You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ni...@apache.org on 2014/10/24 14:18:16 UTC
[2/3] git commit: CAMEL-7948 Add support for more/new
encryption/signature algorithms with thanks to Colm
CAMEL-7948 Add support for more/new encryption/signature algorithms with thanks to Colm
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/6771c2b2
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/6771c2b2
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/6771c2b2
Branch: refs/heads/master
Commit: 6771c2b2067216197df12dbd76e8a612549a6e4e
Parents: 393ad75
Author: Willem Jiang <wi...@gmail.com>
Authored: Fri Oct 24 20:13:40 2014 +0800
Committer: Willem Jiang <wi...@gmail.com>
Committed: Fri Oct 24 20:13:40 2014 +0800
----------------------------------------------------------------------
.../processor/XmlSignerProcessor.java | 18 +-
.../xmlsecurity/XMLSecurityDataFormat.java | 33 +-
.../xmlsecurity/ECDSASignatureTest.java | 113 +++-
.../xmlsecurity/SignatureAlgorithmTest.java | 632 +++++++++++++++++++
.../xmlsecurity/SignatureDigestMethodTest.java | 514 +++++++++++++++
.../xmlsecurity/EncryptionAlgorithmTest.java | 458 ++++++++++++++
.../dataformat/xmlsecurity/TestHelper.java | 30 +-
7 files changed, 1775 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.java
index 6737976..5e5b7ee 100644
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.java
@@ -62,7 +62,6 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
-
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.component.xmlsecurity.api.KeyAccessor;
@@ -182,17 +181,20 @@ public class XmlSignerProcessor extends XmlSignatureProcessor {
private static final Logger LOG = LoggerFactory.getLogger(XmlSignerProcessor.class);
private static final String SHA512 = "sha512";
-
private static final String SHA384 = "sha384";
-
private static final String SHA256 = "sha256";
-
+ private static final String SHA224 = "sha224";
private static final String SHA1 = "sha1";
+ private static final String RIPEMD160 = "ripemd160";
- private static final String HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384";
+ private static final String HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA224 =
+ "http://www.w3.org/2001/04/xmldsig-more#sha224"; // see RFC 4051
+
+ private static final String HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA384 =
+ "http://www.w3.org/2001/04/xmldsig-more#sha384"; // see RFC 4051
private final XmlSignerConfiguration config;
-
+
public XmlSignerProcessor(XmlSignerConfiguration config) {
this.config = config;
}
@@ -796,12 +798,16 @@ public class XmlSignerProcessor extends XmlSignatureProcessor {
if (signatureAlgorithm != null) {
if (signatureAlgorithm.contains(SHA1)) {
result = DigestMethod.SHA1;
+ } else if (signatureAlgorithm.contains(SHA224)) {
+ result = HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA224;
} else if (signatureAlgorithm.contains(SHA256)) {
result = DigestMethod.SHA256;
} else if (signatureAlgorithm.contains(SHA384)) {
result = HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA384;
} else if (signatureAlgorithm.contains(SHA512)) {
result = DigestMethod.SHA512;
+ } else if (signatureAlgorithm.contains(RIPEMD160)) {
+ return DigestMethod.RIPEMD160;
}
}
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
index 14751f1..8705015 100755
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
@@ -484,10 +484,16 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware {
if (xmlCipherAlgorithm.equals(XMLCipher.TRIPLEDES)) {
keyEncryptionKey = generateKeyEncryptionKey("DESede");
dataEncryptionKey = generateDataEncryptionKey();
+ } else if (xmlCipherAlgorithm.equals(XMLCipher.SEED_128)) {
+ keyEncryptionKey = generateKeyEncryptionKey("SEED");
+ dataEncryptionKey = generateDataEncryptionKey();
+ } else if (xmlCipherAlgorithm.contains("camellia")) {
+ keyEncryptionKey = generateKeyEncryptionKey("CAMELLIA");
+ dataEncryptionKey = generateDataEncryptionKey();
} else {
keyEncryptionKey = generateKeyEncryptionKey("AES");
dataEncryptionKey = generateDataEncryptionKey();
- }
+ }
XMLCipher keyCipher = XMLCipher.getInstance(generateXmlCipherAlgorithmKeyWrap());
keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey);
@@ -667,9 +673,14 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware {
keySpec = new DESedeKeySpec(passPhrase);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algorithm);
secretKey = keyFactory.generateSecret(keySpec);
+ } else if (algorithm.equalsIgnoreCase("SEED")) {
+ secretKey = new SecretKeySpec(passPhrase, "SEED");
+ } else if (algorithm.equalsIgnoreCase("CAMELLIA")) {
+ secretKey = new SecretKeySpec(passPhrase, "CAMELLIA");
} else {
secretKey = new SecretKeySpec(passPhrase, "AES");
}
+
if (Arrays.equals(passPhrase, DEFAULT_KEY.getBytes())) {
LOG.warn("Using the default encryption key is not secure");
}
@@ -691,13 +702,17 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware {
keyGenerator = KeyGenerator.getInstance("AES");
if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128)
- || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)) {
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_128_GCM)
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.SEED_128)
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_128)) {
keyGenerator.init(128);
} else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192)
- || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)) {
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_192_GCM)
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_192)) {
keyGenerator.init(192);
} else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)
- || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) {
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)
+ || xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_256)) {
keyGenerator.init(256);
}
}
@@ -727,7 +742,15 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware {
} else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256)
|| xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.AES_256_GCM)) {
algorithmKeyWrap = XMLCipher.AES_256_KeyWrap;
- }
+ } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.SEED_128)) {
+ algorithmKeyWrap = XMLCipher.SEED_128_KeyWrap;
+ } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_128)) {
+ algorithmKeyWrap = XMLCipher.CAMELLIA_128_KeyWrap;
+ } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_192)) {
+ algorithmKeyWrap = XMLCipher.CAMELLIA_192_KeyWrap;
+ } else if (xmlCipherAlgorithm.equalsIgnoreCase(XMLCipher.CAMELLIA_256)) {
+ algorithmKeyWrap = XMLCipher.CAMELLIA_256_KeyWrap;
+ }
return algorithmKeyWrap;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/ECDSASignatureTest.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/ECDSASignatureTest.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/ECDSASignatureTest.java
index 7e35d99..6eebba9 100644
--- a/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/ECDSASignatureTest.java
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/ECDSASignatureTest.java
@@ -30,7 +30,6 @@ import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import org.w3c.dom.Node;
-
import org.apache.camel.Message;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
@@ -42,7 +41,7 @@ import org.junit.Before;
import org.junit.Test;
/**
- * Test for the ECDSA algorithm.
