|
49 | 49 | import org.apache.xml.security.stax.ext.XMLSec; |
50 | 50 | import org.apache.xml.security.stax.ext.XMLSecurityConstants; |
51 | 51 | import org.apache.xml.security.stax.ext.XMLSecurityProperties; |
| 52 | +import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent; |
| 53 | +import org.apache.xml.security.stax.securityEvent.SecurityEvent; |
| 54 | +import org.apache.xml.security.stax.securityEvent.SecurityEventConstants; |
52 | 55 | import org.apache.xml.security.test.dom.DSNamespaceContext; |
53 | 56 | import org.apache.xml.security.test.stax.signature.TestSecurityEventListener; |
54 | 57 | import org.apache.xml.security.test.stax.utils.StAX2DOM; |
|
63 | 66 | import org.w3c.dom.NodeList; |
64 | 67 |
|
65 | 68 | import static org.junit.jupiter.api.Assertions.assertEquals; |
| 69 | +import static org.junit.jupiter.api.Assertions.assertFalse; |
66 | 70 | import static org.junit.jupiter.api.Assertions.assertNotNull; |
67 | 71 | import static org.junit.jupiter.api.Assertions.assertTrue; |
68 | 72 |
|
@@ -161,6 +165,8 @@ void testAES128KW() throws Exception { |
161 | 165 |
|
162 | 166 | document = StAX2DOM.readDoc(securityStreamReader); |
163 | 167 |
|
| 168 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.AES_128_KeyWrap); |
| 169 | + |
164 | 170 | // Check the CreditCard decrypted ok |
165 | 171 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
166 | 172 | assertEquals(nodeList.getLength(), 1); |
@@ -215,6 +221,8 @@ void testAES192KW() throws Exception { |
215 | 221 |
|
216 | 222 | document = StAX2DOM.readDoc(securityStreamReader); |
217 | 223 |
|
| 224 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.AES_192_KeyWrap); |
| 225 | + |
218 | 226 | // Check the CreditCard decrypted ok |
219 | 227 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
220 | 228 | assertEquals(nodeList.getLength(), 1); |
@@ -269,6 +277,8 @@ void testAES256KW() throws Exception { |
269 | 277 |
|
270 | 278 | document = StAX2DOM.readDoc(securityStreamReader); |
271 | 279 |
|
| 280 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.AES_256_KeyWrap); |
| 281 | + |
272 | 282 | // Check the CreditCard decrypted ok |
273 | 283 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
274 | 284 | assertEquals(nodeList.getLength(), 1); |
@@ -324,6 +334,8 @@ void testTripleDESKW() throws Exception { |
324 | 334 |
|
325 | 335 | document = StAX2DOM.readDoc(securityStreamReader); |
326 | 336 |
|
| 337 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.TRIPLEDES_KeyWrap); |
| 338 | + |
327 | 339 | // Check the CreditCard decrypted ok |
328 | 340 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
329 | 341 | assertEquals(nodeList.getLength(), 1); |
@@ -378,6 +390,8 @@ void testRSAv15KW() throws Exception { |
378 | 390 |
|
379 | 391 | document = StAX2DOM.readDoc(securityStreamReader); |
380 | 392 |
|
| 393 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.RSA_v1dot5); |
| 394 | + |
381 | 395 | // Check the CreditCard decrypted ok |
382 | 396 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
383 | 397 | assertEquals(nodeList.getLength(), 1); |
@@ -432,6 +446,8 @@ void testRSAOAEPKW() throws Exception { |
432 | 446 |
|
433 | 447 | document = StAX2DOM.readDoc(securityStreamReader); |
434 | 448 |
|
| 449 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.RSA_OAEP); |
| 450 | + |
435 | 451 | // Check the CreditCard decrypted ok |
436 | 452 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
437 | 453 | assertEquals(nodeList.getLength(), 1); |
@@ -486,6 +502,8 @@ void testRSAOAEP11KW() throws Exception { |
486 | 502 |
|
