ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1388156 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/ws/security/dom/ ws-security-dom/src/main/java/org/apache/ws/security/dom/action/ ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/ ws-security...
Date Thu, 20 Sep 2012 18:52:23 GMT
Author: giger
Date: Thu Sep 20 18:52:22 2012
New Revision: 1388156

URL: http://svn.apache.org/viewvc?rev=1388156&view=rev
Log:
WSS-405 - Support for XML Encryption 1.1 algorithms

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/WSConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/EncryptionAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandlerConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/util/WSSecurityUtil.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/EncryptionGCMTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/EncDecryptionTest.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/WSConstants.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/WSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/WSConstants.java Thu Sep 20 18:52:22 2012
@@ -57,6 +57,7 @@ public final class WSConstants {
 
     public static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
     public static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+    public static final String ENC11_NS = "http://www.w3.org/2009/xmlenc11#";
     public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/";
     public static final String XML_NS = "http://www.w3.org/XML/1998/namespace";
     
@@ -100,6 +101,8 @@ public final class WSConstants {
         "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
     public static final String KEYTRANSPORT_RSAOEP = 
         "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+    public static final String KEYTRANSPORT_RSAOEP_XENC11 =
+            "http://www.w3.org/2009/xmlenc11#rsa-oaep";
     public static final String TRIPLE_DES = 
         "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
     public static final String AES_128 = 
@@ -124,6 +127,10 @@ public final class WSConstants {
         "http://www.w3.org/2000/09/xmldsig#sha1";
     public static final String SHA256 =
         "http://www.w3.org/2001/04/xmlenc#sha256";
+    public static final String SHA384 =
+        "http://www.w3.org/2001/04/xmldsig-more#sha384";
+    public static final String SHA512 =
+            "http://www.w3.org/2001/04/xmlenc#sha512";
     public static final String HMAC_SHA1 = 
         "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
     public static final String HMAC_SHA256 = 
@@ -134,7 +141,13 @@ public final class WSConstants {
         "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
     public static final String HMAC_MD5 = 
         "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
-    
+
+    public static final String MGF_SHA1 = "http://www.w3.org/2009/xmlenc11#mgf1sha1";
+    public static final String MGF_SHA224 = "http://www.w3.org/2009/xmlenc11#mgf1sha224";
+    public static final String MGF_SHA256 = "http://www.w3.org/2009/xmlenc11#mgf1sha256";
+    public static final String MGF_SHA384 = "http://www.w3.org/2009/xmlenc11#mgf1sha384";
+    public static final String MGF_SHA512 = "http://www.w3.org/2009/xmlenc11#mgf1sha512";
+
     public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
     /**
      * WS-Trust 1.3 namespace
@@ -208,6 +221,7 @@ public final class WSConstants {
     public static final String DEFAULT_SOAP_PREFIX = "soapenv";
     public static final String SIG_PREFIX = "ds";
     public static final String ENC_PREFIX = "xenc";
+    public static final String ENC11_PREFIX = "xenc11";
     public static final String C14N_EXCL_OMIT_COMMENTS_PREFIX = "ec";
     
     

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/EncryptionAction.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/EncryptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/EncryptionAction.java Thu Sep 20 18:52:22 2012
@@ -67,6 +67,10 @@ public class EncryptionAction implements
         if (reqData.getEncDigestAlgorithm() != null) {
             wsEncrypt.setDigestAlgorithm(reqData.getEncDigestAlgorithm());
         }
+
+        if (reqData.getEncMGFAlgorithm() != null) {
+            wsEncrypt.setMGFAlgorithm(reqData.getEncMGFAlgorithm());
+        }
         
         wsEncrypt.setUserInfo(reqData.getEncUser());
         wsEncrypt.setUseThisCert(reqData.getEncCert());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java Thu Sep 20 18:52:22 2012
@@ -65,6 +65,7 @@ public class RequestData {
     private String sigAlgorithm = null;
     private String signatureDigestAlgorithm = null;
     private String encryptionDigestAlgorithm = null;
+    private String encryptionMGFAlgorithm = null;
     private List<WSEncryptionPart> signatureParts = new ArrayList<WSEncryptionPart>();
     private int encKeyId = 0;
     private String encSymmAlgo = null;
@@ -248,6 +249,14 @@ public class RequestData {
         this.encryptionDigestAlgorithm = encDigestAlgorithm;
     }
 