+ * Test for the ECDSA algorithms
*/
public class ECDSASignatureTest extends CamelTestSupport {
@@ -53,8 +52,8 @@ public class ECDSASignatureTest extends CamelTestSupport {
public ECDSASignatureTest() throws Exception {
try {
- // BouncyCastle is required for ECDSA support for JDK 1.6
- if (isJava16() && Security.getProvider("BC") == null) {
+ // BouncyCastle is required for some algorithms
+ if (Security.getProvider("BC") == null) {
Constructor<?> cons;
Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
cons = c.getConstructor(new Class[] {});
@@ -97,14 +96,64 @@ public class ECDSASignatureTest extends CamelTestSupport {
return new RouteBuilder[] {new RouteBuilder() {
public void configure() throws Exception {
// START SNIPPET: ecdsa signature algorithm
- from("direct:ecdsa")
- .to("xmlsecurity:sign://ecdsa?keyAccessor=#accessor"
+ from("direct:ecdsa_sha1")
+ .to("xmlsecurity:sign://ecdsa_sha1?keyAccessor=#accessor"
+ "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1")
// .log("Body: + ${body}")
.to("xmlsecurity:verify://ecdsa?keySelector=#selector")
.to("mock:result");
// END SNIPPET: ecdsa signature algorithm
}
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: ecdsa signature algorithm
+ from("direct:ecdsa_sha224")
+ .to("xmlsecurity:sign://ecdsa_sha224?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224")
+ .to("xmlsecurity:verify://ecdsa?keySelector=#selector")
+ .to("mock:result");
+ // END SNIPPET: ecdsa signature algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: ecdsa signature algorithm
+ from("direct:ecdsa_sha256")
+ .to("xmlsecurity:sign://ecdsa_sha256?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256")
+ .to("xmlsecurity:verify://ecdsa?keySelector=#selector")
+ .to("mock:result");
+ // END SNIPPET: ecdsa signature algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: ecdsa signature algorithm
+ from("direct:ecdsa_sha384")
+ .to("xmlsecurity:sign://ecdsa_sha384?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384")
+ .to("xmlsecurity:verify://ecdsa?keySelector=#selector")
+ .to("mock:result");
+ // END SNIPPET: ecdsa signature algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: ecdsa signature algorithm
+ from("direct:ecdsa_sha512")
+ .to("xmlsecurity:sign://ecdsa_sha512?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512")
+ .to("xmlsecurity:verify://ecdsa?keySelector=#selector")
+ .to("mock:result");
+ // END SNIPPET: ecdsa signature algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: ecdsa signature algorithm
+ from("direct:ecdsa_ripemd160")
+ .to("xmlsecurity:sign://ecdsa_ripemd160?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160")
+ .to("xmlsecurity:verify://ecdsa?keySelector=#selector")
+ .to("mock:result");
+ // END SNIPPET: ecdsa signature algorithm
+ }
}
};
@@ -116,7 +165,57 @@ public class ECDSASignatureTest extends CamelTestSupport {
return;
}
setupMock();
- sendBody("direct:ecdsa", payload);
+ sendBody("direct:ecdsa_sha1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testECDSASHA224() throws Exception {
+ if (!canTest) {
+ return;
+ }
+ setupMock();
+ sendBody("direct:ecdsa_sha224", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testECDSASHA256() throws Exception {
+ if (!canTest) {
+ return;
+ }
+ setupMock();
+ sendBody("direct:ecdsa_sha256", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testECDSASHA384() throws Exception {
+ if (!canTest) {
+ return;
+ }
+ setupMock();
+ sendBody("direct:ecdsa_sha384", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testECDSASHA512() throws Exception {
+ if (!canTest) {
+ return;
+ }
+ setupMock();
+ sendBody("direct:ecdsa_sha512", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testECDSARIPEMD160() throws Exception {
+ if (!canTest) {
+ return;
+ }
+ setupMock();
+ sendBody("direct:ecdsa_ripemd160", payload);
assertMockEndpointsSatisfied();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureAlgorithmTest.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureAlgorithmTest.java
new file mode 100644
index 0000000..230bc3b
--- /dev/null
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureAlgorithmTest.java
@@ -0,0 +1,632 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xmlsecurity;
+
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.Message;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.component.xmlsecurity.api.KeyAccessor;
+import org.apache.camel.component.xmlsecurity.api.ValidationFailedHandler;
+import org.apache.camel.component.xmlsecurity.api.XmlSignature2Message;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties;
+import org.apache.camel.component.xmlsecurity.util.EnvelopingXmlSignatureChecker;
+import org.apache.camel.component.xmlsecurity.util.SameDocumentUriDereferencer;
+import org.apache.camel.component.xmlsecurity.util.TestKeystore;
+import org.apache.camel.component.xmlsecurity.util.TimestampProperty;
+import org.apache.camel.component.xmlsecurity.util.ValidationFailedHandlerIgnoreManifestFailures;
+import org.apache.camel.component.xmlsecurity.util.XmlSignature2Message2MessageWithTimestampProperty;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.camel.impl.JndiRegistry;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.junit.Before;
+import org.junit.Test;
+import org.w3c.dom.Node;
+
+/**
+ * Test signing using all available signature methods, apart from EC-algorithms which are
+ * tested in ECDSASignatureTest.
