Digest Algorithm to be used with RSA-OAEP. The default is SHA-1 (which is not + * written out unless it is explicitly configured). + */ + private String digestAlgorithm; + + /** + * MGF Algorithm to be used with RSA-OAEP. The default is MGF-SHA-1 (which is not + * written out unless it is explicitly configured). + */ + private String mgfAlgorithm; + private byte[] passPhrase; private String secureTag; @@ -301,8 +314,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { this.setKeyCipherAlgorithm(keyCipherAlgorithm); this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters); this.setKeyPassword(keyPassword); - } - + } + public XMLSecurityDataFormat(String secureTag, Map namespaces, boolean secureTagContents, String recipientKeyAlias, String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters) { this(); @@ -328,6 +341,21 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { this.setKeyPassword(keyPassword); } + public XMLSecurityDataFormat(String secureTag, Map namespaces, boolean secureTagContents, String recipientKeyAlias, + String xmlCipherAlgorithm, String keyCipherAlgorithm, KeyStoreParameters keyOrTrustStoreParameters, String keyPassword, + String digestAlgorithm) { + this(); + this.setSecureTag(secureTag); + this.setSecureTagContents(secureTagContents); + this.setXmlCipherAlgorithm(xmlCipherAlgorithm); + this.setRecipientKeyAlias(recipientKeyAlias); + this.setKeyCipherAlgorithm(keyCipherAlgorithm); + this.setNamespaces(namespaces); + this.setKeyOrTrustStoreParameters(keyOrTrustStoreParameters); + this.setKeyPassword(keyPassword); + this.setDigestAlgorithm(digestAlgorithm); + } + @Override public void setCamelContext(CamelContext camelContext) { this.camelContext = camelContext; @@ -389,7 +417,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { Document document = exchange.getContext().getTypeConverter().convertTo(Document.class, exchange, is); if (null != keyCipherAlgorithm - && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP))) { + && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP) + || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP_11))) { encryptAsymmetric(exchange, document, stream); } else if (null != recipientKeyAlias) { encryptAsymmetric(exchange, document, stream); @@ -433,10 +462,10 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { Key dataEncryptionKey = generateDataEncryptionKey(); XMLCipher keyCipher; - if (null != this.getKeyCyperAlgorithm()) { - keyCipher = XMLCipher.getInstance(this.getKeyCyperAlgorithm()); + if (null != this.getKeyCipherAlgorithm()) { + keyCipher = XMLCipher.getInstance(this.getKeyCipherAlgorithm(), null, digestAlgorithm); } else { - keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5); + keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5, null, digestAlgorithm); } keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey); encrypt(exchange, document, stream, dataEncryptionKey, keyCipher); @@ -535,7 +564,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { Document encodedDocument = exchange.getContext().getTypeConverter().convertTo(Document.class, exchange, stream); if (null != keyCipherAlgorithm - && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP))) { + && (keyCipherAlgorithm.equals(XMLCipher.RSA_v1dot5) || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP) + || keyCipherAlgorithm.equals(XMLCipher.RSA_OAEP_11))) { return decodeWithAsymmetricKey(exchange, encodedDocument); } else { return decodeWithSymmetricKey(exchange, encodedDocument); @@ -647,11 +677,14 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { } else { keyGenerator = KeyGenerator.getInstance("AES"); } - if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)) { + if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)) { keyGenerator.init(128); - } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)) { + } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)) { keyGenerator.init(192); - } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)) { + } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) { keyGenerator.init(256); } return keyGenerator.generateKey(); @@ -660,7 +693,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher xmlCipher, Key dataEncryptionkey) throws XMLEncryptionException { - EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey); + EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm, null); KeyInfo keyInfo = new KeyInfo(document); keyInfo.add(encryptedKey); EncryptedData encryptedDataElement = xmlCipher.getEncryptedData(); @@ -671,11 +704,14 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { String algorithmKeyWrap = null; if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.TRIPLEDES)) { algorithmKeyWrap = XMLCipher.TRIPLEDES_KeyWrap; - } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)) { + } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)) { algorithmKeyWrap = XMLCipher.AES_128_KeyWrap; - } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)) { + } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)) { algorithmKeyWrap = XMLCipher.AES_192_KeyWrap; - } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)) { + } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256) + || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) { algorithmKeyWrap = XMLCipher.AES_256_KeyWrap; } @@ -704,10 +740,15 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { this.xmlCipherAlgorithm = xmlCipherAlgorithm; } + @Deprecated public String getKeyCyperAlgorithm() { return keyCipherAlgorithm; } + public String getKeyCipherAlgorithm() { + return keyCipherAlgorithm; + } + public void setKeyCipherAlgorithm(String keyCipherAlgorithm) { this.keyCipherAlgorithm = keyCipherAlgorithm; } @@ -866,4 +907,20 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { public void setKeyPassword(String keyPassword) { this.keyPassword = keyPassword; } + + public String getDigestAlgorithm() { + return digestAlgorithm; + } + + public void setDigestAlgorithm(String digestAlgorithm) { + this.digestAlgorithm = digestAlgorithm; + } + + public String getMgfAlgorithm() { + return mgfAlgorithm; + } + + public void