diff --git a/ballerina/modules/soap11/tests/http_secured_service.bal b/ballerina/modules/soap11/tests/http_secured_service.bal
index 4b04cb7..1b0696f 100644
--- a/ballerina/modules/soap11/tests/http_secured_service.bal
+++ b/ballerina/modules/soap11/tests/http_secured_service.bal
@@ -18,11 +18,7 @@ import ballerina/http;
service / on new http:Listener(9091) {
- resource function post .() returns xml|error {
- return xml `soap:MustUnderstandSystem.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
- at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
- at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
- at System.Web.Services.Protocols.WebServiceHandler.Invoke()
- at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()`;
+ resource function post .(http:Request request) returns xml|error {
+ return check request.getXmlPayload();
}
}
diff --git a/ballerina/modules/soap11/tests/soap11_client_test.bal b/ballerina/modules/soap11/tests/soap11_client_test.bal
index 979a908..872d173 100644
--- a/ballerina/modules/soap11/tests/soap11_client_test.bal
+++ b/ballerina/modules/soap11/tests/soap11_client_test.bal
@@ -32,6 +32,10 @@ const string X509_KEY_STORE_PATH_2 = "modules/wssec/tests/resources/x509_certifi
const wssec:TransportBindingConfig TRANSPORT_BINDING = "TransportBinding";
const wssec:NoPolicy NO_POLICY = "NoPolicy";
+const KEY_STORE_PATH_2 = "modules/wssec/tests/resources/keystore.jks";
+const ALIAS = "mykey";
+const PASSWORD = "password";
+
const crypto:KeyStore clientKeyStore = {
path: X509_KEY_STORE_PATH_2,
password: KEY_PASSWORD
@@ -326,38 +330,6 @@ function testSendReceiveError() returns error? {
test:assertEquals((response).message(), SOAP_ERROR);
}
-@test:Config {
- groups: ["soap11", "send_receive"]
-}
-function testSendReceiveWithTimestampTokenSecurity() returns error? {
- Client soapClient = check new ("http://localhost:9091",
- {
- outboundSecurity: [
- {
- timeToLive: 600
- }
- ]
- }
- );
- xml body = xml `
-
-
- 2
- 3
-
-
- `;
- xml response = check soapClient->sendReceive(body, "http://tempuri.org/Add");
- xml expected = xml `soap:MustUnderstandSystem.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
- at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
- at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
- at System.Web.Services.Protocols.WebServiceHandler.Invoke()
- at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()`;
- test:assertEquals(response.toString(), expected.toString());
-}
-
@test:Config {
groups: ["soap11", "send_receive"]
}
@@ -372,7 +344,7 @@ function testSendReceiveWithUsernameTokenSecurity() returns error? {
inboundSecurity: {}
}
);
- xml body = xml `
@@ -382,43 +354,33 @@ function testSendReceiveWithUsernameTokenSecurity() returns error? {
`;
- xml response = check soapClient->sendReceive(body, "http://tempuri.org/Add");
- xml expected = xml `soap:MustUnderstandSystem.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
- at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
- at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
- at System.Web.Services.Protocols.WebServiceHandler.Invoke()
- at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()`;
- test:assertEquals(response.toString(), expected.toString());
+ xml response = check soapClient->sendReceive(envelope, "http://tempuri.org/Add");
+ xmlns "http://schemas.xmlsoap.org/soap/envelope" as soap11;
+ error? assertUsernameToken = soap:assertUsernameToken(response.toString(), "user", "password", soap:TEXT, (envelope//*).toString());
+ test:assertTrue(assertUsernameToken !is error);
}
@test:Config {
- groups: ["soap11", "send_receive"]
+ groups: ["soap11", "send_receive", "new"]
}
function testSendReceiveWithAsymmetricBindingSecurity() returns error? {
- crypto:KeyStore serverKeyStore = {
- path: X509_KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
-
- crypto:PublicKey serverPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(serverKeyStore, KEY_ALIAS);
-
- crypto:KeyStore clientKeyStore = {
- path: X509_KEY_STORE_PATH_2,
- password: KEY_PASSWORD
- };
- crypto:PrivateKey clientPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(clientKeyStore, KEY_ALIAS, KEY_PASSWORD);
-
Client soapClient = check new ("http://localhost:9091",
{
outboundSecurity: {
- signatureAlgorithm: soap:RSA_SHA256,
- encryptionAlgorithm: soap:RSA_ECB,
- signatureKey: clientPrivateKey,
- encryptionKey: serverPublicKey
+ signatureConfig: {
+ keystore: {
+ path: KEY_STORE_PATH_2,
+ password: PASSWORD
+ },
+ privateKeyAlias: ALIAS,
+ privateKeyPassword: PASSWORD,
+ signatureAlgorithm: wssec:RSA_SHA512,
+ canonicalizationAlgorithm: wssec:C14N_EXCL_OMIT_COMMENTS,
+ digestAlgorithm: wssec:SHA512
+ }
}
}
);
-
xml body = xml `
@@ -430,57 +392,14 @@ function testSendReceiveWithAsymmetricBindingSecurity() returns error? {
`;
xml response = check soapClient->sendReceive(body, "http://tempuri.org/Add");
- xml expected = xml `soap:MustUnderstandSystem.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
- at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
- at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
- at System.Web.Services.Protocols.WebServiceHandler.Invoke()
- at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()`;