+ */
+public class SignatureAlgorithmTest extends CamelTestSupport {
+
+ private static String payload = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ + "<root xmlns=\"http://test/test\"><test>Test Message</test></root>";
+ private KeyPair keyPair;
+
+ public SignatureAlgorithmTest() throws Exception {
+ // BouncyCastle is required for some algorithms
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons;
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ @Override
+ protected JndiRegistry createRegistry() throws Exception {
+ JndiRegistry registry = super.createRegistry();
+
+ Key secretKey = getSecretKey("testkey".getBytes("ASCII"));
+
+ registry.bind("accessor", getKeyAccessor(keyPair.getPrivate()));
+ registry.bind("secretKeyAccessor", getKeyAccessor(secretKey));
+ registry.bind("canonicalizationMethod1", getCanonicalizationMethod());
+ registry.bind("selector", KeySelector.singletonKeySelector(keyPair.getPublic()));
+ registry.bind("secretKeySelector", KeySelector.singletonKeySelector(secretKey));
+ registry.bind("selectorKeyValue", getKeyValueKeySelector());
+ registry.bind("uriDereferencer", getSameDocumentUriDereferencer());
+ registry.bind("baseUri", getBaseUri());
+ registry.bind("cryptoContextProperties", getCrytoContextProperties());
+ registry.bind("keyAccessorDefault", getDefaultKeyAccessor());
+ registry.bind("keySelectorDefault", getDefaultKeySelector());
+ registry.bind("envelopingSignatureChecker", getEnvelopingXmlSignatureChecker());
+ registry.bind("xmlSignature2MessageWithTimestampProperty", getXmlSignature2MessageWithTimestampdProperty());
+ registry.bind("validationFailedHandlerIgnoreManifestFailures", getValidationFailedHandlerIgnoreManifestFailures());
+ registry.bind("signatureProperties", getSignatureProperties());
+ registry.bind("nodesearchxpath", getNodeSerachXPath());
+ Map<String, String> namespaceMap = Collections.singletonMap("ns", "http://test");
+ List<XPathFilterParameterSpec> xpaths = Collections
+ .singletonList(XmlSignatureHelper.getXpathFilter("/ns:root/a/@ID", namespaceMap));
+ registry.bind("xpathsToIdAttributes", xpaths);
+
+ registry.bind("parentXpathBean", getParentXPathBean());
+
+ return registry;
+ }
+
+ @Override
+ protected RouteBuilder[] createRouteBuilders() throws Exception {
+ return new RouteBuilder[] {new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacsha1")
+ .to("xmlsecurity:sign://hmacsha1?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2000/09/xmldsig#hmac-sha1")
+ // .log("Body: + ${body}")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacsha224")
+ .to("xmlsecurity:sign://hmacsha224?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#hmac-sha224")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacsha256")
+ .to("xmlsecurity:sign://hmacsha256?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#hmac-sha256")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacsha384")
+ .to("xmlsecurity:sign://hmacsha384?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#hmac-sha384")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacsha512")
+ .to("xmlsecurity:sign://hmacsha512?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#hmac-sha512")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:hmacripemd160")
+ .to("xmlsecurity:sign://hmacripemd160?keyAccessor=#secretKeyAccessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#secretKeySelector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha1")
+ .to("xmlsecurity:sign://rsasha1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha224")
+ .to("xmlsecurity:sign://rsasha224?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha224")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha256")
+ .to("xmlsecurity:sign://rsasha256?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha384")
+ .to("xmlsecurity:sign://rsasha384?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha384")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha512")
+ .to("xmlsecurity:sign://rsasha512?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha512")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsaripemd160")
+ .to("xmlsecurity:sign://rsaripemd160?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha1_mgf1")
+ .to("xmlsecurity:sign://rsasha1_mgf1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha224_mgf1")
+ .to("xmlsecurity:sign://rsasha224_mgf1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha256_mgf1")
+ .to("xmlsecurity:sign://rsasha256_mgf1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha384_mgf1")
+ .to("xmlsecurity:sign://rsasha384_mgf1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:rsasha512_mgf1")
+ .to("xmlsecurity:sign://rsasha512_mgf1?keyAccessor=#accessor"
+ + "&signatureAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }};
+ }
+
+ //
+ // Secret Key algorithms
+ //
+ @Test
+ public void testHMACSHA1() throws Exception {
+ setupMock();
+ sendBody("direct:hmacsha1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testHMACSHA224() throws Exception {
+ setupMock();
+ sendBody("direct:hmacsha224", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testHMACSHA256() throws Exception {
