You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2021/09/09 16:19:23 UTC
[santuario-xml-security-java] branch 2.2.x-fixes updated:
SANTUARIO-579 - Adding test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/2.2.x-fixes by this push:
new a8d630f SANTUARIO-579 - Adding test
a8d630f is described below
commit a8d630fae8c42a9b3bff78af1c93646d682ce2f4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 9 17:04:00 2021 +0100
SANTUARIO-579 - Adding test
---
.../apache/xml/security/encryption/XMLCipher.java | 10 ++++
.../test/dom/encryption/XMLEncryption11Test.java | 63 ++++++++++++++++++++++
2 files changed, 73 insertions(+)
diff --git a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
index 5fe7a9a..13fa974 100644
--- a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
+++ b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
@@ -1580,6 +1580,16 @@ public class XMLCipher {
} catch (Exception ex) {
throw new XMLEncryptionException(ex);
}
+ } else if (MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224.equals(digestAlgorithm)) {
+ try {
+ if (requestedJCEProvider == null) {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-224andMGF1Padding");
+ } else {
+ return Cipher.getInstance("RSA/ECB/OAEPWithSHA-224andMGF1Padding", requestedJCEProvider);
+ }
+ } catch (Exception ex) {
+ throw new XMLEncryptionException(ex);
+ }
} else if (MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256.equals(digestAlgorithm)) {
try {
if (requestedJCEProvider == null) {
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
index 8ead1d8..6f5ab99 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
@@ -45,6 +45,7 @@ import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.utils.XMLUtils;
// import org.apache.xml.security.utils.XMLUtils;
@@ -593,6 +594,67 @@ public class XMLEncryption11Test {
}
}
+ @org.junit.jupiter.api.Test
+ public void testKeyWrappingRSA4096EncryptDecryptSHA224() throws Exception {
+ if (haveISOPadding) {
+ String keystore =
+ "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks";
+ String basedir = System.getProperty("basedir");
+ if (basedir != null && basedir.length() != 0) {
+ keystore = basedir + "/" + keystore;
+ }
+
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(new java.io.FileInputStream(keystore), "passwd".toCharArray());
+
+ Certificate cert = keyStore.getCertificate("importkey");
+
+ KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+ keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
+ PrivateKey rsaKey = pkEntry.getPrivateKey();
+
+ // Perform encryption
+ String filename = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
+ if (basedir != null && basedir.length() != 0) {
+ filename = basedir + "/" + filename;
+ }
+ File f = new File(filename);
+
+ Document doc = XMLUtils.read(new java.io.FileInputStream(f), false);
+
+ Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes256-gcm");
+ EncryptedKey encryptedKey =
+ createEncryptedKey(
+ doc,
+ (X509Certificate)cert,
+ sessionKey,
+ "http://www.w3.org/2009/xmlenc11#rsa-oaep",
+ Constants.MoreAlgorithmsSpecNS + "sha224",
+ "http://www.w3.org/2009/xmlenc11#mgf1sha224",
+ XMLUtils.decode("ZHVtbXkxMjM=".getBytes(java.nio.charset.StandardCharsets.UTF_8))
+ );
+
+ doc =
+ encryptDocument(
+ doc,
+ encryptedKey,
+ sessionKey,
+ "http://www.w3.org/2009/xmlenc11#aes256-gcm"
+ );
+ // XMLUtils.outputDOM(doc.getFirstChild(), System.out);
+
+ // Perform decryption
+ Document dd = decryptElement(doc, rsaKey, (X509Certificate)cert);
+ // XMLUtils.outputDOM(dd.getFirstChild(), System.out);
+ checkDecryptedDoc(dd, true);
+ } else {
+ LOG.warn(
+ "Skipping testRSA2048 as necessary "
+ + "crypto algorithms are not available"
+ );
+ }
+ }
+
/**
* Method decryptElement
*
@@ -687,6 +749,7 @@ public class XMLEncryption11Test {
XMLCipher cipher = XMLCipher.getInstance(encryptionMethod, null, digestMethod);
cipher.init(XMLCipher.WRAP_MODE, rsaCert.getPublicKey());
+
EncryptedKey encryptedKey = cipher.encryptKey(doc, sessionKey, mgfAlgorithm, oaepParams, random);
KeyInfo builderKeyInfo = encryptedKey.getKeyInfo();