ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1463565 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/crypto/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/ ws-security-stax/src/te...
Date Tue, 02 Apr 2013 14:35:45 GMT
Author: coheigea
Date: Tue Apr  2 14:35:45 2013
New Revision: 1463565

URL: http://svn.apache.org/r1463565
Log:
Refactored how Crypto keystores etc. are loaded in the StaX layer + added the ability to load
keystores via Crypto properties files

Added:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
Tue Apr  2 14:35:45 2013
@@ -258,7 +258,7 @@ public abstract class CryptoFactory {
      * @return
      * @throws WSSecurityException if there is an error in loading the crypto properties
      */
-    private static Properties getProperties(
+    public static Properties getProperties(
         String propFilename, 
         ClassLoader loader
     ) throws WSSecurityException {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Tue Apr  2 14:35:45 2013
@@ -124,7 +124,8 @@ public class WSSec {
                     securityProperties.setTimestampTTL(300);
                 }
             } else if (WSSConstants.SIGNATURE.equals(action)) {
-                if (securityProperties.getSignatureKeyStore() == null) {
+                if (securityProperties.getSignatureKeyStore() == null
+                    && securityProperties.getSignatureCryptoProperties() == null)
{
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureKeyStoreNotSet");
                 }
                 if (securityProperties.getSignatureUser() == null) {
@@ -148,6 +149,7 @@ public class WSSec {
             } else if (WSSConstants.ENCRYPT.equals(action)) {
                 if (securityProperties.getEncryptionUseThisCertificate() == null
                         && securityProperties.getEncryptionKeyStore() == null
+                        && securityProperties.getEncryptionCryptoProperties() ==
null
                         && !securityProperties.isUseReqSigCertForEncryption()) {
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
                 }

Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java?rev=1463565&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
(added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
Tue Apr  2 14:35:45 2013
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.ext;
+
+import java.lang.reflect.Constructor;
+import java.security.KeyStore;
+import java.security.cert.CertStore;
+import java.util.Properties;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.xml.security.stax.config.ConfigurationProperties;
+
+
+/**
+ */
+class WSSCrypto {
+
+    protected static final transient org.slf4j.Logger log = 
+        org.slf4j.LoggerFactory.getLogger(WSSCrypto.class);
+
+    private Class<? extends Merlin> cryptoClass = org.apache.wss4j.common.crypto.Merlin.class;
+    private Properties cryptoProperties;
+    private Crypto cachedCrypto;
+    private KeyStore cachedKeyStore;
+    private KeyStore keyStore;
+    private CertStore crlCertStore;
+    
+    public Crypto getCrypto() throws WSSConfigurationException {
+        
+        if ((keyStore == cachedKeyStore) && cachedCrypto != null) {
+            return cachedCrypto;
+        }
+        
+        Merlin crypto = null;
+        if (cryptoProperties != null) {
+            try {
+                Constructor<?> ctor = cryptoClass.getConstructor(Properties.class);
+                crypto = (Merlin)ctor.newInstance(cryptoProperties);
+                keyStore = crypto.getKeyStore();
+            } catch (Exception e) {
+                throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
+            }
+        } else {
+            try {
+                crypto = cryptoClass.newInstance();
+                crypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
+                crypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
+                crypto.setKeyStore(this.getKeyStore());
+                crypto.setCRLCertStore(this.getCrlCertStore());
+            } catch (Exception e) {
+                throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
+            }
+        }
+        
+        cachedCrypto = crypto;
+        cachedKeyStore = crypto.getKeyStore();
+        return crypto;
+    }
+    
+    public Class<? extends Merlin> getCryptoClass() {
+        return cryptoClass;
+    }
+    
+    public void setCryptoClass(Class<? extends Merlin> cryptoClass) {
+        this.cryptoClass = cryptoClass;
+    }
+    
+    public Properties getCryptoProperties() {
+        return cryptoProperties;
+    }
+    
+    public void setCryptoProperties(Properties cryptoProperties) {
+        this.cryptoProperties = cryptoProperties;
+    }
+    
+    public KeyStore getKeyStore() {
+        return keyStore;
+    }
+    
+    public void setKeyStore(KeyStore keyStore) {
+        this.keyStore = keyStore;
+    }
+
+    public CertStore getCrlCertStore() {
+        return crlCertStore;
+    }
+
+    public void setCrlCertStore(CertStore crlCertStore) {
+        this.crlCertStore = crlCertStore;
+    }
+}