+ setupMock();
+ sendBody("direct:hmacsha256", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testHMACSHA384() throws Exception {
+ setupMock();
+ sendBody("direct:hmacsha384", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testHMACSHA512() throws Exception {
+ setupMock();
+ sendBody("direct:hmacsha512", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testHMACRIPEMD160() throws Exception {
+ setupMock();
+ sendBody("direct:hmacripemd160", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ //
+ // Public Key algorithms
+ //
+ @Test
+ public void testRSASHA1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA224() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha224", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA256() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha256", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA384() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha384", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA512() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha512", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSARIPEMD160() throws Exception {
+ setupMock();
+ sendBody("direct:rsaripemd160", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA1_MGF1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha1_mgf1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA224_MGF1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha224_mgf1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA256_MGF1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha256_mgf1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA384_MGF1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha384_mgf1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRSASHA512_MGF1() throws Exception {
+ setupMock();
+ sendBody("direct:rsasha512_mgf1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ private MockEndpoint setupMock() {
+ return setupMock(payload);
+ }
+
+ private MockEndpoint setupMock(String payload) {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedBodiesReceived(payload);
+ return mock;
+ }
+
+ public Exchange doTestSignatureRoute(RouteBuilder builder) throws Exception {
+ return doSignatureRouteTest(builder, null, Collections.<String, Object> emptyMap());
+ }
+
+ public Exchange doSignatureRouteTest(RouteBuilder builder, Exchange e, Map<String, Object> headers) throws Exception {
+ CamelContext context = new DefaultCamelContext();
+ try {
+ context.addRoutes(builder);
+ context.start();
+
+ MockEndpoint mock = context.getEndpoint("mock:result", MockEndpoint.class);
+ mock.setExpectedMessageCount(1);
+
+ ProducerTemplate template = context.createProducerTemplate();
+ if (e != null) {
+ template.send("direct:in", e);
+ } else {
+ template.sendBodyAndHeaders("direct:in", payload, headers);
+ }
+ assertMockEndpointsSatisfied();
+ return mock.getReceivedExchanges().get(0);
+ } finally {
+ context.stop();
+ }
+ }
+
+ @Before
+ public void setUp() throws Exception {
+ setUpKeys("RSA", 2048);
+ disableJMX();
+ super.setUp();
+ }
+
+ public void setUpKeys(String algorithm, int keylength) throws Exception {
+ keyPair = getKeyPair(algorithm, keylength);
+ }
+
+ public static KeyPair getKeyPair(String algorithm, int keylength) {
+ KeyPairGenerator keyGen;
+ try {
+ keyGen = KeyPairGenerator.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ keyGen.initialize(keylength, new SecureRandom());
+ return keyGen.generateKeyPair();
+ }
+
+ public static KeyStore loadKeystore() throws Exception {
+ KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+ InputStream in = SignatureAlgorithmTest.class.getResourceAsStream("/bob.keystore");
+ keystore.load(in, "letmein".toCharArray());
+ return keystore;
+ }
+
+ public Certificate getCertificateFromKeyStore() throws Exception {
+ Certificate c = loadKeystore().getCertificate("bob");
+ return c;
+ }
+
+ public PrivateKey getKeyFromKeystore() throws Exception {
+ return (PrivateKey) loadKeystore().getKey("bob", "letmein".toCharArray());
+ }
+
+ private AlgorithmMethod getCanonicalizationMethod() {
+ List<String> inclusivePrefixes = new ArrayList<String>(1);
+ inclusivePrefixes.add("ds");
+ return XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, inclusivePrefixes);
+ }
+
+ static KeyAccessor getKeyAccessor(final Key key) {
+ KeyAccessor accessor = new KeyAccessor() {
+
+ @Override
+ public KeySelector getKeySelector(Message message) throws Exception {
+ return KeySelector.singletonKeySelector(key);
+ }
+
+ @Override
+ public KeyInfo getKeyInfo(Message mess, Node messageBody, KeyInfoFactory keyInfoFactory) throws Exception {
+ return null;
+ }
+ };
+ return accessor;
+ }
+
+ public static String getBaseUri() {
+ String uri = "file:/" + System.getProperty("user.dir") + "/src/test/resources/org/apache/camel/component/xmlsecurity/";
+ return uri.replace('\\', '/');
+ }
+
+ public static KeySelector getKeyValueKeySelector() {
+ return new KeyValueKeySelector();
+ }
+
+ /**
+ * KeySelector which retrieves the public key from the KeyValue element and
+ * returns it. NOTE: If the key algorithm doesn't match signature algorithm,
+ * then the public key will be ignored.