+    public String getEncMGFAlgorithm() {
+        return encryptionMGFAlgorithm;
+    }
+
+    public void setEncMGFAlgorithm(String encMGFAlgorithm) {
+        this.encryptionMGFAlgorithm = encMGFAlgorithm;
+    }
+
     public List<WSEncryptionPart> getSignatureParts() {
         return signatureParts;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java Thu Sep 20 18:52:22 2012
@@ -591,6 +591,9 @@ public abstract class WSHandler {
         
         String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
         reqData.setEncDigestAlgorithm(digestAlgo);
+
+        String mgfAlgo = getString(WSHandlerConstants.ENC_MGF_ALGO, mc);
+        reqData.setEncMGFAlgorithm(mgfAlgo);
         
         String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
         if (encSymEncKey != null) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandlerConstants.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandlerConstants.java Thu Sep 20 18:52:22 2012
@@ -678,6 +678,19 @@ public final class WSHandlerConstants {
     public static final String ENC_DIGEST_ALGO = "encryptionDigestAlgorithm";
 
     /**
+     * Defines which encryption mgf algorithm to use with the RSA OAEP Key Transport
+     * algorithm for encryption. The default is mgfsha1.
+     * <p/>
+     * The application may set this parameter using the following method:
+     * <pre>
+     * call.setProperty(
+     *    WSHandlerConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha256"
+     * );
+     * </pre>
+     */
+    public static final String ENC_MGF_ALGO = "encryptionMGFAlgorithm";
+
+    /**
      * Time-To-Live is the time difference between creation and expiry time in
      * seconds in the WSS Timestamp. After this time the SOAP request is
      * invalid (at least the security data shall be treated this way).

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecEncryptedKey.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecEncryptedKey.java Thu Sep 20 18:52:22 2012
@@ -106,6 +106,12 @@ public class WSSecEncryptedKey extends W
     private String digestAlgo = null;
 
     /**
+     * MGF Algorithm to be used with RSA-OAEP. The default is MGF-SHA-1 (which is not
+     * written out unless it is explicitly configured).
+     */
+    private String mgfAlgo = null;
+
+    /**
      * xenc:EncryptedKey element
      */
     protected Element encryptedKeyElement = null;
@@ -235,15 +241,29 @@ public class WSSecEncryptedKey extends W
         Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
         try {
             OAEPParameterSpec oaepParameterSpec = null;
-            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(keyEncAlgo)) {
+            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(keyEncAlgo)
+                    || WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo)) {
                 String jceDigestAlgorithm = "SHA-1";
                 if (digestAlgo != null) {
                     jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgo);
                 }
+
+                MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-1");
+                if (mgfAlgo != null) {
+                    if (WSConstants.MGF_SHA224.equals(mgfAlgo)) {
+                        mgf1ParameterSpec = new MGF1ParameterSpec("SHA-224");
+                    } if (WSConstants.MGF_SHA256.equals(mgfAlgo)) {
+                        mgf1ParameterSpec = new MGF1ParameterSpec("SHA-256");
+                    } else if (WSConstants.MGF_SHA384.equals(mgfAlgo)) {
+                        mgf1ParameterSpec = new MGF1ParameterSpec("SHA-384");
+                    } else if (WSConstants.MGF_SHA512.equals(mgfAlgo)) {
+                        mgf1ParameterSpec = new MGF1ParameterSpec("SHA-512");
+                    }
+                }
                 
                 oaepParameterSpec = 
                     new OAEPParameterSpec(
-                        jceDigestAlgorithm, "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
+                        jceDigestAlgorithm, "MGF1", mgf1ParameterSpec, PSource.PSpecified.DEFAULT
                     );
             }
             if (oaepParameterSpec == null) {
@@ -457,6 +477,12 @@ public class WSSecEncryptedKey extends W
             digestElement.setAttributeNS(null, "Algorithm", digestAlgo);
             encryptionMethod.appendChild(digestElement);
         }
+        if (mgfAlgo != null) {
+            Element mgfElement =
+                doc.createElementNS(WSConstants.ENC11_NS, WSConstants.ENC11_PREFIX + ":MGF");
+            mgfElement.setAttributeNS(null, "Algorithm", mgfAlgo);
+            encryptionMethod.appendChild(mgfElement);
+        }
         