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Tue Apr  2 14:35:45 2013
@@ -24,19 +24,23 @@ import java.security.cert.CertStore;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.X509CRL;
-import java.util.*;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
 
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.Merlin;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.wss4j.stax.validate.Validator;
-import org.apache.xml.security.stax.config.ConfigurationProperties;
 import org.apache.xml.security.stax.ext.XMLSecurityProperties;
 
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.QName;
-
 /**
  * Main configuration class to supply keys etc.
  * This class is subject to change in the future.
@@ -70,28 +74,13 @@ public class WSSSecurityProperties exten
     private WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier;
     private WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference;
 
-    private Class<? extends Merlin> signatureCryptoClass;
-    private Crypto cachedSignatureCrypto;
-    private KeyStore cachedSignatureKeyStore;
-    private KeyStore signatureKeyStore;
+    private WSSCrypto signatureWSSCrypto;
     private String signatureUser;
     private boolean enableSignatureConfirmationVerification = false;
-
-    private Class<? extends Merlin> signatureVerificationCryptoClass;
-    private KeyStore signatureVerificationKeyStore;
+    private WSSCrypto signatureVerificationWSSCrypto;
     private CertStore crlCertStore;
-    private Crypto cachedSignatureVerificationCrypto;
-    private KeyStore cachedSignatureVerificationKeyStore;
-    private Class<? extends Merlin> decryptionCryptoClass;
-
-    private KeyStore decryptionKeyStore;
-    private Crypto cachedDecryptionCrypto;
-    private KeyStore cachedDecryptionKeyStore;
-    private Class<? extends Merlin> encryptionCryptoClass;
-
-    private KeyStore encryptionKeyStore;
-    private Crypto cachedEncryptionCrypto;
-    private KeyStore cachedEncryptionKeyStore;
+    private WSSCrypto decryptionWSSCrypto;
+    private WSSCrypto encryptionWSSCrypto;
     private String encryptionUser;
     private WSSecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier;
     private boolean useReqSigCertForEncryption = false;
@@ -121,30 +110,18 @@ public class WSSSecurityProperties exten
         this.tokenUser = wssSecurityProperties.tokenUser;
         this.derivedKeyKeyIdentifier = wssSecurityProperties.derivedKeyKeyIdentifier;
         this.derivedKeyTokenReference = wssSecurityProperties.derivedKeyTokenReference;
-        this.signatureCryptoClass = wssSecurityProperties.signatureCryptoClass;
-        this.cachedSignatureCrypto = wssSecurityProperties.cachedSignatureCrypto;
-        this.cachedSignatureKeyStore = wssSecurityProperties.cachedSignatureKeyStore;
-        this.signatureKeyStore = wssSecurityProperties.signatureKeyStore;
+        this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
         this.signatureUser = wssSecurityProperties.signatureUser;
         this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
-        this.signatureVerificationCryptoClass = wssSecurityProperties.signatureVerificationCryptoClass;
-        this.signatureVerificationKeyStore = wssSecurityProperties.signatureVerificationKeyStore;
-        this.cachedSignatureVerificationCrypto = wssSecurityProperties.cachedSignatureVerificationCrypto;
-        this.cachedSignatureVerificationKeyStore = wssSecurityProperties.cachedSignatureVerificationKeyStore;
-        this.decryptionCryptoClass = wssSecurityProperties.decryptionCryptoClass;
-        this.decryptionKeyStore = wssSecurityProperties.decryptionKeyStore;
-        this.cachedDecryptionCrypto = wssSecurityProperties.cachedDecryptionCrypto;
-        this.cachedDecryptionKeyStore = wssSecurityProperties.cachedDecryptionKeyStore;
-        this.encryptionCryptoClass = wssSecurityProperties.encryptionCryptoClass;
-        this.encryptionKeyStore = wssSecurityProperties.encryptionKeyStore;
-        this.cachedEncryptionCrypto = wssSecurityProperties.cachedEncryptionCrypto;
-        this.cachedEncryptionKeyStore = wssSecurityProperties.cachedEncryptionKeyStore;
+        this.signatureVerificationWSSCrypto = wssSecurityProperties.signatureVerificationWSSCrypto;
+        this.crlCertStore = wssSecurityProperties.crlCertStore;
+        this.decryptionWSSCrypto = wssSecurityProperties.decryptionWSSCrypto;
+        this.encryptionWSSCrypto = wssSecurityProperties.encryptionWSSCrypto;
         this.encryptionUser = wssSecurityProperties.encryptionUser;
         this.encryptionKeyIdentifier = wssSecurityProperties.encryptionKeyIdentifier;
         this.useReqSigCertForEncryption = wssSecurityProperties.useReqSigCertForEncryption;
         this.encryptionCompressionAlgorithm = wssSecurityProperties.encryptionCompressionAlgorithm;
         this.enableRevocation = wssSecurityProperties.enableRevocation;
-        this.crlCertStore = wssSecurityProperties.crlCertStore;
     }
 