+ */
+ static class KeyValueKeySelector extends KeySelector {
+ public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+ if (keyInfo == null) {
+ throw new KeySelectorException("Null KeyInfo object!");
+ }
+
+ SignatureMethod sm = (SignatureMethod) method;
+ @SuppressWarnings("rawtypes")
+ List list = keyInfo.getContent();
+
+ for (int i = 0; i < list.size(); i++) {
+ XMLStructure xmlStructure = (XMLStructure) list.get(i);
+ if (xmlStructure instanceof KeyValue) {
+ PublicKey pk = null;
+ try {
+ pk = ((KeyValue) xmlStructure).getPublicKey();
+ } catch (KeyException ke) {
+ throw new KeySelectorException(ke);
+ }
+ // make sure algorithm is compatible with method
+ if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
+ return new SimpleKeySelectorResult(pk);
+ }
+ }
+ }
+ throw new KeySelectorException("No KeyValue element found!");
+ }
+
+ static boolean algEquals(String algURI, String algName) {
+ return (algName.equalsIgnoreCase("DSA") && algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1))
+ || (algName.equalsIgnoreCase("RSA") && algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1));
+ }
+ }
+
+ private static class SimpleKeySelectorResult implements KeySelectorResult {
+ private PublicKey pk;
+
+ SimpleKeySelectorResult(PublicKey pk) {
+ this.pk = pk;
+ }
+
+ public Key getKey() {
+ return pk;
+ }
+ }
+
+ public static Map<String, ? extends Object> getCrytoContextProperties() {
+ return Collections.singletonMap("org.jcp.xml.dsig.validateManifests", Boolean.FALSE);
+ }
+
+ public static KeyAccessor getDefaultKeyAccessor() throws Exception {
+ return TestKeystore.getKeyAccessor("bob");
+ }
+
+ public static KeySelector getDefaultKeySelector() throws Exception {
+ return TestKeystore.getKeySelector("bob");
+ }
+
+ public static KeyAccessor getDefaultKeyAccessorDsa() throws Exception {
+ return TestKeystore.getKeyAccessor("bobdsa");
+ }
+
+ public static KeySelector getDefaultKeySelectorDsa() throws Exception {
+ return TestKeystore.getKeySelector("bobdsa");
+ }
+
+ public static XmlSignatureChecker getEnvelopingXmlSignatureChecker() {
+ return new EnvelopingXmlSignatureChecker();
+ }
+
+ public static XmlSignature2Message getXmlSignature2MessageWithTimestampdProperty() {
+ return new XmlSignature2Message2MessageWithTimestampProperty();
+ }
+
+ public static ValidationFailedHandler getValidationFailedHandlerIgnoreManifestFailures() {
+ return new ValidationFailedHandlerIgnoreManifestFailures();
+ }
+
+ public static XmlSignatureProperties getSignatureProperties() {
+ return new TimestampProperty();
+ }
+
+ public static XPathFilterParameterSpec getNodeSerachXPath() {
+ Map<String, String> prefix2Namespace = Collections.singletonMap("pre", "http://test/test");
+ return XmlSignatureHelper.getXpathFilter("//pre:root", prefix2Namespace);
+ }
+
+ public static URIDereferencer getSameDocumentUriDereferencer() {
+ return SameDocumentUriDereferencer.getInstance();
+ }
+
+ public static XPathFilterParameterSpec getParentXPathBean() {
+ Map<String, String> prefix2Namespace = Collections.singletonMap("ns", "http://test");
+ return XmlSignatureHelper.getXpathFilter("/ns:root/a[last()]", prefix2Namespace);
+ }
+
+ public static SecretKey getSecretKey(final byte[] secret) {
+ return new SecretKey() {
+ private static final long serialVersionUID = 5629454124145851381L;
+
+ public String getFormat() { return "RAW"; }
+ public byte[] getEncoded() { return secret; }
+ public String getAlgorithm(){ return "SECRET"; }
+ };
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureDigestMethodTest.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureDigestMethodTest.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureDigestMethodTest.java
new file mode 100644
index 0000000..1adba0b
--- /dev/null
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/component/xmlsecurity/SignatureDigestMethodTest.java
@@ -0,0 +1,514 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xmlsecurity;
+
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.Message;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.component.xmlsecurity.api.KeyAccessor;
+import org.apache.camel.component.xmlsecurity.api.ValidationFailedHandler;
+import org.apache.camel.component.xmlsecurity.api.XmlSignature2Message;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper;
+import org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties;
+import org.apache.camel.component.xmlsecurity.util.EnvelopingXmlSignatureChecker;
+import org.apache.camel.component.xmlsecurity.util.SameDocumentUriDereferencer;
+import org.apache.camel.component.xmlsecurity.util.TestKeystore;
+import org.apache.camel.component.xmlsecurity.util.TimestampProperty;
+import org.apache.camel.component.xmlsecurity.util.ValidationFailedHandlerIgnoreManifestFailures;
+import org.apache.camel.component.xmlsecurity.util.XmlSignature2Message2MessageWithTimestampProperty;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.camel.impl.JndiRegistry;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.junit.Before;
+import org.junit.Test;
+import org.w3c.dom.Node;
+
+/**
+ * Test signing using all available digest methods
+ */
+public class SignatureDigestMethodTest extends CamelTestSupport {
+
+ private static String payload = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ + "<root xmlns=\"http://test/test\"><test>Test Message</test></root>";
+ private KeyPair keyPair;
+
+ public SignatureDigestMethodTest() throws Exception {
+ // BouncyCastle is required for some algorithms
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons;
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ @Override
+ protected JndiRegistry createRegistry() throws Exception {
+ JndiRegistry registry = super.createRegistry();
+
+ registry.bind("accessor", getKeyAccessor(keyPair.getPrivate()));
+ registry.bind("canonicalizationMethod1", getCanonicalizationMethod());
+ registry.bind("selector", KeySelector.singletonKeySelector(keyPair.getPublic()));
+ registry.bind("selectorKeyValue", getKeyValueKeySelector());
+ registry.bind("uriDereferencer", getSameDocumentUriDereferencer());
+ registry.bind("baseUri", getBaseUri());
+ registry.bind("cryptoContextProperties", getCrytoContextProperties());
+ registry.bind("keyAccessorDefault", getDefaultKeyAccessor());
+ registry.bind("keySelectorDefault", getDefaultKeySelector());
+ registry.bind("envelopingSignatureChecker", getEnvelopingXmlSignatureChecker());
+ registry.bind("xmlSignature2MessageWithTimestampProperty", getXmlSignature2MessageWithTimestampdProperty());
+ registry.bind("validationFailedHandlerIgnoreManifestFailures", getValidationFailedHandlerIgnoreManifestFailures());
+ registry.bind("signatureProperties", getSignatureProperties());
+ registry.bind("nodesearchxpath", getNodeSerachXPath());
+ Map<String, String> namespaceMap = Collections.singletonMap("ns", "http://test");
+ List<XPathFilterParameterSpec> xpaths = Collections
+ .singletonList(XmlSignatureHelper.getXpathFilter("/ns:root/a/@ID", namespaceMap));