         encryptedKey.appendChild(encryptionMethod);
         return encryptedKey;
@@ -690,7 +716,25 @@ public class WSSecEncryptedKey extends W
     public String getDigestAlgorithm() {
         return digestAlgo;
     }
-    
+
+    /**
+     * Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The
+     * default is MGF-SHA-1.
+     *
+     * @param mgfAlgorithm the MGF algorithm to use with the RSA-OAEP key transport algorithm
+     */
+    public void setMGFAlgorithm(String mgfAlgorithm) {
+        this.mgfAlgo = mgfAlgorithm;
+    }
+
+    /**
+     * Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The
+     * default is MGF-SHA-1.
+     */
+    public String getMGFAlgorithm() {
+        return mgfAlgo;
+    }
+
     /**
      * @return The symmetric key
      */

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/EncryptedKeyProcessor.java Thu Sep 20 18:52:22 2012
@@ -107,17 +107,38 @@ public class EncryptedKeyProcessor imple
         try {
             PrivateKey privateKey = data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
             OAEPParameterSpec oaepParameterSpec = null;
-            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(encryptedKeyTransportMethod)) {
+            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(encryptedKeyTransportMethod)
+                    || WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encryptedKeyTransportMethod)) {
                 // Get the DigestMethod if it exists
                 String digestAlgorithm = getDigestAlgorithm(elem);
                 String jceDigestAlgorithm = "SHA-1";
                 if (digestAlgorithm != null && !"".equals(digestAlgorithm)) {
                     jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
                 }
+
+                String mgfAlgorithm = getMGFAlgorithm(elem);
+                MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
+                if (mgfAlgorithm != null) {
+                    if (WSConstants.MGF_SHA224.equals(mgfAlgorithm)) {
+                        mgfParameterSpec = new MGF1ParameterSpec("SHA-224");
+                    } else if (WSConstants.MGF_SHA256.equals(mgfAlgorithm)) {
+                        mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
+                    } else if (WSConstants.MGF_SHA384.equals(mgfAlgorithm)) {
+                        mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
+                    } else if (WSConstants.MGF_SHA512.equals(mgfAlgorithm)) {
+                        mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
+                    }
+                }
+
+                PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
+                byte[] pSourceBytes = getPSource(elem);
+                if (pSourceBytes != null) {
+                    pSource = new PSource.PSpecified(pSourceBytes);
+                }
                 
                 oaepParameterSpec = 
                     new OAEPParameterSpec(
-                        jceDigestAlgorithm, "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT
+                        jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource
                     );
             }
             if (oaepParameterSpec == null) {
@@ -233,6 +254,36 @@ public class EncryptedKeyProcessor imple
         }
         return null;
     }
+
+    private static String getMGFAlgorithm(Node encBodyData) throws WSSecurityException {
+        Element tmpE =
+                WSSecurityUtil.getDirectChildElement(
+                        encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+                );
+        if (tmpE != null) {
+            Element mgfElement =
+                    WSSecurityUtil.getDirectChildElement(tmpE, "MGF", WSConstants.ENC11_NS);
+            if (mgfElement != null) {
+                return mgfElement.getAttribute("Algorithm");
+            }
+        }
+        return null;
+    }
+
+    private static byte[] getPSource(Node encBodyData) throws WSSecurityException {
+        Element tmpE =
+                WSSecurityUtil.getDirectChildElement(
+                        encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+                );
+        if (tmpE != null) {
+            Element pSourceElement =
+                    WSSecurityUtil.getDirectChildElement(tmpE, "OAEPparams", WSConstants.ENC_NS);
+            if (pSourceElement != null) {
+                return getDecodedBase64EncodedData(pSourceElement);
+            }
+        }
+        return null;
+    }
     
     /**
      * @return the Certificate(s) corresponding to the public key reference in the 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/util/WSSecurityUtil.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/util/WSSecurityUtil.java Thu Sep 20 18:52:22 2012
@@ -1002,6 +1002,12 @@ public final class WSSecurityUtil {
             return 24;
         } else if (algorithm.equals(WSConstants.AES_256)) {
             return 32;
+        } else if (algorithm.equals(WSConstants.AES_128_GCM)) {
+            return 16;
+        } else if (algorithm.equals(WSConstants.AES_192_GCM)) {
+            return 24;
+        } else if (algorithm.equals(WSConstants.AES_256_GCM)) {
+            return 32;
         } else if (WSConstants.HMAC_SHA1.equals(algorithm)) {
             return 20;
         } else if (WSConstants.HMAC_SHA256.equals(algorithm)) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/EncryptionGCMTest.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/EncryptionGCMTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/EncryptionGCMTest.java Thu Sep 20 18:52:22 2012
@@ -21,6 +21,7 @@ package org.apache.ws.security.dom.messa
 
 import javax.security.auth.callback.CallbackHandler;
 
