Fix applying encryption in SOAP 1.2 envelopes

ballerina-platform · Nov 1, 2023 · 8b7bb39 · 8b7bb39
1 parent 7a5e640
commit 8b7bb39
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 57 deletions.
diff --git a/ballerina/modules/soap11/soap11.bal b/ballerina/modules/soap11/soap11.bal
@@ -71,7 +71,7 @@ public isolated client class Client {
             xml mimeEntity = body is xml ? body : check body[0].getXml();
             lock {
                 xml envelope = body is xml ? body.clone() : mimeEntity.clone();
-                securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone());
+                securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone(), false);
             }
             xml|mime:Entity[] response;
             if body is mime:Entity[] {
@@ -85,10 +85,10 @@ public isolated client class Client {
                 do {
                     if outboundSecurity is wssec:OutboundSecurityConfig && outboundSecurity != {} {
                         if response is xml {
-                            return check soap:applyOutboundConfig(outboundSecurity.clone(), response.clone());
+                            return check soap:applyOutboundConfig(outboundSecurity.clone(), response.clone(), false);
                         } else {
                             return check soap:applyOutboundConfig(outboundSecurity.clone(), 
-                                                                  check response[0].getXml().clone());
+                                                                  check response[0].getXml().clone(), false);
                         }
                     }
                 } on fail var e {
@@ -119,7 +119,7 @@ public isolated client class Client {
             xml mimeEntity = body is xml ? body : check body[0].getXml();
             lock {
                 xml envelope = body is xml ? body.clone() : mimeEntity.clone();
-                securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone());
+                securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone(), false);
             }
             return check soap:sendOnly(securedBody, self.soapClient, action, headers, path, false);
         } on fail var e {

diff --git a/ballerina/modules/soap11/tests/http_soap_service.bal b/ballerina/modules/soap11/tests/http_soap_service.bal
@@ -63,14 +63,14 @@ service / on new http:Listener(9090) {
             signatureAlgorithm: soap:RSA_SHA256,
             decryptionAlgorithm: soap:RSA_ECB,
             decryptionKey: serverPrivateKey
-        }, payload);
+        }, payload, false);
         xml securedEnv = check soap:applySecurityPolicies(
             {
             signatureAlgorithm: soap:RSA_SHA256,
             encryptionAlgorithm: soap:RSA_ECB,
             signatureKey: serverPrivateKey,
             encryptionKey: clientPublicKey
-        }, applyOutboundConfig);
+        }, applyOutboundConfig, false);
         http:Response response = new;
         mime:Entity[] mtomMessage = [];
         mime:Entity envelope = new;
@@ -91,14 +91,14 @@ service / on new http:Listener(9090) {
             signatureAlgorithm: soap:RSA_SHA256,
             decryptionAlgorithm: soap:RSA_ECB,
             decryptionKey: serverPrivateKey
-        }, payload);
+        }, payload, false);
         xml securedEnv = check soap:applySecurityPolicies(
             {
             signatureAlgorithm: soap:RSA_SHA256,
             encryptionAlgorithm: soap:RSA_ECB,
             signatureKey: serverPrivateKey,
             encryptionKey: clientPublicKey
-        }, applyOutboundConfig);
+        }, applyOutboundConfig, false);
         http:Response response = new;
         response.setPayload(securedEnv);
         return response;

diff --git a/ballerina/modules/soap12/tests/soap12_client_test.bal b/ballerina/modules/soap12/tests/soap12_client_test.bal
@@ -516,7 +516,7 @@ function testSoapReceiveWithSymmetricBindingAndOutboundConfig() returns error? {
             }
         }
     );
-    xml body = xml `<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body></soap:Envelope>`;
+    xml body = xml `<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" soap:encodingStyle="http://www.w3.org/2003/05/soap-encoding/"><soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body></soap:Envelope>`;
     xml|mime:Entity[] response = check soapClient->sendReceive(body, "http://tempuri.org/Add", path = "/getSamePayload");
     return soap:assertSymmetricBinding(response.toString(), string `<soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body>`);
 }
@@ -542,7 +542,7 @@ function testSendReceiveWithAsymmetricBindingAndOutboundConfig() returns error?
         }
     );
 
-    xml body = xml `<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body></soap:Envelope>`;
+    xml body = xml `<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body></soap:Envelope>`;
     xml|mime:Entity[] response = check soapClient->sendReceive(body, "http://tempuri.org/Add", path = "/getSecuredPayload");
     return soap:assertSymmetricBinding(response.toString(), string `<soap:Body><quer:Add xmlns:quer="http://tempuri.org/"><quer:intA>2</quer:intA><quer:intB>3</quer:intB></quer:Add></soap:Body>`);
 }

diff --git a/ballerina/modules/wssec/tests/ws_security_tests.bal b/ballerina/modules/wssec/tests/ws_security_tests.bal
@@ -211,7 +211,7 @@ function testSymmetricBindingPolicyWithSignatureOnly() returns error? {
         servicePublicKey: serverPublicKey
     };
 