+ registry.bind("xpathsToIdAttributes", xpaths);
+
+ registry.bind("parentXpathBean", getParentXPathBean());
+
+ return registry;
+ }
+
+ @Override
+ protected RouteBuilder[] createRouteBuilders() throws Exception {
+ return new RouteBuilder[] {new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha1")
+ .to("xmlsecurity:sign://sha1?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2000/09/xmldsig#sha1")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha224")
+ .to("xmlsecurity:sign://sha224?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2001/04/xmldsig-more#sha224")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha256")
+ .to("xmlsecurity:sign://sha256?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha256")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha384")
+ .to("xmlsecurity:sign://sha384?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2001/04/xmldsig-more#sha384")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha512")
+ .to("xmlsecurity:sign://sha512?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha512")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:ripemd160")
+ .to("xmlsecurity:sign://ripemd160?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#ripemd160")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:whirlpool")
+ .to("xmlsecurity:sign://whirlpool?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2007/05/xmldsig-more#whirlpool")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha3_224")
+ .to("xmlsecurity:sign://sha3_224?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha3-224")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha3_256")
+ .to("xmlsecurity:sign://sha3_256?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha3-256")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha3_384")
+ .to("xmlsecurity:sign://sha3_384?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha3-384")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ // START SNIPPET: signature and digest algorithm
+ from("direct:sha3_512")
+ .to("xmlsecurity:sign://sha3_512?keyAccessor=#accessor"
+ + "&digestAlgorithm=http://www.w3.org/2007/05/xmldsig-more#sha3-512")
+ .to("xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selector").to("mock:result");
+ // END SNIPPET: signature and digest algorithm
+ }
+ }};
+ }
+
+ @Test
+ public void testSHA1() throws Exception {
+ setupMock();
+ sendBody("direct:sha1", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA224() throws Exception {
+ setupMock();
+ sendBody("direct:sha224", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA256() throws Exception {
+ setupMock();
+ sendBody("direct:sha256", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA384() throws Exception {
+ setupMock();
+ sendBody("direct:sha384", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA512() throws Exception {
+ setupMock();
+ sendBody("direct:sha512", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testRIPEMD160() throws Exception {
+ setupMock();
+ sendBody("direct:ripemd160", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testWHIRLPOOL() throws Exception {
+ setupMock();
+ sendBody("direct:whirlpool", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA3_224() throws Exception {
+ setupMock();
+ sendBody("direct:sha3_224", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA3_256() throws Exception {
+ setupMock();
+ sendBody("direct:sha3_256", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA3_384() throws Exception {
+ setupMock();
+ sendBody("direct:sha3_384", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testSHA3_512() throws Exception {
+ setupMock();
+ sendBody("direct:sha3_512", payload);
+ assertMockEndpointsSatisfied();
+ }
+
+ private MockEndpoint setupMock() {
+ return setupMock(payload);
+ }
+
+ private MockEndpoint setupMock(String payload) {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedBodiesReceived(payload);
+ return mock;
+ }
+
+ public Exchange doTestSignatureRoute(RouteBuilder builder) throws Exception {
+ return doSignatureRouteTest(builder, null, Collections.<String, Object> emptyMap());
+ }
+
+ public Exchange doSignatureRouteTest(RouteBuilder builder, Exchange e, Map<String, Object> headers) throws Exception {
+ CamelContext context = new DefaultCamelContext();
+ try {
+ context.addRoutes(builder);
+ context.start();
+
+ MockEndpoint mock = context.getEndpoint("mock:result", MockEndpoint.class);
+ mock.setExpectedMessageCount(1);
+
+ ProducerTemplate template = context.createProducerTemplate();
+ if (e != null) {
+ template.send("direct:in", e);
+ } else {
+ template.sendBodyAndHeaders("direct:in", payload, headers);
+ }
+ assertMockEndpointsSatisfied();
+ return mock.getReceivedExchanges().get(0);
+ } finally {
+ context.stop();
+ }
+ }
+
+ @Before
+ public void setUp() throws Exception {
+ setUpKeys("RSA", 1024);
+ disableJMX();
+ super.setUp();
+ }
+
+ public void setUpKeys(String algorithm, int keylength) throws Exception {
+ keyPair = getKeyPair(algorithm, keylength);
+ }
+
+ public static KeyPair getKeyPair(String algorithm, int keylength) {
+ KeyPairGenerator keyGen;
+ try {
+ keyGen = KeyPairGenerator.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ keyGen.initialize(keylength, new SecureRandom());
+ return keyGen.generateKeyPair();
+ }
+
+ public static KeyStore loadKeystore() throws Exception {
+ KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+ InputStream in = SignatureDigestMethodTest.class.getResourceAsStream("/bob.keystore");
+ keystore.load(in, "letmein".toCharArray());
+ return keystore;
+ }
+
+ public Certificate getCertificateFromKeyStore() throws Exception {
+ Certificate c = loadKeystore().getCertificate("bob");
+ return c;
+ }
+
+ public PrivateKey getKeyFromKeystore() throws Exception {
+ return (PrivateKey) loadKeystore().getKey("bob", "letmein".toCharArray());
+ }
+
+ private AlgorithmMethod getCanonicalizationMethod() {
+ List<String> inclusivePrefixes = new ArrayList<String>(1);
+ inclusivePrefixes.add("ds");
+ return XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, inclusivePrefixes);
+ }
+
+ static KeyAccessor getKeyAccessor(final PrivateKey privateKey) {
+ KeyAccessor accessor = new KeyAccessor() {
+
+ @Override
+ public KeySelector getKeySelector(Message message) throws Exception {
+ return KeySelector.singletonKeySelector(privateKey);
+ }
+
+ @Override
+ public KeyInfo getKeyInfo(Message mess, Node messageBody, KeyInfoFactory keyInfoFactory) throws Exception {
+ return null;
+ }
+ };
+ return accessor;
+ }
+
+ public static String getBaseUri() {
+ String uri = "file:/" + System.getProperty("user.dir") + "/src/test/resources/org/apache/camel/component/xmlsecurity/";
+ return uri.replace('\\', '/');
+ }
+
+ public static KeySelector getKeyValueKeySelector() {
+ return new KeyValueKeySelector();
+ }
+
+ /**
+ * KeySelector which retrieves the public key from the KeyValue element and
+ * returns it. NOTE: If the key algorithm doesn't match signature algorithm,
+ * then the public key will be ignored.
