You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ff...@apache.org on 2018/07/24 11:11:39 UTC
[camel] branch master updated: [CAMEL-12679]ensure
camel-xmlsecurity can try key directly to decrypt message
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new cb84ea2 [CAMEL-12679]ensure camel-xmlsecurity can try key directly to decrypt message
cb84ea2 is described below
commit cb84ea2e43ea0ae6e9ba937c02f3b8445ee0973d
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Tue Jul 24 19:11:23 2018 +0800
[CAMEL-12679]ensure camel-xmlsecurity can try key directly to decrypt message
---
.../xmlsecurity/XMLSecurityDataFormat.java | 37 +++++++++++++++++++---
.../camel/dataformat/xmlsecurity/TestHelper.java | 13 ++++++++
.../xmlsecurity/XMLSecurityDataFormatTest.java | 29 +++++++++++++++++
.../component/xmlsecurity/EncryptedMessage.xml | 25 +++++++++++++++
4 files changed, 99 insertions(+), 5 deletions(-)
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
index 1261df2..0e6d21d 100644
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
@@ -612,7 +612,18 @@ public class XMLSecurityDataFormat extends ServiceSupport implements DataFormat,
keyEncryptionKey = generateKeyEncryptionKey("AES");
}
- return decode(exchange, encodedDocument, keyEncryptionKey);
+ Object ret = null;
+ try {
+ ret = decode(exchange, encodedDocument, keyEncryptionKey, true);
+ } catch (org.apache.xml.security.encryption.XMLEncryptionException ex) {
+ if (ex.getMessage().equals("encryption.nokey")) {
+ //the message don't have EncryptionKey, try key directly
+ ret = decode(exchange, encodedDocument, keyEncryptionKey, false);
+ } else {
+ throw ex;
+ }
+ }
+ return ret;
}
private Object decodeWithAsymmetricKey(Exchange exchange, Document encodedDocument) throws Exception {
@@ -628,14 +639,30 @@ public class XMLSecurityDataFormat extends ServiceSupport implements DataFormat,
Key keyEncryptionKey = getPrivateKey(this.keyStore, this.recipientKeyAlias,
this.keyPassword != null ? this.keyPassword : this.keyStorePassword);
- return decode(exchange, encodedDocument, keyEncryptionKey);
+ Object ret = null;
+ try {
+ ret = decode(exchange, encodedDocument, keyEncryptionKey, true);
+ } catch (org.apache.xml.security.encryption.XMLEncryptionException ex) {
+ if (ex.getMessage().equals("encryption.nokey")) {
+ //the message don't have EncryptionKey, try key directly
+ ret = decode(exchange, encodedDocument, keyEncryptionKey, false);
+ } else {
+ throw ex;
+ }
+ }
+ return ret;
}
- private Object decode(Exchange exchange, Document encodedDocument, Key keyEncryptionKey) throws Exception {
+ private Object decode(Exchange exchange, Document encodedDocument, Key keyEncryptionKey,
+ boolean hasEncrytionKey) throws Exception {
XMLCipher xmlCipher = XMLCipher.getInstance();
xmlCipher.setSecureValidation(true);
- xmlCipher.init(XMLCipher.DECRYPT_MODE, null);
- xmlCipher.setKEK(keyEncryptionKey);
+ if (hasEncrytionKey) {
+ xmlCipher.init(XMLCipher.DECRYPT_MODE, null);
+ xmlCipher.setKEK(keyEncryptionKey);
+ } else {
+ xmlCipher.init(XMLCipher.DECRYPT_MODE, keyEncryptionKey);
+ }
if (secureTag.equalsIgnoreCase("")) {
checkEncryptionAlgorithm(keyEncryptionKey, encodedDocument.getDocumentElement());
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
index e23e16c..1d216e0 100644
--- a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/TestHelper.java
@@ -166,6 +166,19 @@ public class TestHelper {
testDecryption(XML_FRAGMENT, context);
}
+ protected void testDecryptionNoEncryptedKey(CamelContext context) throws Exception {
