jrihtarsic commented on code in PR #264: URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1465207527
########## ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java: ########## @@ -313,6 +314,66 @@ public void testEncryptionEncryption() throws Exception { verify(encryptedEncryptedDoc, encCrypto, keystoreCallbackHandler); } + /** + * Test that encrypt and decrypt a WS-Security envelope. + * This test uses the ECDSA-ES algorithm to (wrap) the symmetric key. + * <p/> + * + * @throws Exception Thrown when there is any problem in signing or verification + */ + @ParameterizedTest + @CsvSource({"xdh, X25519", + "xdh, X448", + "ec, secp256r1", + "ec, secp384r1", + "ec, secp521r1", + }) + public void testEncryptionDecryptionECDSA_ES(String algorithm, String certAlias) throws Exception { + try { + if (!JDKTestUtils.isAlgorithmSupportedByJDK(algorithm)) { + LOG.info("Add AuxiliaryProvider to execute test with algorithm [{}] and cert alias [{}]", algorithm, certAlias); + Security.addProvider(JDKTestUtils.getAuxiliaryProvider()); + } + Crypto encCrypto = CryptoFactory.getInstance("wss-ecdh.properties"); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + WSSecHeader secHeader = new WSSecHeader(doc); + secHeader.insertSecurityHeader(); + + WSSecEncrypt builder = new WSSecEncrypt(secHeader); + builder.setUserInfo(certAlias); + builder.setKeyEncAlgo(WSConstants.KEYWRAP_AES128); + builder.setKeyAgreementMethod(WSConstants.AGREEMENT_METHOD_ECDH_ES); + builder.setDigestAlgorithm(WSS4JConstants.SHA256); + builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); + + LOG.info("Before Encryption ..."); + KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM); + SecretKey symmetricKey = keyGen.generateKey(); + + Document encryptedDoc = builder.build(encCrypto, symmetricKey); + LOG.info("After Encryption ...."); + + String outputString = + XMLUtils.prettyDocumentToString(encryptedDoc); + if (LOG.isDebugEnabled()) { + LOG.debug("Encrypted message:"); + LOG.debug(outputString); + } + assertFalse(outputString.contains("counter_port_type")); Review Comment: Added assertions to validate presence of the KeyAgreement element and required algorithms. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org