     /**
@@ -299,60 +276,71 @@ public class WSSSecurityProperties exten
     }
 
     public KeyStore getSignatureKeyStore() {
-        return signatureKeyStore;
+        if (signatureWSSCrypto != null) {
+            return signatureWSSCrypto.getKeyStore();
+        }
+        return null;
     }
 
     public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws Exception
{
         KeyStore keyStore = KeyStore.getInstance("jks");
         keyStore.load(url.openStream(), keyStorePassword);
-        this.signatureKeyStore = keyStore;
+        if (signatureWSSCrypto == null) {
+            signatureWSSCrypto = new WSSCrypto();
+        }
+        signatureWSSCrypto.setKeyStore(keyStore);
+    }
+    
+    public Properties getSignatureCryptoProperties() {
+        if (signatureWSSCrypto != null) {
+            return signatureWSSCrypto.getCryptoProperties();
+        }
+        return null;
+    }
+    
+    public void setSignatureCryptoProperties(Properties cryptoProperties) {
+        if (signatureWSSCrypto == null) {
+            signatureWSSCrypto = new WSSCrypto();
+        }
+        signatureWSSCrypto.setCryptoProperties(cryptoProperties);
     }
 
     public Class<? extends Merlin> getSignatureCryptoClass() {
-        if (signatureCryptoClass != null) {
-            return signatureCryptoClass;
+        if (signatureWSSCrypto != null) {
+            return signatureWSSCrypto.getCryptoClass();
         }
-        signatureCryptoClass = org.apache.wss4j.common.crypto.Merlin.class;
-        return signatureCryptoClass;
+        return org.apache.wss4j.common.crypto.Merlin.class;
     }
 
     public void setSignatureCryptoClass(Class<? extends Merlin> signatureCryptoClass)
{
-        this.signatureCryptoClass = signatureCryptoClass;
+        if (signatureWSSCrypto == null) {
+            signatureWSSCrypto = new WSSCrypto();
+        }
+        this.signatureWSSCrypto.setCryptoClass(signatureCryptoClass);
     }
 
     public Crypto getSignatureCrypto() throws WSSConfigurationException {
-
-        if (this.getSignatureKeyStore() == null) {
+        if (signatureWSSCrypto == null) {
             throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureKeyStoreNotSet");
         }
 
-        if (this.getSignatureKeyStore() == cachedSignatureKeyStore) {
-            return cachedSignatureCrypto;
-        }
-
-        Class<? extends Merlin> signatureCryptoClass = this.getSignatureCryptoClass();
-
-        try {
-            Merlin signatureCrypto = signatureCryptoClass.newInstance();
-            signatureCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-            signatureCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
-            signatureCrypto.setKeyStore(this.getSignatureKeyStore());
-            cachedSignatureCrypto = signatureCrypto;
-            cachedSignatureKeyStore = this.getSignatureKeyStore();
-            return signatureCrypto;
-        } catch (Exception e) {
-            throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureCryptoFailure", e);
-        }
+        return signatureWSSCrypto.getCrypto();
     }
 
     public KeyStore getSignatureVerificationKeyStore() {
-        return signatureVerificationKeyStore;
+        if (signatureVerificationWSSCrypto != null) {
+            return signatureVerificationWSSCrypto.getKeyStore();
+        }
+        return null;
     }
 
     public void loadSignatureVerificationKeystore(URL url, char[] keyStorePassword) throws
Exception {
         KeyStore keyStore = KeyStore.getInstance("jks");
         keyStore.load(url.openStream(), keyStorePassword);
-        this.signatureVerificationKeyStore = keyStore;
+        if (signatureVerificationWSSCrypto == null) {
+            signatureVerificationWSSCrypto = new WSSCrypto();
+        }
+        signatureVerificationWSSCrypto.setKeyStore(keyStore);
     }
     