setMgfAlgorithm(String mgfAlgorithm) { + this.mgfAlgorithm = mgfAlgorithm; + } } http://git-wip-us.apache.org/repos/asf/camel/blob/12fd8617/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java new file mode 100644 index 0000000..9a8ac0a --- /dev/null +++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLEncryption11Test.java @@ -0,0 +1,211 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.dataformat.xmlsecurity; + +import java.lang.reflect.Constructor; +import java.security.Provider; +import java.security.Security; +import java.util.HashMap; + +import javax.xml.transform.OutputKeys; + +import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.converter.jaxp.XmlConverter; +import org.apache.camel.test.junit4.CamelTestSupport; +import org.apache.camel.util.jsse.KeyStoreParameters; +import org.apache.xml.security.encryption.XMLCipher; +import org.apache.xml.security.utils.EncryptionConstants; +import org.junit.Test; + +/** + * Some unit tests for XML Encryption 1.1 functionality + */ +public class XMLEncryption11Test extends CamelTestSupport { + + TestHelper xmlsecTestHelper = new TestHelper(); + + public XMLEncryption11Test() throws Exception { + // + // BouncyCastle is required for GCM support + // + if (Security.getProvider("BC") == null) { + Constructor cons = null; + Class c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); + cons = c.getConstructor(new Class[] {}); + + Provider provider = (java.security.Provider)cons.newInstance(); + Security.insertProviderAt(provider, 2); + } + } + + @Override + public boolean isUseRouteBuilder() { + return false; + } + + @Override + public void setUp() throws Exception { + super.setUp(); + context.getProperties().put(XmlConverter.OUTPUT_PROPERTIES_PREFIX + OutputKeys.ENCODING, "UTF-8"); + } + + /* + * Encryption Tests + */ + @Test + public void testFullPayloadAsymmetricKeyEncryptionGCM() throws Exception { + KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat(); + xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP); + xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters); + xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128_GCM); + xmlEncDataFormat.setRecipientKeyAlias("recipient"); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal(xmlEncDataFormat).to("mock:encrypted"); + } + }); + xmlsecTestHelper.testEncryption(context); + } + + @Test + public void testFullPayloadAsymmetricKeyEncryptionSHA256() throws Exception { + KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat(); + xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP); + xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters); + xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128); + xmlEncDataFormat.setRecipientKeyAlias("recipient"); + xmlEncDataFormat.setDigestAlgorithm(XMLCipher.SHA256); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal(xmlEncDataFormat).to("mock:encrypted"); + } + }); + xmlsecTestHelper.testEncryption(context); + } + + @Test + public void testFullPayloadAsymmetricKeyEncryptionMGF256() throws Exception { + KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat(); + xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11); + xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters); + xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128); + xmlEncDataFormat.setMgfAlgorithm(EncryptionConstants.MGF1_SHA256); + xmlEncDataFormat.setRecipientKeyAlias("recipient"); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal(xmlEncDataFormat).to("mock:encrypted"); + } + }); + xmlsecTestHelper.testEncryption(context); + } + + /* + * Decryption Tests + */ + @Test + public void testFullPayloadAsymmetricKeyDecryptionGCM() throws Exception { + + final KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final KeyStoreParameters ksParameters = new KeyStoreParameters(); + ksParameters.setPassword("password"); + ksParameters.setResource("recipient.ks"); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal().secureXML("", true, "recipient", XMLCipher.AES_128_GCM, XMLCipher.RSA_OAEP, tsParameters).to("mock:encrypted") + .unmarshal().secureXML("", true, "recipient", XMLCipher.AES_128_GCM, XMLCipher.RSA_OAEP, ksParameters).to("mock:decrypted"); + } + }); + xmlsecTestHelper.testDecryption(context); + } + + @Test + public void testFullPayloadAsymmetricKeyDecryptionSHA256() throws Exception { + + final KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final KeyStoreParameters ksParameters = new KeyStoreParameters(); + ksParameters.setPassword("password"); + ksParameters.setResource("recipient.ks"); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal().secureXML("", new HashMap(), true, "recipient", XMLCipher.AES_128, + XMLCipher.RSA_OAEP, tsParameters, null, XMLCipher.SHA256).to("mock:encrypted") + .unmarshal().secureXML("", new HashMap(), true, "recipient", XMLCipher.AES_128, + XMLCipher.RSA_OAEP, ksParameters, null, XMLCipher.SHA256).to("mock:decrypted"); + } + }); + xmlsecTestHelper.testDecryption(context); + } + + @Test + public void testFullPayloadAsymmetricKeyDecryptionMGF256() throws Exception { + + final KeyStoreParameters tsParameters = new KeyStoreParameters(); + tsParameters.setPassword("password"); + tsParameters.setResource("sender.ts"); + + final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat(); + xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11); + xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters); + xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128); + xmlEncDataFormat.setMgfAlgorithm(EncryptionConstants.MGF1_SHA256); + xmlEncDataFormat.setRecipientKeyAlias("recipient"); + + final KeyStoreParameters ksParameters = new KeyStoreParameters(); + ksParameters.setPassword("password"); + ksParameters.setResource("recipient.ks"); + + context.addRoutes(new RouteBuilder() { + public void configure() { + from("direct:start") + .marshal(xmlEncDataFormat).to("mock:encrypted") + // .log("Body: + ${body}") + .unmarshal().secureXML("", new HashMap(), true, "recipient", XMLCipher.AES_128, + XMLCipher.RSA_OAEP, ksParameters).to("mock:decrypted"); + } + }); + xmlsecTestHelper.testDecryption(context); + } + +}