ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] 02/04: WSS-668 - Rename WSSConstants ENCRYPT actions
Date Thu, 16 Apr 2020 11:25:06 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit a12eec565d0b41c8b8210927f352a556e17d73c6
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Apr 16 10:25:11 2020 +0100

    WSS-668 - Rename WSSConstants ENCRYPT actions
---
 .../integration/test/kerberos/KerberosTest.java    | 80 ++++++++++++++++++++++
 src/site/asciidoc/config.adoc                      |  3 +-
 .../wss4j/common/ConfigurationConstants.java       |  7 ++
 .../test/AsymmetricBindingIntegrationTest.java     |  4 +-
 .../org/apache/wss4j/stax/ext/WSSConstants.java    |  8 ++-
 .../output/BinarySecurityTokenOutputProcessor.java |  8 +--
 .../output/DerivedKeyTokenOutputProcessor.java     |  4 +-
 .../output/EncryptedKeyOutputProcessor.java        |  4 +-
 .../SecurityContextTokenOutputProcessor.java       |  2 +-
 .../wss4j/stax/setup/ConfigurationConverter.java   |  7 +-
 .../org/apache/wss4j/stax/setup/OutboundWSSec.java |  6 +-
 .../java/org/apache/wss4j/stax/setup/WSSec.java    |  4 +-
 .../wss4j/stax/test/DerivedKeyTokenTest.java       | 38 +++++++++-
 .../wss4j/stax/test/SecurityContextTokenTest.java  |  2 +-
 14 files changed, 151 insertions(+), 26 deletions(-)

diff --git a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
index 8bcd973..f91effe 100644
--- a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
+++ b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
@@ -947,6 +947,86 @@ public class KerberosTest {
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN);
+            securityProperties.setActions(actions);
+            securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES128);
+            securityProperties.setCallbackHandler(new CallbackHandler() {
+                @Override
+                public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                    if (callbacks[0] instanceof KerberosContextAndServiceNameCallback) {
+                        KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback
=
+                                (KerberosContextAndServiceNameCallback) callbacks[0];
+                        kerberosContextAndServiceNameCallback.setContextName("alice");
+                        kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
+                    } else if (callbacks[0] instanceof PasswordCallback) {
+                        PasswordCallback passwordCallback = (PasswordCallback) callbacks[0];
+                        if (passwordCallback.getPrompt().contains("alice")) {
+                            passwordCallback.setPassword("alice".toCharArray());
+                        }
+                    }
+                }
+            });
+
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+            XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(),
new ArrayList<>());
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            document = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_ReferenceList.getNamespaceURI(),
WSSConstants.TAG_xenc_ReferenceList.getLocalPart());
+            assertEquals(1, nodeList.getLength());
+        }
+
+        {
+            // Configure the Validator
+            WSSConfig wssConfig = WSSConfig.getNewInstance();
+            KerberosTokenValidator validator = new KerberosTokenValidator();
+            validator.setContextName("bob");
+            validator.setServiceName("bob@service.ws.apache.org");
+            wssConfig.setValidator(WSConstants.BINARY_TOKEN, validator);
+            WSSecurityEngine secEngine = new WSSecurityEngine();
+            secEngine.setWssConfig(wssConfig);
+
+            CallbackHandler callbackHandler = new CallbackHandler() {
+                @Override
+                public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                    if (callbacks[0] instanceof PasswordCallback) {
+                        PasswordCallback passwordCallback = (PasswordCallback) callbacks[0];
+                        if (passwordCallback.getPrompt().contains("bob")) {
+                            passwordCallback.setPassword("bob".toCharArray());
+                        }
+                    }
+                }
+            };
+
+            WSHandlerResult results =
+                    secEngine.processSecurityHeader(document, null, callbackHandler, null);
+            WSSecurityEngineResult actionResult =
+                    results.getActionResults().get(WSConstants.BST).get(0);
+            BinarySecurity token =
+                    (BinarySecurity) actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+            assertNotNull(token);
+
+            Principal principal = (Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+            assertTrue(principal instanceof KerberosPrincipal);
+            assertTrue(principal.getName().contains("alice"));
+        }
+    }
+
+    @Test
+    public void testKerberosEncryptionOutboundDeprecatedTag() throws Exception {
+        if (!runTests) {
+            System.out.println("Skipping test because kerberos server could not be started");
+            return;
+        }
+
+        Document document;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<>();
             actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
             securityProperties.setActions(actions);
             securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES128);
diff --git a/src/site/asciidoc/config.adoc b/src/site/asciidoc/config.adoc
index 8b7b19c..f7ab907 100644
--- a/src/site/asciidoc/config.adoc
+++ b/src/site/asciidoc/config.adoc
@@ -124,7 +124,8 @@ The configuration tags for Actions are as follows:
  * *WSS4J 2.0.0* SIGNATURE_DERIVED (SignatureDerived) - Perform a Signature action with derived
keys.
  * *WSS4J 2.0.0* ENCRYPT_DERIVED (EncryptDerived) - Perform a Encryption action with derived
keys.
  * *WSS4J 2.0.0* SIGNATURE_WITH_KERBEROS_TOKEN (SignatureWithKerberosToken) - Perform a Signature
action with a kerberos token. Only for StAX code.
- * *WSS4J 2.0.0* ENCRYPT_WITH_KERBEROS_TOKEN (EncryptWithKerberosToken) - Perform a Encryption
action with a kerberos token. Only for StAX code.
+ * *WSS4J 2.3.0* ENCRYPTION_WITH_KERBEROS_TOKEN (EncryptionWithKerberosToken) - Perform a
Encryption action with a kerberos token. Only for StAX code.
+Note that for releases from 2.0.0 -> 2.2.x, this configuration tag was called ENCRYPT_WITH_KERBEROS_TOKEN
(EncryptWithKerberosToken).
  * *WSS4J 2.0.0* KERBEROS_TOKEN (KerberosToken) - Add a kerberos token. Only for StAX code.
  * *WSS4J 2.0.0* CUSTOM_TOKEN (CustomToken) - Add a "Custom" token from a CallbackHandler
  * *WSS4J 1.6.x only* SIGN_WITH_UT_KEY (UsernameTokenSignature) - Perform a .NET specific
signature using a Username Token action.
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
index b1d5d3f..16b6786 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
@@ -106,9 +106,16 @@ public class ConfigurationConstants {
      * Perform a Encryption action with a kerberos token. The signature specific parameters
define how
      * to encrypt, which keys to use, and so on.
      */
+    @Deprecated
     public static final String ENCRYPT_WITH_KERBEROS_TOKEN = "EncryptWithKerberosToken";
 
