Re: [PR] Support for the ECDH KeyAgreement method algorithm [ws-wss4j]

Tue, 23 Jan 2024 02:43:36 -0800 


jrihtarsic commented on code in PR #264:
URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1463072231


##########
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java:
##########
@@ -313,6 +316,67 @@ public void testEncryptionEncryption() throws Exception {
         verify(encryptedEncryptedDoc, encCrypto, keystoreCallbackHandler);
     }
 
+    /**
+     * Test that encrypt and decrypt a WS-Security envelope.
+     * This test uses the ECDSA-ES algorithm to (wrap) the symmetric key.
+     * <p/>
+     *
+     * @throws Exception Thrown when there is any problem in signing or 
verification
+     */
+    @ParameterizedTest
+    @CsvSource({"xdh, X25519",
+            "xdh, X448",
+            "ec, secp256r1",
+            "ec, secp384r1",
+            "ec, secp521r1",
+    })
+    public void testEncryptionDecryptionECDSA_ES(String algorithm, String 
certAlias) throws Exception {
+        try {
+            if (!JDKTestUtils.isAlgorithmSupportedByJDK(algorithm)) {
+                LOG.info("Add AuxiliaryProvider to execute test with algorithm 
[{}] and cert alias [{}]", algorithm,  certAlias);
+                Security.addProvider(JDKTestUtils.getAuxiliaryProvider());
+            }
+            Crypto encCrypto = 
CryptoFactory.getInstance("wss-ecdh.properties");
+
+            Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+            WSSecHeader secHeader = new WSSecHeader(doc);
+            secHeader.insertSecurityHeader();
+
+            WSSecEncrypt builder = new WSSecEncrypt(secHeader);
+            builder.setUserInfo(certAlias);
+            builder.setKeyEncAlgo(WSConstants.KEYWRAP_AES128);
+            
builder.setKeyAgreementMethod(WSConstants.AGREEMENT_METHOD_ECDH_ES);
+            builder.setDigestAlgorithm(WSS4JConstants.SHA256);
+            builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+
+            LOG.info("Before Encryption ...");
+            KeyGenerator keyGen = 
KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM);
+            SecretKey symmetricKey = keyGen.generateKey();
+
+            Document encryptedDoc = builder.build(encCrypto, symmetricKey);
+            LOG.info("After Encryption ....");
+
+            String outputString =
+                    XMLUtils.prettyDocumentToString(encryptedDoc);
+            Files.write(Paths.get("target", "encrypted-"+certAlias+".xml"), 
outputString.getBytes());

Review Comment:
   No, I was just for manual validation of generated result during the 
development phase. Removed the line now. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to