camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject camel git commit: Add the ability to send a KeyValue in the EncryptedKey in camel-xmlsecurity
Date Tue, 02 Dec 2014 12:03:48 GMT
Repository: camel
Updated Branches:
  refs/heads/master da1813bbf -> 3817962c8


Add the ability to send a KeyValue in the EncryptedKey in camel-xmlsecurity


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/3817962c
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/3817962c
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/3817962c

Branch: refs/heads/master
Commit: 3817962c82d11461f02ba1ea170e5abebffd8259
Parents: da1813b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 2 12:00:59 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 2 12:01:56 2014 +0000

----------------------------------------------------------------------
 .../model/dataformat/XMLSecurityDataFormat.java | 12 +++++
 .../xmlsecurity/XMLSecurityDataFormat.java      | 35 +++++++++++---
 .../dataformat/xmlsecurity/TestHelper.java      |  3 +-
 .../xmlsecurity/XMLSecurityDataFormatTest.java  | 51 ++++++++++++++++++++
 4 files changed, 92 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/3817962c/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
index 1cefdba..b5e02f6 100644
--- a/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
+++ b/camel-core/src/main/java/org/apache/camel/model/dataformat/XMLSecurityDataFormat.java
@@ -60,6 +60,8 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
     private String digestAlgorithm;
     @XmlAttribute
     private String mgfAlgorithm;
+    @XmlAttribute
+    private boolean addKeyValueForEncryptedKey = true;
 
     @XmlTransient
     private KeyStoreParameters keyOrTrustStoreParameters;
@@ -274,6 +276,8 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
         if (mgfAlgorithm != null) {
             setProperty(camelContext, dataFormat, "mgfAlgorithm", this.getMgfAlgorithm());
         }
+        
+        setProperty(camelContext, dataFormat, "addKeyValueForEncryptedKey", isAddKeyValueForEncryptedKey());
     }
 
     public String getXmlCipherAlgorithm() {
@@ -363,6 +367,14 @@ public class XMLSecurityDataFormat extends DataFormatDefinition implements
Names
     public void setMgfAlgorithm(String mgfAlgorithm) {
         this.mgfAlgorithm = mgfAlgorithm;
     }
+    
+    public boolean isAddKeyValueForEncryptedKey() {
+        return addKeyValueForEncryptedKey;
+    }
+
+    public void setAddKeyValueForEncryptedKey(boolean addKeyValueForEncryptedKey) {
+        this.addKeyValueForEncryptedKey = addKeyValueForEncryptedKey;
+    }
 
     @Override
     public void setNamespaces(Map<String, String> nspaces) {

http://git-wip-us.apache.org/repos/asf/camel/blob/3817962c/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
index 3e816c5..ada0ce8 100755
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
@@ -29,6 +29,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
+import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Arrays;
 import java.util.Map;
@@ -43,7 +44,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
-
 import org.apache.camel.CamelContext;
 import org.apache.camel.CamelContextAware;
 import org.apache.camel.Exchange;
@@ -139,6 +139,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
     
     private CamelContext camelContext;
     private DefaultNamespaceContext nsContext = new DefaultNamespaceContext();
+    private boolean addKeyValueForEncryptedKey = true;
         
     public XMLSecurityDataFormat() {
         this.xmlCipherAlgorithm = XMLCipher.TRIPLEDES;
@@ -475,8 +476,9 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         } else {
             keyCipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP, null, digestAlgorithm);
         }
+        
         keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey);
-        encrypt(exchange, document, stream, dataEncryptionKey, keyCipher);
+        encrypt(exchange, document, stream, dataEncryptionKey, keyCipher, keyEncryptionKey);
     }
      
     private void encryptSymmetric(Exchange exchange, Document document, OutputStream stream)
throws Exception {
@@ -499,7 +501,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         XMLCipher keyCipher = XMLCipher.getInstance(generateXmlCipherAlgorithmKeyWrap());
         keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey);
         
-        encrypt(exchange, document, stream, dataEncryptionKey, keyCipher);
+        encrypt(exchange, document, stream, dataEncryptionKey, keyCipher, keyEncryptionKey);
     }
     
     
@@ -531,12 +533,12 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
  
     
     private void encrypt(Exchange exchange, Document document, OutputStream stream, Key dataEncryptionKey,

-                         XMLCipher keyCipher) throws Exception {
+                         XMLCipher keyCipher, Key keyEncryptionKey) throws Exception {
         XMLCipher xmlCipher = XMLCipher.getInstance(xmlCipherAlgorithm);
         xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptionKey);
 
         if (secureTag.equalsIgnoreCase("")) {
-            embedKeyInfoInEncryptedData(document, keyCipher, xmlCipher, dataEncryptionKey);
+            embedKeyInfoInEncryptedData(document, keyCipher, xmlCipher, dataEncryptionKey,
keyEncryptionKey);
             document = xmlCipher.doFinal(document, document.getDocumentElement());
         } else {
                           
@@ -548,7 +550,8 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
             for (int i = 0; i < nodeList.getLength(); i++) {
                 Node node = nodeList.item(i);
                 document = node.getOwnerDocument();
-                embedKeyInfoInEncryptedData(node.getOwnerDocument(), keyCipher, xmlCipher,
dataEncryptionKey);
+                embedKeyInfoInEncryptedData(node.getOwnerDocument(), keyCipher, xmlCipher,