+ MockEndpoint resultEndpoint = context.getEndpoint("mock:decrypted", MockEndpoint.class);
+ resultEndpoint.setExpectedMessageCount(1);
+ context.start();
+ resultEndpoint.assertIsSatisfied(100);
+ Exchange exchange = resultEndpoint.getExchanges().get(0);
+ Document inDoc = getDocumentForInMessage(exchange);
+ XmlConverter converter = new XmlConverter();
+ String xmlStr = converter.toString(inDoc, exchange);
+ log.info(xmlStr);
+ Assert.assertFalse("The XML message has encrypted data.", hasEncryptedData(inDoc));
+ }
+
private boolean hasEncryptedData(Document doc) throws Exception {
NodeList nodeList = doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData");
return nodeList.getLength() > 0;
diff --git a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
index 24d3446..7a69370 100644
--- a/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
+++ b/components/camel-xmlsecurity/src/test/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormatTest.java
@@ -16,6 +16,7 @@
*/
package org.apache.camel.dataformat.xmlsecurity;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -32,6 +33,7 @@ import org.apache.camel.converter.jaxp.XmlConverter;
import org.apache.camel.test.junit4.CamelTestSupport;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.xml.security.encryption.XMLCipher;
+
import org.junit.Assert;
import org.junit.Test;
@@ -165,6 +167,7 @@ public class XMLSecurityDataFormatTest extends CamelTestSupport {
});
xmlsecTestHelper.testEncryption(context);
}
+
@Test
public void testFullPayloadAsymmetricKeyEncryption() throws Exception {
@@ -342,6 +345,32 @@ public class XMLSecurityDataFormatTest extends CamelTestSupport {
});
xmlsecTestHelper.testDecryption(context);
}
+
+ @Test
+ public void testXMLElementDecryptionWithoutEncryptedKey() throws Exception {
+ if (!TestHelper.HAS_3DES) {
+ return;
+ }
+ String passPhrase = "this is a test passphrase";
+
+ byte[] bytes = passPhrase.getBytes();
+ final byte[] keyBytes = Arrays.copyOf(bytes, 24);
+ for (int j = 0, k = 16; j < 8;) {
+ keyBytes[k++] = keyBytes[j++];
+ }
+
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ from("timer://foo?period=5000&repeatCount=1").
+ to("language:constant:resource:classpath:org/apache/camel/component/xmlsecurity/EncryptedMessage.xml")
+ .unmarshal()
+ .secureXML("/*[local-name()='Envelope']/*[local-name()='Body']",
+ true, keyBytes, XMLCipher.TRIPLEDES)
+ .to("mock:decrypted");
+ }
+ });
+ xmlsecTestHelper.testDecryptionNoEncryptedKey(context);
+ }
@Test
public void testPartialPayloadXMLContentDecryptionWithKeyAndAlgorithm() throws Exception {
diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/EncryptedMessage.xml b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/EncryptedMessage.xml
new file mode 100644
index 0000000..74edc8a
--- /dev/null
+++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/EncryptedMessage.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <S:Header>
+ <wsse:Security>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="StaticKeyEncryption" />
+ </xenc:ReferenceList>
+ </wsse:Security>
+ </S:Header>
+ <S:Body>
+ <xenc:EncryptedData Id="StaticKeyEncryption">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc">
+ <KeySize>168</KeySize>
+ </xenc:EncryptionMethod>
+ <ds:KeyInfo>
+ <ds:KeyName>mykey</ds:KeyName>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>yP17O2otQdraY+W42w8i8U/pQQac1g84vWaGWqbS1tgCduFfjhnIz2ZqbFJ6n7Ow1cIeF5HyAoHRGaoDd4gbVw==</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </S:Body>
+</S:Envelope>
+
+