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
 
@@ -239,7 +239,7 @@ function testSymmetricBindingPolicyEncryptionOnly() returns error? {
         servicePublicKey: serverPublicKey
     };
 
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] encData = check getEncryptedData(securedEnvelope);
@@ -266,7 +266,7 @@ function testSymmetricBindingWithSignatureAndEncryption() returns error? {
         symmetricKey: symmetricKey,
         servicePublicKey: serverPublicKey
     };
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -302,7 +302,7 @@ function testSymmetricBindingPolicyWithX509SignatureAndEncryption() returns erro
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
 
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -344,7 +344,7 @@ function testUsernameTokenWithSymmetricBinding() returns error? {
         symmetricKey: symmetricKey,
         servicePublicKey: serverPublicKey
     };
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -403,7 +403,7 @@ function testUsernameTokenTimestampWithSymmetricBindingAndX509Token() returns er
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
 
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
 
@@ -452,7 +452,7 @@ function testSymmetricBindingWithOutboundConfig() returns error? {
         servicePublicKey: serverPublicKey
     };
 
-    xml securedEnvelope = check applySymmetricBinding(envelope, symmetricBinding);
+    xml securedEnvelope = check applySymmetricBinding(envelope, false, symmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     OutboundSecurityConfig outboundConfig = {
@@ -492,7 +492,7 @@ function testAsymmetricBindingWithSignatureRsaSha256() returns error? {
         signatureKey: clientPrivateKey,
         encryptionKey: serverPublicKey
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
     Error? validity = check verifyData((envelope/<soap:Body>/*).toString().toBytes(), signedData,
@@ -518,7 +518,7 @@ function testAsymmetricBindingWithX509Signature() returns error? {
         encryptionKey: serverPublicKey,
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -544,7 +544,7 @@ function testAsymmetricBindingWithEncryption() returns error? {
         signatureKey: clientPrivateKey,
         encryptionKey: serverPublicKey
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] encData = check getEncryptedData(securedEnvelope);
@@ -571,7 +571,7 @@ function testAsymmetricBindingWithSignatureAndEncryption() returns error? {
         encryptionKey: serverPublicKey
     };
 
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -604,7 +604,7 @@ function testAsymmetricBindingWithX509SignatureAndEncryption() returns error? {
         encryptionKey: serverPublicKey,
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -644,7 +644,7 @@ function testUsernameTokenWithAsymmetricBindingAndX509() returns error? {
         encryptionKey: serverPublicKey,
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -686,7 +686,7 @@ function testUsernameTokenTimestampWithAsymmetricBindingAndX509() returns error?
         encryptionKey: serverPublicKey,
         x509Token: X509_PUBLIC_CERT_PATH_2
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
 
     byte[] signedData = check getSignatureData(securedEnvelope);
@@ -729,7 +729,7 @@ function testAsymmetricBindingWithOutboundConfig() returns error? {
         decryptionKey: serverPrivateKey
     };
 
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope,false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
     crypto:PrivateKey|crypto:PublicKey? privateKey = outboundConfig.decryptionKey;
     if privateKey is crypto:PrivateKey|crypto:PublicKey {
@@ -760,7 +760,7 @@ function testAsymmetricBindingWithSignatureWithRsaSha1() returns error? {
         signatureKey: clientPrivateKey,
         encryptionKey: serverPublicKey
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
     Error? validity = check verifyData((envelope/<soap:Body>/*).toString().toBytes(), signedData,
@@ -785,7 +785,7 @@ function testAsymmetricBindingWithSignatureWithRsaSha384() returns error? {
         signatureKey: clientPrivateKey,
         encryptionKey: serverPublicKey
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
     Error? validity = check verifyData((envelope/<soap:Body>/*).toString().toBytes(), signedData,
@@ -810,7 +810,7 @@ function testAsymmetricBindingWithSignatureWithRsaSha512() returns error? {
         signatureKey: clientPrivateKey,
         encryptionKey: serverPublicKey
     };
-    xml securedEnvelope = check applyAsymmetricBinding(envelope, asymmetricBinding);
+    xml securedEnvelope = check applyAsymmetricBinding(envelope, false, asymmetricBinding);
     string envelopeString = securedEnvelope.toString();
     byte[] signedData = check getSignatureData(securedEnvelope);
     Error? validity = check verifyData((envelope/<soap:Body>/*).toString().toBytes(), signedData,