+                                            dataEncryptionKey, keyEncryptionKey);
                 Document temp = xmlCipher.doFinal(node.getOwnerDocument(), (Element) node,
getSecureTagContents());
                 document.importNode(temp.getDocumentElement().cloneNode(true), true);
             }    
@@ -603,7 +606,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
             keyStorePassword = keyOrTrustStoreParameters.getPassword();
         }
         
-        if (this.keyStore ==  null) {
+        if (this.keyStore == null) {
             throw new IllegalStateException("A key store must be defined for asymmetric key
decryption.");
         }
         
@@ -719,10 +722,18 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         return keyGenerator.generateKey();
     }
 
-    private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, XMLCipher
xmlCipher, Key dataEncryptionkey) 
+    private void embedKeyInfoInEncryptedData(Document document, XMLCipher keyCipher, 
+                                             XMLCipher xmlCipher, Key dataEncryptionkey,
+                                             Key keyEncryptionKey) 
         throws XMLEncryptionException {
 
         EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptionkey, mgfAlgorithm,
null);
+        if (addKeyValueForEncryptedKey && keyEncryptionKey instanceof PublicKey)
{
+            KeyInfo keyInfo = new KeyInfo(document);
+            keyInfo.add(((PublicKey)keyEncryptionKey));
+            encryptedKey.setKeyInfo(keyInfo);
+        }
+        
         KeyInfo keyInfo = new KeyInfo(document);
         keyInfo.add(encryptedKey);    
         EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
@@ -1047,4 +1058,12 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware
{
         this.mgfAlgorithm = mgfAlgorithm;
     }
 
+    public boolean isAddKeyValueForEncryptedKey() {
+        return addKeyValueForEncryptedKey;
+    }
+
+    public void setAddKeyValueForEncryptedKey(boolean addKeyValueForEncryptedKey) {
+        this.addKeyValueForEncryptedKey = addKeyValueForEncryptedKey;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/3817962c/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
index 900c334..0fff673 100644
--- a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
@@ -124,7 +124,7 @@ public class TestHelper {
         });
     }
       
-    protected void testEncryption(String fragment, CamelContext context) throws Exception
{
+    protected Document testEncryption(String fragment, CamelContext context) throws Exception
{
         MockEndpoint resultEndpoint = context.getEndpoint("mock:encrypted", MockEndpoint.class);
         resultEndpoint.setExpectedMessageCount(1);
         context.start();
@@ -136,6 +136,7 @@ public class TestHelper {
             logMessage(exchange, inDoc);
         }
         Assert.assertTrue("The XML message has no encrypted data.", hasEncryptedData(inDoc));
+        return inDoc;
     }
     
 

http://git-wip-us.apache.org/repos/asf/camel/blob/3817962c/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
index 6bf3f96..19fab79 100755
--- a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
@@ -29,7 +29,10 @@ import org.apache.camel.converter.jaxp.XmlConverter;
 import org.apache.camel.test.junit4.CamelTestSupport;
 import org.apache.camel.util.jsse.KeyStoreParameters;
 import org.apache.xml.security.encryption.XMLCipher;
+import org.junit.Assert;
 import org.junit.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
 
 /**
  * Unit test of the encryptXML data format.
@@ -201,6 +204,54 @@ public class XMLSecurityDataFormatTest extends CamelTestSupport {
         });
         xmlsecTestHelper.testEncryption(context);
     }
+    
+    @Test
+    public void testAsymmetricEncryptionAddKeyValue() throws Exception {
+        KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(testCypherAlgorithm);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+        xmlEncDataFormat.setAddKeyValueForEncryptedKey(true);
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted");
+            }
+        });
+        Document doc = xmlsecTestHelper.testEncryption(TestHelper.XML_FRAGMENT, context);
+        NodeList nodeList = 
+            doc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "RSAKeyValue");
+        Assert.assertTrue(nodeList.getLength() > 0);
+    }
+    
+    @Test
+    public void testAsymmetricEncryptionNoKeyValue() throws Exception {
+        KeyStoreParameters tsParameters = new KeyStoreParameters();
+        tsParameters.setPassword("password");
+        tsParameters.setResource("sender.ts");
+
+        final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+        xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+        xmlEncDataFormat.setXmlCipherAlgorithm(testCypherAlgorithm);
+        xmlEncDataFormat.setRecipientKeyAlias("recipient");
+        xmlEncDataFormat.setAddKeyValueForEncryptedKey(false);
+
+        context.addRoutes(new RouteBuilder() {
+            public void configure() {
+                from("direct:start")
+                    .marshal(xmlEncDataFormat).to("mock:encrypted");
+            }
+        });
+        Document doc = xmlsecTestHelper.testEncryption(TestHelper.XML_FRAGMENT, context);
+        NodeList nodeList = 
+            doc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "RSAKeyValue");
+        Assert.assertTrue(nodeList.getLength() == 0);
+    }
  
     /*
     * Decryption Tests


Mime
View raw message