487 | 503 | document = StAX2DOM.readDoc(securityStreamReader); |
488 | 504 |
|
| 505 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.RSA_OAEP_11); |
| 506 | + |
489 | 507 | // Check the CreditCard decrypted ok |
490 | 508 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
491 | 509 | assertEquals(nodeList.getLength(), 1); |
@@ -545,6 +563,8 @@ void testCamellia128KW() throws Exception { |
545 | 563 |
|
546 | 564 | document = StAX2DOM.readDoc(securityStreamReader); |
547 | 565 |
|
| 566 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.CAMELLIA_128_KeyWrap); |
| 567 | + |
548 | 568 | // Check the CreditCard decrypted ok |
549 | 569 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
550 | 570 | assertEquals(nodeList.getLength(), 1); |
@@ -604,6 +624,8 @@ void testCamellia192KW() throws Exception { |
604 | 624 |
|
605 | 625 | document = StAX2DOM.readDoc(securityStreamReader); |
606 | 626 |
|
| 627 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.CAMELLIA_192_KeyWrap); |
| 628 | + |
607 | 629 | // Check the CreditCard decrypted ok |
608 | 630 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
609 | 631 | assertEquals(nodeList.getLength(), 1); |
@@ -663,6 +685,8 @@ void testCamellia256KW() throws Exception { |
663 | 685 |
|
664 | 686 | document = StAX2DOM.readDoc(securityStreamReader); |
665 | 687 |
|
| 688 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.CAMELLIA_256_KeyWrap); |
| 689 | + |
666 | 690 | // Check the CreditCard decrypted ok |
667 | 691 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
668 | 692 | assertEquals(nodeList.getLength(), 1); |
@@ -722,11 +746,40 @@ void testSEED128KW() throws Exception { |
722 | 746 |
|
723 | 747 | document = StAX2DOM.readDoc(securityStreamReader); |
724 | 748 |
|
| 749 | + checkDecryptionMethod(securityEventListener, encryptionAlgorithm, XMLCipher.SEED_128_KeyWrap); |
| 750 | + |
725 | 751 | // Check the CreditCard decrypted ok |
726 | 752 | nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard"); |
727 | 753 | assertEquals(nodeList.getLength(), 1); |
728 | 754 | } |
729 | 755 |
|
| 756 | + private void checkDecryptionMethod( |
| 757 | + TestSecurityEventListener securityEventListener, |
| 758 | + String encryptionAlgorithm, |
| 759 | + String keyWrapAlgorithm |
| 760 | + ) { |
| 761 | + List<SecurityEvent> algorithmEvents = |
| 762 | + securityEventListener.getSecurityEvents(SecurityEventConstants.AlgorithmSuite); |
| 763 | + assertFalse(algorithmEvents.isEmpty()); |
| 764 | + |
| 765 | + boolean matchedEncryptionAlgorithm = false; |
| 766 | + boolean matchedKeyWrapAlgorithm = false; |
| 767 | + for (SecurityEvent event : algorithmEvents) { |
| 768 | + AlgorithmSuiteSecurityEvent algorithmEvent = (AlgorithmSuiteSecurityEvent) event; |
| 769 | + if (XMLSecurityConstants.Enc.equals(algorithmEvent.getAlgorithmUsage())) { |
| 770 | + assertEquals(encryptionAlgorithm, algorithmEvent.getAlgorithmURI()); |
| 771 | + matchedEncryptionAlgorithm = true; |
| 772 | + } else if (XMLSecurityConstants.Sym_Key_Wrap.equals(algorithmEvent.getAlgorithmUsage()) |
| 773 | + || XMLSecurityConstants.Asym_Key_Wrap.equals(algorithmEvent.getAlgorithmUsage())) { |
| 774 | + assertEquals(keyWrapAlgorithm, algorithmEvent.getAlgorithmURI()); |
| 775 | + matchedKeyWrapAlgorithm = true; |
| 776 | + } |
| 777 | + } |
| 778 | + |
| 779 | + assertTrue(matchedEncryptionAlgorithm); |
| 780 | + assertTrue(matchedKeyWrapAlgorithm); |
| 781 | + } |
| 782 | + |
730 | 783 | private void encrypt( |
731 | 784 | EncryptedKey encryptedKey, |
732 | 785 | String algorithm, |
|
0 commit comments