+import org.apache.ws.security.common.bsp.BSPRule;
 import org.apache.ws.security.dom.WSConstants;
 import org.apache.ws.security.dom.WSDataRef;
 import org.apache.ws.security.dom.WSSConfig;
@@ -32,8 +33,12 @@ import org.apache.ws.security.common.cry
 import org.apache.ws.security.common.crypto.CryptoFactory;
 import org.apache.ws.security.common.util.DOM2Writer;
 import org.apache.ws.security.common.util.XMLUtils;
+import org.apache.ws.security.dom.handler.RequestData;
 import org.w3c.dom.Document;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * A set of test-cases for encrypting and decrypting SOAP requests using GCM. See:
  * https://issues.apache.org/jira/browse/WSS-325
@@ -107,11 +112,38 @@ public class EncryptionGCMTest extends o
         verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
     }
 
+    @org.junit.Test
+    public void testAES192GCM_RSAOAEP_SHA256_MGFSHA256() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setUserInfo("wss40");
+        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_192_GCM);
+        builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOEP_XENC11);
+        builder.setDigestAlgorithm(WSConstants.SHA256);
+        builder.setMGFAlgorithm(WSConstants.MGF_SHA256);
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+        String outputString =
+                XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("http://www.w3.org/2009/xmlenc11#rsa-oaep") > 0);
+        assertTrue(outputString.indexOf("http://www.w3.org/2001/04/xmlenc#sha256") > 0);
+        assertTrue(outputString.indexOf("http://www.w3.org/2009/xmlenc11#aes192-gcm") > 0);
+        assertTrue(outputString.indexOf("http://www.w3.org/2009/xmlenc11#mgf1sha256") > 0);
+        assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+        verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+    }
+
     /**
      * Verifies the soap envelope
      * <p/>
      * 
-     * @param envelope 
      * @throws Exception Thrown when there is a problem in verification
      */
     @SuppressWarnings("unchecked")
@@ -120,8 +152,14 @@ public class EncryptionGCMTest extends o
         CallbackHandler handler,
         javax.xml.namespace.QName expectedEncryptedElement
     ) throws Exception {
-        final java.util.List<WSSecurityEngineResult> results = 
-            secEngine.processSecurityHeader(doc, null, handler, null, crypto);
+        RequestData requestData = new RequestData();
+        List<BSPRule> bspRules = new ArrayList<BSPRule>();
+        bspRules.add(BSPRule.R5621);
+        requestData.setIgnoredBSPRules(bspRules);
+        requestData.setCallbackHandler(handler);
+        requestData.setDecCrypto(crypto);
+        final java.util.List<WSSecurityEngineResult> results =
+            secEngine.processSecurityHeader(doc, null, requestData);
         String outputString = 
             XMLUtils.PrettyDocumentToString(doc);
         if (LOG.isDebugEnabled()) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSConstants.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSConstants.java Thu Sep 20 18:52:22 2012
@@ -44,7 +44,20 @@ public class WSSConstants extends XMLSec
 
     static {
         try {
-            setJaxbContext(JAXBContext.newInstance("org.apache.ws.security.binding.wss10:org.apache.ws.security.binding.wss11:org.apache.ws.security.binding.wsu10:org.apache.ws.security.binding.wssc13:org.apache.ws.security.binding.wssc200502:org.apache.xml.security.binding.xmlenc:org.apache.xml.security.binding.xmldsig:org.apache.xml.security.binding.xmldsig11:org.apache.xml.security.binding.excc14n"));
+            setJaxbContext(
+                    JAXBContext.newInstance(
+                            "org.apache.ws.security.binding.wss10:" +
+                                    "org.apache.ws.security.binding.wss11:" +
+                                    "org.apache.ws.security.binding.wsu10:" +
+                                    "org.apache.ws.security.binding.wssc13:" +
+                                    "org.apache.ws.security.binding.wssc200502:" +
+                                    "org.apache.xml.security.binding.xmlenc:" +
+                                    "org.apache.xml.security.binding.xmlenc11:" +
+                                    "org.apache.xml.security.binding.xmldsig:" +
+                                    "org.apache.xml.security.binding.xmldsig11:" +
+                                    "org.apache.xml.security.binding.excc14n"
+                    )
+            );
             SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
             schemaFactory.setResourceResolver(new LSResourceResolver() {
                 @Override
@@ -80,6 +93,7 @@ public class WSSConstants extends XMLSec
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/exc-c14n.xsd")),
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xmldsig-core-schema.xsd")),
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xenc-schema.xsd")),
+                            new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xenc-schema-11.xsd")),
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("bindings/schemas/xmldsig11-schema.xsd")),
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd")),
                             new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd")),