+ */
+ static class KeyValueKeySelector extends KeySelector {
+ public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+ if (keyInfo == null) {
+ throw new KeySelectorException("Null KeyInfo object!");
+ }
+
+ SignatureMethod sm = (SignatureMethod) method;
+ @SuppressWarnings("rawtypes")
+ List list = keyInfo.getContent();
+
+ for (int i = 0; i < list.size(); i++) {
+ XMLStructure xmlStructure = (XMLStructure) list.get(i);
+ if (xmlStructure instanceof KeyValue) {
+ PublicKey pk = null;
+ try {
+ pk = ((KeyValue) xmlStructure).getPublicKey();
+ } catch (KeyException ke) {
+ throw new KeySelectorException(ke);
+ }
+ // make sure algorithm is compatible with method
+ if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
+ return new SimpleKeySelectorResult(pk);
+ }
+ }
+ }
+ throw new KeySelectorException("No KeyValue element found!");
+ }
+
+ static boolean algEquals(String algURI, String algName) {
+ return (algName.equalsIgnoreCase("DSA") && algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1))
+ || (algName.equalsIgnoreCase("RSA") && algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1));
+ }
+ }
+
+ private static class SimpleKeySelectorResult implements KeySelectorResult {
+ private PublicKey pk;
+
+ SimpleKeySelectorResult(PublicKey pk) {
+ this.pk = pk;
+ }
+
+ public Key getKey() {
+ return pk;
+ }
+ }
+
+ public static Map<String, ? extends Object> getCrytoContextProperties() {
+ return Collections.singletonMap("org.jcp.xml.dsig.validateManifests", Boolean.FALSE);
+ }
+
+ public static KeyAccessor getDefaultKeyAccessor() throws Exception {
+ return TestKeystore.getKeyAccessor("bob");
+ }
+
+ public static KeySelector getDefaultKeySelector() throws Exception {
+ return TestKeystore.getKeySelector("bob");
+ }
+
+ public static KeyAccessor getDefaultKeyAccessorDsa() throws Exception {
+ return TestKeystore.getKeyAccessor("bobdsa");
+ }
+
+ public static KeySelector getDefaultKeySelectorDsa() throws Exception {
+ return TestKeystore.getKeySelector("bobdsa");
+ }
+
+ public static XmlSignatureChecker getEnvelopingXmlSignatureChecker() {
+ return new EnvelopingXmlSignatureChecker();
+ }
+
+ public static XmlSignature2Message getXmlSignature2MessageWithTimestampdProperty() {
+ return new XmlSignature2Message2MessageWithTimestampProperty();
+ }
+
+ public static ValidationFailedHandler getValidationFailedHandlerIgnoreManifestFailures() {
+ return new ValidationFailedHandlerIgnoreManifestFailures();
+ }
+
+ public static XmlSignatureProperties getSignatureProperties() {
+ return new TimestampProperty();
+ }
+
+ public static XPathFilterParameterSpec getNodeSerachXPath() {
+ Map<String, String> prefix2Namespace = Collections.singletonMap("pre", "http://test/test");
+ return XmlSignatureHelper.getXpathFilter("//pre:root", prefix2Namespace);
+ }
+
+ public static URIDereferencer getSameDocumentUriDereferencer() {
+ return SameDocumentUriDereferencer.getInstance();
+ }
+
+ public static XPathFilterParameterSpec getParentXPathBean() {
+ Map<String, String> prefix2Namespace = Collections.singletonMap("ns", "http://test");
+ return XmlSignatureHelper.getXpathFilter("/ns:root/a[last()]", prefix2Namespace);
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/camel/blob/6771c2b2/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/EncryptionAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/EncryptionAlgorithmTest.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/EncryptionAlgorithmTest.java
new file mode 100644
index 0000000..bdb2853
--- /dev/null
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/EncryptionAlgorithmTest.java
@@ -0,0 +1,458 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.dataformat.xmlsecurity;
+
+import java.lang.reflect.Constructor;
+import java.security.Provider;
+import java.security.Security;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.xml.transform.OutputKeys;
+
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.converter.jaxp.XmlConverter;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.apache.camel.util.jsse.KeyStoreParameters;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.junit.Test;
+
+/**
+ * Test all available encryption algorithms
+ */
+public class EncryptionAlgorithmTest extends CamelTestSupport {
+
+ TestHelper xmlsecTestHelper = new TestHelper();
+
+ public EncryptionAlgorithmTest() throws Exception {
+ // BouncyCastle is required for some algorithms
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons;
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ @Override
+ public boolean isUseRouteBuilder() {
+ return false;
+ }
+
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+ context.getProperties().put(XmlConverter.OUTPUT_PROPERTIES_PREFIX + OutputKeys.ENCODING, "UTF-8");
+ }
+
+ @Test
+ public void testAES128() throws Exception {
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(128);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testAES128_GCM() throws Exception {
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(128);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128_GCM);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+
+ @Test
+ public void testAES192() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(192);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_192);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testAES192_GCM() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(192);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_192_GCM);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+
+ @Test
