Re: [PR] Support for the ECDH KeyAgreement method algorithm [ws-wss4j]

Wed, 24 Jan 2024 08:32:23 -0800 


jrihtarsic commented on code in PR #264:
URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1465207527


##########
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java:
##########
@@ -313,6 +314,66 @@ public void testEncryptionEncryption() throws Exception {
         verify(encryptedEncryptedDoc, encCrypto, keystoreCallbackHandler);
     }
 
+    /**
+     * Test that encrypt and decrypt a WS-Security envelope.
+     * This test uses the ECDSA-ES algorithm to (wrap) the symmetric key.
+     * <p/>
+     *
+     * @throws Exception Thrown when there is any problem in signing or 
verification
+     */
+    @ParameterizedTest
+    @CsvSource({"xdh, X25519",
+            "xdh, X448",
+            "ec, secp256r1",
+            "ec, secp384r1",
+            "ec, secp521r1",
+    })
+    public void testEncryptionDecryptionECDSA_ES(String algorithm, String 
certAlias) throws Exception {
+        try {
+            if (!JDKTestUtils.isAlgorithmSupportedByJDK(algorithm)) {
+                LOG.info("Add AuxiliaryProvider to execute test with algorithm 
[{}] and cert alias [{}]", algorithm,  certAlias);
+                Security.addProvider(JDKTestUtils.getAuxiliaryProvider());
+            }
+            Crypto encCrypto = 
CryptoFactory.getInstance("wss-ecdh.properties");
+
+            Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+            WSSecHeader secHeader = new WSSecHeader(doc);
+            secHeader.insertSecurityHeader();
+
+            WSSecEncrypt builder = new WSSecEncrypt(secHeader);
+            builder.setUserInfo(certAlias);
+            builder.setKeyEncAlgo(WSConstants.KEYWRAP_AES128);
+            
builder.setKeyAgreementMethod(WSConstants.AGREEMENT_METHOD_ECDH_ES);
+            builder.setDigestAlgorithm(WSS4JConstants.SHA256);
+            builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+
+            LOG.info("Before Encryption ...");
+            KeyGenerator keyGen = 
KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM);
+            SecretKey symmetricKey = keyGen.generateKey();
+
+            Document encryptedDoc = builder.build(encCrypto, symmetricKey);
+            LOG.info("After Encryption ....");
+
+            String outputString =
+                    XMLUtils.prettyDocumentToString(encryptedDoc);
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Encrypted message:");
+                LOG.debug(outputString);
+            }
+            assertFalse(outputString.contains("counter_port_type"));

Review Comment:
   Added assertions to validate presence of the KeyAgreement element and 
required algorithms. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org

Reply via email to