     public void loadCRLCertStore(URL url) throws Exception {
@@ -364,43 +352,43 @@ public class WSSSecurityProperties exten
                 new CollectionCertStoreParameters(Collections.singletonList(crl))
             );
     }
+    
+    public Properties getSignatureVerificationCryptoProperties() {
+        if (signatureVerificationWSSCrypto != null) {
+            return signatureVerificationWSSCrypto.getCryptoProperties();
+        }
+        return null;
+    }
+    
+    public void setSignatureVerificationCryptoProperties(Properties cryptoProperties) {
+        if (signatureVerificationWSSCrypto == null) {
+            signatureVerificationWSSCrypto = new WSSCrypto();
+        }
+        signatureVerificationWSSCrypto.setCryptoProperties(cryptoProperties);
+    }
 
     public Class<? extends Merlin> getSignatureVerificationCryptoClass() {
-        if (signatureVerificationCryptoClass != null) {
-            return signatureVerificationCryptoClass;
+        if (signatureVerificationWSSCrypto != null) {
+            return signatureVerificationWSSCrypto.getCryptoClass();
         }
-        signatureVerificationCryptoClass = Merlin.class;
-        return signatureVerificationCryptoClass;
+        return org.apache.wss4j.common.crypto.Merlin.class;
     }
 
     public void setSignatureVerificationCryptoClass(Class<? extends Merlin> signatureVerificationCryptoClass)
{
-        this.signatureVerificationCryptoClass = signatureVerificationCryptoClass;
+        if (signatureVerificationWSSCrypto == null) {
+            signatureVerificationWSSCrypto = new WSSCrypto();
+        }
+        this.signatureVerificationWSSCrypto.setCryptoClass(signatureVerificationCryptoClass);
+        
     }
 
     public Crypto getSignatureVerificationCrypto() throws WSSConfigurationException {
 
-        if (this.getSignatureVerificationKeyStore() == null) {
+        if (signatureVerificationWSSCrypto == null) {
             throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureVerificationKeyStoreNotSet");
         }
-
-        if (this.getSignatureVerificationKeyStore() == cachedSignatureVerificationKeyStore)
{
-            return cachedSignatureVerificationCrypto;
-        }
-
-        Class<? extends Merlin> signatureVerificationCryptoClass = this.getSignatureVerificationCryptoClass();
-
-        try {
-            Merlin signatureVerificationCrypto = signatureVerificationCryptoClass.newInstance();
-            signatureVerificationCrypto.setKeyStore(this.getSignatureVerificationKeyStore());
-            signatureVerificationCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-            signatureVerificationCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
-            signatureVerificationCrypto.setCRLCertStore(this.getCrlCertStore());
-            cachedSignatureVerificationCrypto = signatureVerificationCrypto;
-            cachedSignatureVerificationKeyStore = this.getSignatureVerificationKeyStore();
-            return signatureVerificationCrypto;
-        } catch (Exception e) {
-            throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"signatureVerificationCryptoFailure", e);
-        }
+        signatureVerificationWSSCrypto.setCrlCertStore(crlCertStore);
+        return signatureVerificationWSSCrypto.getCrypto();
     }
 
     /**
@@ -409,7 +397,10 @@ public class WSSSecurityProperties exten
      * @return A keystore for decryption operation
      */
     public KeyStore getDecryptionKeyStore() {
-        return decryptionKeyStore;
+        if (decryptionWSSCrypto != null) {
+            return decryptionWSSCrypto.getKeyStore();
+        }
+        return null;
     }
 
     /**
@@ -422,7 +413,24 @@ public class WSSSecurityProperties exten
     public void loadDecryptionKeystore(URL url, char[] keyStorePassword) throws Exception
{
         KeyStore keyStore = KeyStore.getInstance("jks");
         keyStore.load(url.openStream(), keyStorePassword);
-        this.decryptionKeyStore = keyStore;
+        if (decryptionWSSCrypto == null) {
+            decryptionWSSCrypto = new WSSCrypto();
+        }
+        decryptionWSSCrypto.setKeyStore(keyStore);
+    }
+    
+    public Properties getDecryptionCryptoProperties() {
+        if (decryptionWSSCrypto != null) {
+            return decryptionWSSCrypto.getCryptoProperties();
+        }
+        return null;
+    }
+    
+    public void setDecryptionCryptoProperties(Properties cryptoProperties) {
+        if (decryptionWSSCrypto == null) {
+            decryptionWSSCrypto = new WSSCrypto();
+        }
+        decryptionWSSCrypto.setCryptoProperties(cryptoProperties);
     }
 