+ public void testAES256() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(256);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_256);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testAES256_GCM() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(256);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_256_GCM);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testTRIPLE_DES() throws Exception {
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("DESede");
+ keygen.init(192);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.TRIPLEDES);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testSEED_128() throws Exception {
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("SEED");
+ keygen.init(128);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.SEED_128);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testCAMELLIA_128() throws Exception {
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("CAMELLIA");
+ keygen.init(128);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.CAMELLIA_128);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testCAMELLIA_192() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("CAMELLIA");
+ keygen.init(192);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.CAMELLIA_192);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testCAMELLIA_256() throws Exception {
+ if (!TestHelper.UNRESTRICTED_POLICIES_INSTALLED) {
+ return;
+ }
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("CAMELLIA");
+ keygen.init(256);
+ SecretKey key = keygen.generateKey();
+
+ final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
+ xmlEncDataFormat.setPassPhrase(key.getEncoded());
+ xmlEncDataFormat.setSecureTagContents(true);
+ xmlEncDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.CAMELLIA_256);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(xmlEncDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(xmlEncDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testRSAOAEPKW() throws Exception {
+ final XMLSecurityDataFormat sendingDataFormat = new XMLSecurityDataFormat();
+ sendingDataFormat.setSecureTagContents(true);
+ sendingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ sendingDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+ sendingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
+ sendingDataFormat.setRecipientKeyAlias("recipient");
+
+ KeyStoreParameters tsParameters = new KeyStoreParameters();
+ tsParameters.setPassword("password");
+ tsParameters.setResource("sender.ts");
+ sendingDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+
+ final XMLSecurityDataFormat receivingDataFormat = new XMLSecurityDataFormat();
+ receivingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
+ receivingDataFormat.setRecipientKeyAlias("recipient");
+ receivingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+
+ KeyStoreParameters ksParameters = new KeyStoreParameters();
+ ksParameters.setPassword("password");
+ ksParameters.setResource("recipient.ks");
+ receivingDataFormat.setKeyOrTrustStoreParameters(ksParameters);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(sendingDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(receivingDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testRSAv15KW() throws Exception {
+ final XMLSecurityDataFormat sendingDataFormat = new XMLSecurityDataFormat();
+ sendingDataFormat.setSecureTagContents(true);
+ sendingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ sendingDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+ sendingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_v1dot5);
+ sendingDataFormat.setRecipientKeyAlias("recipient");
+
+ KeyStoreParameters tsParameters = new KeyStoreParameters();
+ tsParameters.setPassword("password");
+ tsParameters.setResource("sender.ts");
+ sendingDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+
+ final XMLSecurityDataFormat receivingDataFormat = new XMLSecurityDataFormat();
+ receivingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_v1dot5);
+ receivingDataFormat.setRecipientKeyAlias("recipient");
+ receivingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+
+ KeyStoreParameters ksParameters = new KeyStoreParameters();
+ ksParameters.setPassword("password");
+ ksParameters.setResource("recipient.ks");
+ receivingDataFormat.setKeyOrTrustStoreParameters(ksParameters);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(sendingDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(receivingDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+
+ @Test
+ public void testRSAOAEP11KW() throws Exception {
+ final XMLSecurityDataFormat sendingDataFormat = new XMLSecurityDataFormat();
+ sendingDataFormat.setSecureTagContents(true);
+ sendingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+ sendingDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
+ sendingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11);
+ sendingDataFormat.setRecipientKeyAlias("recipient");
+
+ KeyStoreParameters tsParameters = new KeyStoreParameters();
+ tsParameters.setPassword("password");
+ tsParameters.setResource("sender.ts");
+ sendingDataFormat.setKeyOrTrustStoreParameters(tsParameters);
+
+ final XMLSecurityDataFormat receivingDataFormat = new XMLSecurityDataFormat();
+ receivingDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP_11);
+ receivingDataFormat.setRecipientKeyAlias("recipient");
+ receivingDataFormat.setSecureTag("//cheesesites/italy/cheese");
+
+ KeyStoreParameters ksParameters = new KeyStoreParameters();
+ ksParameters.setPassword("password");
+ ksParameters.setResource("recipient.ks");
+ receivingDataFormat.setKeyOrTrustStoreParameters(ksParameters);
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("direct:start")
+ .marshal(sendingDataFormat).to("mock:encrypted")
+ .log("Body: + ${body}")
+ .unmarshal(receivingDataFormat).to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryption(context);
+ }
+}