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/EncryptedKeyOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/EncryptedKeyOutputProcessor.java Thu Sep 20 18:52:22 2012
@@ -36,12 +36,17 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -184,15 +189,45 @@ public class EncryptedKeyOutputProcessor
                         && WSSUtils.isInSecurityHeader(xmlSecStartElement, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
                     OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
 
-                    X509Certificate x509Certificate = securityToken.getKeyWrappingToken().getX509Certificates()[0];
+                    final X509Certificate x509Certificate = securityToken.getKeyWrappingToken().getX509Certificates()[0];
+                    final String encryptionKeyTransportAlgorithm = getSecurityProperties().getEncryptionKeyTransportAlgorithm();
 
                     List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
                     attributes.add(createAttribute(WSSConstants.ATT_NULL_Id, securityToken.getId()));
                     createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_EncryptedKey, true, attributes);
 
                     attributes = new ArrayList<XMLSecAttribute>(1);
-                    attributes.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, getSecurityProperties().getEncryptionKeyTransportAlgorithm()));
+                    attributes.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, encryptionKeyTransportAlgorithm));
                     createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_EncryptionMethod, false, attributes);
+
+                    final String encryptionKeyTransportMGFAlgorithm = getSecurityProperties().getEncryptionKeyTransportMGFAlgorithm();
+
+                    if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
+                            XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
+
+                        byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
+                        if (oaepParams != null) {
+                            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams, false, null);
+                            createCharactersAndOutputAsEvent(outputProcessorChain, Base64.encodeBase64String(oaepParams));
+                            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams);
+                        }
+
+                        String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
+                        if (encryptionKeyTransportDigestAlgorithm != null) {
+                            attributes = new ArrayList<XMLSecAttribute>(1);
+                            attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportDigestAlgorithm));
+                            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, attributes);
+                            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
+                        }
+
+                        if (encryptionKeyTransportMGFAlgorithm != null) {
+                            attributes = new ArrayList<XMLSecAttribute>(1);
+                            attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
+                            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, attributes);
+                            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
+                        }
+                    }
+
                     createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_EncryptionMethod);
                     createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_dsig_KeyInfo, true, null);
                     createSecurityTokenReferenceStructureForEncryptedKey(
@@ -206,9 +241,34 @@ public class EncryptedKeyOutputProcessor
 
                     try {
                         //encrypt the symmetric session key with the public key from the receiver:
-                        String jceid = JCEAlgorithmMapper.translateURItoJCEID(getSecurityProperties().getEncryptionKeyTransportAlgorithm());
+                        String jceid = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportAlgorithm);
                         Cipher cipher = Cipher.getInstance(jceid);
-                        cipher.init(Cipher.WRAP_MODE, x509Certificate);
+
+                        AlgorithmParameterSpec algorithmParameterSpec = null;
+                        if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
+                                XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
+
+                            String jceDigestAlgorithm = "SHA-1";
+                            String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
+                            if (encryptionKeyTransportDigestAlgorithm != null) {
+                                jceDigestAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportDigestAlgorithm);
+                            }
+
+                            PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
+                            byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
+                            if (oaepParams != null) {
+                                pSource = new PSource.PSpecified(oaepParams);
+                            }
+
+                            MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
+                            if (encryptionKeyTransportMGFAlgorithm != null) {
+                                String jceMGFAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportMGFAlgorithm);
+                                mgfParameterSpec = new MGF1ParameterSpec(jceMGFAlgorithm);
+                            }
+                            algorithmParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
+                        }
+
+                        cipher.init(Cipher.WRAP_MODE, x509Certificate.getPublicKey(), algorithmParameterSpec);
 
