You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2015/09/14 12:59:08 UTC
svn commit: r1702904 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/impl/processor/output/
test/java/org/apache/xml/security/test/stax/encryption/
Author: coheigea
Date: Mon Sep 14 10:59:08 2015
New Revision: 1702904
URL: http://svn.apache.org/r1702904
Log:
[SANTUARIO-429] - Implement NoKeyInfo
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java?rev=1702904&r1=1702903&r2=1702904&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java Mon Sep 14 10:59:08 2015
@@ -282,24 +282,26 @@ public class XMLEncryptOutputProcessor e
return;
}
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
-
- if (keyIdentifier == null || SecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)) {
- XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
- } else if (SecurityTokenConstants.KeyIdentifier_KeyValue.equals(keyIdentifier)) {
- XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
- } else if (SecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(keyIdentifier)) {
- XMLSecurityUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
- } else if (SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
- XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
- } else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
- XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
- } else {
- throw new XMLSecurityException("stax.unsupportedToken",
- new Object[] {keyIdentifier});
+ if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(keyIdentifier)) {
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
+
+ if (keyIdentifier == null || SecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)) {
+ XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_KeyValue.equals(keyIdentifier)) {
+ XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(keyIdentifier)) {
+ XMLSecurityUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
+ XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
+ XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
+ } else {
+ throw new XMLSecurityException("stax.unsupportedToken",
+ new Object[] {keyIdentifier});
+ }
+
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
}
-
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
}
};
processor.getAfterProcessors().add(XMLEncryptOutputProcessor.class.getName());
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java?rev=1702904&r1=1702903&r2=1702904&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java Mon Sep 14 10:59:08 2015
@@ -1686,4 +1686,64 @@ public class DecryptionTest extends org.
Assert.assertEquals(nodeList.getLength(), 1);
}
+ @Test
+ public void testNoKeyInfo() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(128);
+ SecretKey key = keygen.generateKey();
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("JCEKS");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("test.jceks").openStream(),
+ "secret".toCharArray()
+ );
+ PrivateKey priv = (PrivateKey)keyStore.getKey("rsakey", "secret".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("rsakey");
+
+ // Encrypt using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ encryptUsingDOM(
+ XMLCipher.AES_128, key, XMLCipher.RSA_OAEP,
+ cert.getPublicKey(), false, document, localNames, true
+ );
+
+ // Check the CreditCard encrypted ok
+ NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Decrypt
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setDecryptionKey(priv);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+
+ // Check the CreditCard decrypted ok
+ nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java?rev=1702904&r1=1702903&r2=1702904&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java Mon Sep 14 10:59:08 2015
@@ -925,6 +925,75 @@ public class EncryptionCreationTest exte
Assert.assertEquals(nodeList.getLength(), 1);
}
+ @Test
+ public void testEncryptedKeyNoKeyInfo() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.ENCRYPT);
+ properties.setActions(actions);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ PrivateKey priv = (PrivateKey)keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setEncryptionUseThisCertificate(cert);
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
+
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(256);
+ SecretKey key = keygen.generateKey();
+ properties.setEncryptionKey(key);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+ properties.setEncryptionKeyIdentifier(SecurityTokenConstants.KeyIdentifier_NoKeyInfo);
+
+ SecurePart securePart =
+ new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element);
+ properties.addEncryptionPart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ // Check the CreditCard encrypted ok
+ nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ nodeList = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ // Decrypt using DOM API
+ Document doc =
+ decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null, priv, document);
+
+ // Check the CreditCard decrypted ok
+ nodeList = doc.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+
// Test encryption using a generated AES 192 bit key that is encrypted using a 3DES key.
@Test
public void testAES192Element3DESKWCipher() throws Exception {