     /**
@@ -431,11 +439,10 @@ public class WSSSecurityProperties exten
      * @return
      */
     public Class<? extends Merlin> getDecryptionCryptoClass() {
-        if (decryptionCryptoClass != null) {
-            return decryptionCryptoClass;
+        if (decryptionWSSCrypto != null) {
+            return decryptionWSSCrypto.getCryptoClass();
         }
-        decryptionCryptoClass = Merlin.class;
-        return decryptionCryptoClass;
+        return org.apache.wss4j.common.crypto.Merlin.class;
     }
 
     /**
@@ -444,7 +451,10 @@ public class WSSSecurityProperties exten
      * @param decryptionCryptoClass
      */
     public void setDecryptionCryptoClass(Class<? extends Merlin> decryptionCryptoClass)
{
-        this.decryptionCryptoClass = decryptionCryptoClass;
+        if (decryptionWSSCrypto == null) {
+            decryptionWSSCrypto = new WSSCrypto();
+        }
+        decryptionWSSCrypto.setCryptoClass(decryptionCryptoClass);
     }
 
     /**
@@ -455,27 +465,11 @@ public class WSSSecurityProperties exten
      */
     public Crypto getDecryptionCrypto() throws WSSConfigurationException {
 
-        if (this.getDecryptionKeyStore() == null) {
+        if (decryptionWSSCrypto == null) {
             throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"decryptionKeyStoreNotSet");
         }
 
-        if (this.getDecryptionKeyStore() == cachedDecryptionKeyStore) {
-            return cachedDecryptionCrypto;
-        }
-
-        Class<? extends Merlin> decryptionCryptoClass = this.getDecryptionCryptoClass();
-
-        try {
-            Merlin decryptionCrypto = decryptionCryptoClass.newInstance();
-            decryptionCrypto.setKeyStore(this.getDecryptionKeyStore());
-            decryptionCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-            decryptionCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
-            cachedDecryptionCrypto = decryptionCrypto;
-            cachedDecryptionKeyStore = this.getDecryptionKeyStore();
-            return decryptionCrypto;
-        } catch (Exception e) {
-            throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"decryptionCryptoFailure", e);
-        }
+        return decryptionWSSCrypto.getCrypto();
     }
 
     /**
@@ -484,7 +478,10 @@ public class WSSSecurityProperties exten
      * @return A keystore for encryption operation
      */
     public KeyStore getEncryptionKeyStore() {
-        return encryptionKeyStore;
+        if (encryptionWSSCrypto != null) {
+            return encryptionWSSCrypto.getKeyStore();
+        }
+        return null;
     }
 
     /**
@@ -497,7 +494,24 @@ public class WSSSecurityProperties exten
     public void loadEncryptionKeystore(URL url, char[] keyStorePassword) throws Exception
{
         KeyStore keyStore = KeyStore.getInstance("jks");
         keyStore.load(url.openStream(), keyStorePassword);
-        this.encryptionKeyStore = keyStore;
+        if (encryptionWSSCrypto == null) {
+            encryptionWSSCrypto = new WSSCrypto();
+        }
+        encryptionWSSCrypto.setKeyStore(keyStore);
+    }
+
+    public Properties getEncryptionCryptoProperties() {
+        if (encryptionWSSCrypto != null) {
+            return encryptionWSSCrypto.getCryptoProperties();
+        }
+        return null;
+    }
+    
+    public void setEncryptionCryptoProperties(Properties cryptoProperties) {
+        if (encryptionWSSCrypto == null) {
+            encryptionWSSCrypto = new WSSCrypto();
+        }
+        encryptionWSSCrypto.setCryptoProperties(cryptoProperties);
     }
 