                         Key secretKey = securityToken.getSecretKey("");
 
@@ -232,6 +292,8 @@ public class EncryptedKeyOutputProcessor
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
                     } catch (IllegalBlockSizeException e) {
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+                    } catch (InvalidAlgorithmParameterException e) {
+                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
                     }
 
                     createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_CipherValue);

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java Thu Sep 20 18:52:22 2012
@@ -287,6 +287,7 @@ public abstract class AbstractTestBase {
         ignoredRules.add(BSPRule.R5407);
         ignoredRules.add(BSPRule.R5417);
         ignoredRules.add(BSPRule.R3063);
+        ignoredRules.add(BSPRule.R5621);
         requestData.setIgnoredBSPRules(ignoredRules);
 
         wss4JHandler.doReceiver(messageContext, requestData, false);
@@ -326,6 +327,8 @@ public abstract class AbstractTestBase {
                             return WSSConstants.NS_WSU10;
                         } else if (WSSConstants.PREFIX_XENC.equals(prefix)) {
                             return WSSConstants.NS_XMLENC;
+                        } else if (WSSConstants.PREFIX_XENC11.equals(prefix)) {
+                            return WSSConstants.NS_XMLENC11;
                         } else {
                             return null;
                         }
@@ -342,6 +345,8 @@ public abstract class AbstractTestBase {
                             return WSSConstants.PREFIX_WSU;
                         } else if (WSSConstants.NS_XMLENC.equals(namespaceURI)) {
                             return WSSConstants.PREFIX_XENC;
+                        } else if (WSSConstants.NS_XMLENC11.equals(namespaceURI)) {
+                            return WSSConstants.PREFIX_XENC11;
                         } else {
                             return null;
                         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/EncDecryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/EncDecryptionTest.java?rev=1388156&r1=1388155&r2=1388156&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/EncDecryptionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/EncDecryptionTest.java Thu Sep 20 18:52:22 2012
@@ -18,6 +18,7 @@
  */
 package org.apache.ws.security.stax.test;
 
+import org.apache.ws.security.common.bsp.BSPRule;
 import org.apache.ws.security.dom.handler.WSHandlerConstants;
 import org.apache.ws.security.stax.ext.WSSConstants;
 import org.apache.ws.security.stax.ext.WSSSecurityProperties;
@@ -27,6 +28,7 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
+import org.apache.xml.security.utils.Base64;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 import org.w3c.dom.Document;
@@ -1069,6 +1071,7 @@ public class EncDecryptionTest extends A
             Assert.assertEquals(nodeList.getLength(), 0);
         }
     }*/
+
     @Test
     public void testEncDecryptionKeyIdentifierX509KeyOutbound() throws Exception {
 