     /**
+     * Perform a Encryption action with a kerberos token. The signature specific parameters
define how
+     * to encrypt, which keys to use, and so on.
+     */
+    public static final String ENCRYPTION_WITH_KERBEROS_TOKEN = "EncryptionWithKerberosToken";
+
+    /**
      * Add a kerberos token.
      */
     public static final String KERBEROS_TOKEN = "KerberosToken";
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
index a0789f6..7a4711a 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
@@ -2255,7 +2255,7 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase
{
         actions.add(WSSConstants.TIMESTAMP);
         actions.add(WSSConstants.USERNAMETOKEN);
         actions.add(WSSConstants.SAML_TOKEN_SIGNED);
-        actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+        actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
         outSecurityProperties.setActions(actions);
         SAMLCallbackHandlerImpl samlCallbackHandler = new SAMLCallbackHandlerImpl();
         samlCallbackHandler.setSamlVersion(Version.SAML_20);
@@ -2385,7 +2385,7 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase
{
         actions.add(WSSConstants.TIMESTAMP);
         actions.add(WSSConstants.USERNAMETOKEN);
         actions.add(WSSConstants.SAML_TOKEN_SIGNED);
-        actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+        actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
         outSecurityProperties.setActions(actions);
         SAMLCallbackHandlerImpl samlCallbackHandler = new SAMLCallbackHandlerImpl();
         samlCallbackHandler.setSamlVersion(Version.SAML_20);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
index 904e2b9..edfc5df 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
@@ -219,11 +219,15 @@ public class WSSConstants extends XMLSecurityConstants {
     public static final Action USERNAMETOKEN_SIGNED = new Action(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE);
     public static final Action SIGNATURE_CONFIRMATION = new Action("SignatureConfirmation");
     public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SignatureWithDerivedKey");
-    public static final Action ENCRYPT_WITH_DERIVED_KEY = new Action("EncryptWithDerivedKey");
+    public static final Action ENCRYPTION_WITH_DERIVED_KEY = new Action("EncryptionWithDerivedKey");
+    @Deprecated
+    public static final Action ENCRYPT_WITH_DERIVED_KEY = ENCRYPTION_WITH_DERIVED_KEY;
     public static final Action SAML_TOKEN_SIGNED = new Action(ConfigurationConstants.SAML_TOKEN_SIGNED);
     public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
     public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
-    public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
+    public static final Action ENCRYPTION_WITH_KERBEROS_TOKEN = new Action("EncryptionWithKerberosToken");
+    @Deprecated
+    public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = ENCRYPTION_WITH_KERBEROS_TOKEN;
     public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
     public static final Action CUSTOM_TOKEN = new Action("CustomToken");
 
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
index aa1fbf1..f8ab36b 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
@@ -60,7 +60,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
                 tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
             } else if (WSSConstants.ENCRYPTION.equals(action)) {
                 tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY);
-            } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+            } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
                 || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
                 || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                 tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS);
@@ -119,7 +119,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
                     finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                     finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
                     securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
-                } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+                } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
                     || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
                     || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                     FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor
=
@@ -158,7 +158,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
 
                 final QName headerElementName = WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN;
 