     /**
@@ -506,11 +520,10 @@ public class WSSSecurityProperties exten
      * @return
      */
     public Class<? extends Merlin> getEncryptionCryptoClass() {
-        if (encryptionCryptoClass != null) {
-            return encryptionCryptoClass;
+        if (encryptionWSSCrypto != null) {
+            return encryptionWSSCrypto.getCryptoClass();
         }
-        encryptionCryptoClass = Merlin.class;
-        return encryptionCryptoClass;
+        return org.apache.wss4j.common.crypto.Merlin.class;
     }
 
     /**
@@ -519,7 +532,10 @@ public class WSSSecurityProperties exten
      * @param encryptionCryptoClass
      */
     public void setEncryptionCryptoClass(Class<? extends Merlin> encryptionCryptoClass)
{
-        this.encryptionCryptoClass = encryptionCryptoClass;
+        if (encryptionWSSCrypto == null) {
+            encryptionWSSCrypto = new WSSCrypto();
+        }
+        encryptionWSSCrypto.setCryptoClass(encryptionCryptoClass);
     }
 
     /**
@@ -530,28 +546,12 @@ public class WSSSecurityProperties exten
      */
     public Crypto getEncryptionCrypto() throws WSSConfigurationException {
 
-        if (this.getEncryptionKeyStore() == null) {
+        if (encryptionWSSCrypto == null) {
             throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
         }
 
-        if (this.getEncryptionKeyStore() == cachedEncryptionKeyStore) {
-            return cachedEncryptionCrypto;
-        }
-
-        Class<? extends Merlin> encryptionCryptoClass = this.getEncryptionCryptoClass();
-
-        try {
-            Merlin encryptionCrypto = encryptionCryptoClass.newInstance();
-            encryptionCrypto.setKeyStore(this.getEncryptionKeyStore());
-            encryptionCrypto.setDefaultX509Identifier(ConfigurationProperties.getProperty("DefaultX509Alias"));
-            encryptionCrypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
-            encryptionCrypto.setCRLCertStore(this.getCrlCertStore());
-            cachedEncryptionCrypto = encryptionCrypto;
-            cachedEncryptionKeyStore = this.getEncryptionKeyStore();
-            return encryptionCrypto;
-        } catch (Exception e) {
-            throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionCryptoFailure", e);
-        }
+        encryptionWSSCrypto.setCrlCertStore(this.getCrlCertStore());
+        return encryptionWSSCrypto.getCrypto();
     }
     
     /**

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
Tue Apr  2 14:35:45 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.test;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream;
 import org.apache.wss4j.common.bsp.BSPRule;
+import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.WSSConstants;
@@ -202,6 +203,151 @@ public class EncDecryptionTest extends A
                     operationSecurityEvents.size() + encryptedPartSecurityEvents.size());
         }
     }
+    
+    @Test
+    public void testEncDecryptionCryptoPropertiesOutbound() throws Exception {
+
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            Properties properties = 
+                CryptoFactory.getProperties("transmitter-crypto.properties", this.getClass().getClassLoader());
+            securityProperties.setEncryptionCryptoProperties(properties);
+            securityProperties.setEncryptionUser("receiver");
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(),
WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+            NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node child = childNodes.item(i);
+                if (child.getNodeType() == Node.TEXT_NODE) {
+                    Assert.assertEquals(child.getTextContent().trim(), "");
+                } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+                    Assert.assertEquals(child, nodeList.item(0));
+                } else {
+                    Assert.fail("Unexpected Node encountered");
+                }
+            }
+        }
+
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testEncDecryptionCryptoPropertiesInbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.ENCRYPT;
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
new Properties());
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+        //test streaming decryption
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            Properties properties = 
+                CryptoFactory.getProperties("receiver-crypto.properties", this.getClass().getClassLoader());
+            securityProperties.setDecryptionCryptoProperties(properties);
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+            WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{
+                    WSSecurityEventConstants.AlgorithmSuite,
+                    WSSecurityEventConstants.AlgorithmSuite,
+                    WSSecurityEventConstants.X509Token,
+                    WSSecurityEventConstants.EncryptedPart,
+                    WSSecurityEventConstants.Operation,
+            };
+            final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
+
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), securityEventListener);
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            //no encrypted content
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+
+            securityEventListener.compare();
+
+            List<SecurityEvent> receivedSecurityEvents = securityEventListener.getReceivedSecurityEvents();
+            for (int i = 0; i < receivedSecurityEvents.size(); i++) {
+                SecurityEvent securityEvent = receivedSecurityEvents.get(i);
+                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.Operation)
{
+                    OperationSecurityEvent operationSecurityEvent = (OperationSecurityEvent)
securityEvent;
+                    Assert.assertEquals(operationSecurityEvent.getOperation(), new QName("http://schemas.xmlsoap.org/wsdl/",
"definitions"));
+                } else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.EncryptedPart)
{
+                    EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent)
securityEvent;
+                    Assert.assertNotNull(encryptedPartSecurityEvent.getXmlSecEvent());
+                    Assert.assertNotNull(encryptedPartSecurityEvent.getSecurityToken());
+                    Assert.assertNotNull(encryptedPartSecurityEvent.getElementPath());
+                    final QName expectedElementName = new QName("http://schemas.xmlsoap.org/soap/envelope/",
"Body");
+                    Assert.assertEquals(encryptedPartSecurityEvent.getXmlSecEvent().asStartElement().getName(),
expectedElementName);
+                    Assert.assertEquals(encryptedPartSecurityEvent.getElementPath().size(),
2);
+                    Assert.assertEquals(encryptedPartSecurityEvent.getElementPath().get(encryptedPartSecurityEvent.getElementPath().size()
- 1), expectedElementName);
+                }
+            }
+
+            EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedPart);
+            OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.Operation);
+            String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
+            String operationCorrelationID = operationSecurityEvent.getCorrelationID();
+
+            List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>();
+            List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>();
+
+            List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
+            for (int i = 0; i < securityEvents.size(); i++) {
+                SecurityEvent securityEvent = securityEvents.get(i);
+                if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID))
{
+                    encryptedPartSecurityEvents.add(securityEvent);
+                } else if (securityEvent.getCorrelationID().equals(operationCorrelationID))
{
+                    operationSecurityEvents.add(securityEvent);
+                }
+            }
+
+            org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+            org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
+                    operationSecurityEvents.size() + encryptedPartSecurityEvents.size());
+        }
+    }
 