@@ -1511,4 +1514,464 @@ public class EncDecryptionTest extends A
                     operationSecurityEvents.size() + encryptedPartSecurityEvents.size());
         }
     }
+
+    /**
+     * rsa-oaep-mgf1p, Digest:SHA256, MGF:SHA1, PSource: None
+     */
+    @Test
+    public void testKeyWrappingRSAOAEPMGF1AESGCM128Outbound() throws Exception {
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2009/xmlenc11#aes128-gcm");
+            securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes128-gcm']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+            NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node child = childNodes.item(i);
+                if (child.getNodeType() == Node.TEXT_NODE) {
+                    Assert.assertEquals(child.getTextContent().trim(), "");
+                } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+                    Assert.assertEquals(child, nodeList.item(0));
+                } else {
+                    Assert.fail("Unexpected Node encountered");
+                }
+            }
+        }
+
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testKeyWrappingRSAOAEPMGF1AESGCM128Inbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.ENCRYPT;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2009/xmlenc11#aes128-gcm");
+            properties.put(WSHandlerConstants.ENC_KEY_TRANSPORT, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes128-gcm']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+        //test streaming decryption
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            //no encrypted content
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+        }
+    }
+
+    /**
+    * rsa-oaep-mgf1p, Digest:SHA256, MGF:SHA1, PSource: None
+    */
+    @Test
+    public void testKeyWrappingRSAOAEPAESGCM192SHA256Outbound() throws Exception {
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+            securityProperties.setEncryptionKeyTransportDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#sha256']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+            NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node child = childNodes.item(i);
+                if (child.getNodeType() == Node.TEXT_NODE) {
+                    Assert.assertEquals(child.getTextContent().trim(), "");
+                } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+                    Assert.assertEquals(child, nodeList.item(0));
+                } else {
+                    Assert.fail("Unexpected Node encountered");
+                }
+            }
+        }
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testKeyWrappingRSAOAEPAESGMC192SHA256Inbound() throws Exception {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.ENCRYPT;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            properties.put(WSHandlerConstants.ENC_KEY_TRANSPORT, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+            properties.put(WSHandlerConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256");
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#sha256']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+        //test streaming decryption
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            securityProperties.addIgnoreBSPRule(BSPRule.R5620);
+
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            //no encrypted content
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+        }
+    }
+
+    /**
+     * rsa-oaep, Digest:SHA384, MGF:SHA1, PSource: None
+     */
+    @Test
+    public void testKeyWrappingRSAOAEPAES192GCMSHA384MGF1sha384Outbound() throws Exception {
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
+            securityProperties.setEncryptionKeyTransportDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha384");
+            securityProperties.setEncryptionKeyTransportMGFAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha384");
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#rsa-oaep']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha384']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/xenc11:MGF[@Algorithm='http://www.w3.org/2009/xmlenc11#mgf1sha384']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+            NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node child = childNodes.item(i);
+                if (child.getNodeType() == Node.TEXT_NODE) {
+                    Assert.assertEquals(child.getTextContent().trim(), "");
+                } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+                    Assert.assertEquals(child, nodeList.item(0));
+                } else {
+                    Assert.fail("Unexpected Node encountered");
+                }
+            }
+        }
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testKeyWrappingRSAOAEPAES192GCMSHA384MGF1sha1Inbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.ENCRYPT;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            properties.put(WSHandlerConstants.ENC_KEY_TRANSPORT, "http://www.w3.org/2009/xmlenc11#rsa-oaep");
+            properties.put(WSHandlerConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmldsig-more#sha384");
+            properties.put(WSHandlerConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha1");
+
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#rsa-oaep']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha384']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+        //test streaming decryption
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            securityProperties.addIgnoreBSPRule(BSPRule.R5620);
+            securityProperties.addIgnoreBSPRule(BSPRule.R5621);
+
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            //no encrypted content
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+        }
+    }
+
+    /**
+     * rsa-oaep, Digest:SHA512, MGF:SHA1, PSource: Specified 8 bytes
+     */
+
+    @Test
+    public void testKeyWrappingRSAOAEPAESGCM192SHA384MGF1SHA384PSourceOutbound() throws Exception {
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
+            securityProperties.setEncryptionKeyTransportDigestAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha384");
+            securityProperties.setEncryptionKeyTransportMGFAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha384");
+            securityProperties.setEncryptionKeyTransportOAEPParams(Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#rsa-oaep']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha384']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/xenc11:MGF[@Algorithm='http://www.w3.org/2009/xmlenc11#mgf1sha384']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+            NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node child = childNodes.item(i);
+                if (child.getNodeType() == Node.TEXT_NODE) {
+                    Assert.assertEquals(child.getTextContent().trim(), "");
+                } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+                    Assert.assertEquals(child, nodeList.item(0));
+                } else {
+                    Assert.fail("Unexpected Node encountered");
+                }
+            }
+        }
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test(enabled = false) //WSS4J does not support OAEPParams atm
+    public void testKeyWrappingRSAOAEPAESGCM192SHA384MGF1SHA384PSourceInbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.ENCRYPT;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2009/xmlenc11#aes192-gcm");
+            properties.put(WSHandlerConstants.ENC_KEY_TRANSPORT, "http://www.w3.org/2009/xmlenc11#rsa-oaep");
+            properties.put(WSHandlerConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmldsig-more#sha384");
+            properties.put(WSHandlerConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha384");
+            //properties.put(WSHandlerConstants.ENC_OAEP_PARAMS, Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
+
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#rsa-oaep']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod[@Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha384']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:MGF[@Algorithm='http://www.w3.org/2009/xmlenc11#mgf1sha384']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm']");
+            node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+        //test streaming decryption
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            securityProperties.addIgnoreBSPRule(BSPRule.R5620);
+            securityProperties.addIgnoreBSPRule(BSPRule.R5621);
+
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            //no encrypted content
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+        }
+    }
 }



Mime
View raw message