-                if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+                if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
                     || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
                     || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                     OutputProcessorUtils.updateSecurityHeaderOrder(
@@ -175,7 +175,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
                                 ((KerberosClientSecurityToken)securityToken).getTicket())
                     );
                     createEndElementAndOutputAsEvent(subOutputProcessorChain, headerElementName);
-                    if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())) {
+                    if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction()))
{
                         OutputProcessorUtils.updateSecurityHeaderOrder(outputProcessorChain,
WSSConstants.TAG_xenc_ReferenceList,
                                                                        getAction(), false);
                         WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
index 459794c..08e402b 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
@@ -91,7 +91,7 @@ public class DerivedKeyTokenOutputProcessor extends AbstractOutputProcessor
{
                         length = KeyUtils.getKeyLength(getSecurityProperties().getSignatureAlgorithm())
/ 8;
                     }
                 }
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 if (((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength()
> 0) {
                     length = ((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength();
                 } else {
@@ -172,7 +172,7 @@ public class DerivedKeyTokenOutputProcessor extends AbstractOutputProcessor
{
 
             if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
wsuIdDKT);
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
wsuIdDKT);
             }
             outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(wsuIdDKT,
derivedKeysecurityTokenProvider);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
index 36dbb3c..e5feb53 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
@@ -143,7 +143,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor
{
                     finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                 }
                 finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 if (wrappingSecurityToken.getProcessor() != null) {
                     finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
                     finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -152,7 +152,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor
{
                     finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
 
                     //hint for the headerReordering processor where to place the EncryptedKey
-                    if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT_WITH_DERIVED_KEY)
+                    if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY)
                         < getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY))
{
                         finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
                     }
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
index cb2be23..d6cec3c 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
@@ -117,7 +117,7 @@ public class SecurityContextTokenOutputProcessor extends AbstractOutputProcessor
                 } else {
                     finalSecurityContextTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                 }
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY,
wsuId);
                 if (wrappingSecurityToken.getProcessor() != null) {
                     finalSecurityContextTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
index b9e8280..a44fa5a 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
@@ -109,11 +109,12 @@ public final class ConfigurationConverter {
             } else if (single[i].equals(ConfigurationConstants.SIGNATURE_DERIVED)) {
                 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
             } else if (single[i].equals(ConfigurationConstants.ENCRYPT_DERIVED)) {
-                actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+                actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
             } else if (single[i].equals(ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN))
{
                 actions.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
-            } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN))
{
-                actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
+            } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN)
+                || single[i].equals(ConfigurationConstants.ENCRYPTION_WITH_KERBEROS_TOKEN))
{
+                actions.add(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN);
             } else if (single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
                 actions.add(WSSConstants.KERBEROS_TOKEN);
             } else if (single[i].equals(ConfigurationConstants.CUSTOM_TOKEN)) {
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
index a64f561..27d84ec 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
@@ -580,7 +580,7 @@ public class OutboundWSSec {
             for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
                 if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
                     derivedSignatureButNotDerivedEncryption = true;
-                } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+                } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                     derivedSignatureButNotDerivedEncryption = false;
                     break;
                 }
@@ -665,7 +665,7 @@ public class OutboundWSSec {
                 final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
                 initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor,
action);
 
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 configuredAction.encryptionAction = true;
                 configuredAction.derivedEncryption = true;
 
@@ -733,7 +733,7 @@ public class OutboundWSSec {
 
                 final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
                 initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor,
action);
-            } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
                 configuredAction.kerberos = true;
                 configuredAction.encryptionKerberos = true;
                 final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
index cb07d87..abb1c31 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
@@ -224,7 +224,7 @@ public class WSSec {
                 checkDefaultSecureParts(true, securityProperties);
             } else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
                 checkOutboundSignatureDerivedProperties(securityProperties);
-            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
                 checkOutboundEncryptionDerivedProperties(securityProperties);
             } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
                 if (securityProperties.getCallbackHandler() == null) {
@@ -266,7 +266,7 @@ public class WSSec {
                     securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
                 }
                 checkDefaultSecureParts(true, securityProperties);
-            } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
+            } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
                 if (securityProperties.getCallbackHandler() == null) {
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noCallback");
                 }
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
index 0341277..a3bab34 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
@@ -87,7 +87,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<>();
-            actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
             securityProperties.setActions(actions);
             byte[] secret = WSSConstants.generateBytes(192 / 8);
             CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
@@ -115,6 +115,38 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
 
     @ParameterizedTest
     @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
+    public void testEncryptionDecryptionOutboundDeprecatedTag(int version) throws Exception
{
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            securityProperties.setActions(actions);
+            byte[] secret = WSSConstants.generateBytes(192 / 8);
+            CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
+            securityProperties.setCallbackHandler(callbackHandler);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+            XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(),
new ArrayList<SecurityEvent>());
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
+        }
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @ParameterizedTest
+    @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
     public void testEncryptionDecryptionTRIPLEDESInbound(int version) throws Exception {
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -293,7 +325,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<>();
-            actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
             securityProperties.setActions(actions);
             byte[] secret = WSSConstants.generateBytes(128 / 8);
             CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
@@ -824,7 +856,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<>();
             actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
-            actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
             securityProperties.setActions(actions);
             CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
             securityProperties.setCallbackHandler(callbackHandler);
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
index 450073d..52a00c4 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
@@ -91,7 +91,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             List<WSSConstants.Action> actions = new ArrayList<>();
-            actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
             securityProperties.setActions(actions);
             CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
             securityProperties.setCallbackHandler(callbackHandler);


Mime
View raw message