     @Test
     public void testEncDecryptionPartsContentOutbound() throws Exception {

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1463565&r1=1463564&r2=1463565&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Tue Apr  2 14:35:45 2013
@@ -18,14 +18,35 @@
  */
 package org.apache.wss4j.stax.test;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+
 import org.apache.wss4j.common.bsp.BSPRule;
+import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.WSSec;
-import org.apache.wss4j.stax.ext.*;
-import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.ext.InboundWSSec;
+import org.apache.wss4j.stax.ext.OutboundWSSec;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.wss4j.stax.test.utils.StAX2DOM;
 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
 import org.apache.xml.security.stax.ext.SecurePart;
@@ -39,22 +60,6 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamReader;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-
 public class SignatureTest extends AbstractTestBase {
 
     @Test
@@ -132,6 +137,86 @@ public class SignatureTest extends Abstr
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
         }
     }
+    
+    @Test
+    public void testSignatureCryptoPropertiesOutbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+            securityProperties.setOutAction(actions);
+            Properties properties = 
+                CryptoFactory.getProperties("transmitter-crypto.properties", this.getClass().getClassLoader());
+            securityProperties.setSignatureCryptoProperties(properties);
+            securityProperties.setSignatureUser("transmitter");
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+            XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new
ArrayList<SecurityEvent>());
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(),
WSSConstants.TAG_dsig_Reference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
+            Assert.assertEquals(nodeList.getLength(), 1);
+            String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(),
WSSConstants.ATT_wsu_Id.getLocalPart());
+            Assert.assertNotNull(idAttrValue);
+            Assert.assertTrue(idAttrValue.length() > 0);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(),
WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 2);
+            Assert.assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()),
"env");
+            Assert.assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()),
"");
+        }
+        //done signature; now test sig-verification:
+        {
+            String action = WSHandlerConstants.SIGNATURE;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testSignatureCryptoPropertiesInbound() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.SIGNATURE;
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
new Properties());
+
+            //some test that we can really sure we get what we want from WSS4J
+            NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            Properties properties = 
+                CryptoFactory.getProperties("receiver-crypto.properties", this.getClass().getClassLoader());
+            securityProperties.setSignatureVerificationCryptoProperties(properties);
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+            Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+        }
+    }
 
     @Test
     public void testSignaturePartsOutbound() throws Exception {



Mime
View raw message