- test:assertEquals(response.toString(), expected.toString());
-}
-
-@test:Config {
- groups: ["soap11", "send_receive"]
-}
-function testSendReceiveWithSymmetricBindingSecurity() returns error? {
- crypto:KeyStore serverKeyStore = {
- path: X509_KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
- crypto:PublicKey serverPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(serverKeyStore, KEY_ALIAS);
-
- crypto:KeyStore keyStore = {
- path: KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
- crypto:PrivateKey symmetricKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, KEY_ALIAS, KEY_PASSWORD);
-
- Client soapClient = check new ("http://localhost:9091",
- {
- outboundSecurity: {
- signatureAlgorithm: soap:RSA_SHA256,
- encryptionAlgorithm: soap:RSA_ECB,
- symmetricKey: symmetricKey,
- servicePublicKey: serverPublicKey
- }
+ wssec:InboundConfig inboundConfig = {
+ keystore: {
+ path: KEY_STORE_PATH_2,
+ password: PASSWORD
}
- );
- xml body = xml `
-
-
- 2
- 3
-
-
- `;
- xml response = check soapClient->sendReceive(body, "http://tempuri.org/Add");
- xml expected = xml `soap:MustUnderstandSystem.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
- at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
- at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
- at System.Web.Services.Protocols.WebServiceHandler.Invoke()
- at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()`;
- test:assertEquals(response.toString(), expected.toString());
+ };
+ boolean verifySignature = check wssec:verifySignature(response, inboundConfig);
+ test:assertTrue(verifySignature);
}
@test:Config {
diff --git a/ballerina/modules/soap12/soap12.bal b/ballerina/modules/soap12/soap12.bal
index c136669..4bfc77f 100644
--- a/ballerina/modules/soap12/soap12.bal
+++ b/ballerina/modules/soap12/soap12.bal
@@ -64,7 +64,7 @@ public isolated client class Client {
} external;
isolated function generateResponse(xml|mime:Entity[] body, string? action = (),
- map headers = {}, string path = "")
+ map headers = {}, string path = "")
returns xml|mime:Entity[]|Error {
do {
xml securedBody;
diff --git a/ballerina/modules/soap12/tests/http_secured_service.bal b/ballerina/modules/soap12/tests/http_secured_service.bal
index 13ca84a..1159b35 100644
--- a/ballerina/modules/soap12/tests/http_secured_service.bal
+++ b/ballerina/modules/soap12/tests/http_secured_service.bal
@@ -18,12 +18,7 @@ import ballerina/http;
service / on new http:Listener(9091) {
- resource function post .() returns xml|error {
- return xml `soap:SenderSystem.Web.Services.Protocols.SoapException: Unable to handle request without a valid action parameter. Please supply a valid soap action.
- at System.Web.Services.Protocols.Soap12ServerProtocolHelper.RouteRequest()
- at System.Web.Services.Protocols.SoapServerProtocol.RouteRequest(SoapServerMessage message)
- at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
- at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
- at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)`;
+ resource function post .(http:Request request) returns xml|error {
+ return check request.getXmlPayload();
}
}
diff --git a/ballerina/modules/soap12/tests/soap12_client_test.bal b/ballerina/modules/soap12/tests/soap12_client_test.bal
index 84c0fa0..66ee57c 100644
--- a/ballerina/modules/soap12/tests/soap12_client_test.bal
+++ b/ballerina/modules/soap12/tests/soap12_client_test.bal
@@ -32,6 +32,10 @@ const X509_KEY_STORE_PATH_2 = "modules/wssec/tests/resources/x509_certificate_2.
const wssec:TransportBindingConfig TRANSPORT_BINDING = "TransportBinding";
const wssec:NoPolicy NO_POLICY = "NoPolicy";
+const KEY_STORE_PATH_2 = "modules/wssec/tests/resources/keystore.jks";
+const ALIAS = "mykey";
+const PASSWORD = "password";
+
const crypto:KeyStore clientKeyStore = {
path: X509_KEY_STORE_PATH_2,
password: KEY_PASSWORD
@@ -359,40 +363,6 @@ function testSendReceiveError() returns error? {
test:assertEquals((response).message(), SOAP_ERROR);
}
-@test:Config {
- groups: ["soap12", "send_receive"]
-}
-function testSendReceiveWithTimestampTokenSecurity() returns error? {
- Client soapClient = check new ("http://localhost:9091",
- {
- outboundSecurity: [
- {
- timeToLive: 600
- }
- ]
- }
- );
- xml body = xml `
-
-
- 2
- 3
-
-
- `;
- xml response = check soapClient->sendReceive(body);
- xml expected = xml `soap:SenderSystem.Web.Services.Protocols.SoapException: Unable to handle request without a valid action parameter. Please supply a valid soap action.
- at System.Web.Services.Protocols.Soap12ServerProtocolHelper.RouteRequest()
- at System.Web.Services.Protocols.SoapServerProtocol.RouteRequest(SoapServerMessage message)
- at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
- at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
- at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)`;
-
- test:assertEquals(response.toString(), expected.toString());
-}
-
@test:Config {
groups: ["soap12", "send_receive"]
}
@@ -407,7 +377,7 @@ function testSendReceiveWithUsernameTokenSecurity() returns error? {
inboundSecurity: {}
}
);
- xml body = xml `
@@ -417,109 +387,53 @@ function testSendReceiveWithUsernameTokenSecurity() returns error? {
`;
- xml response = check soapClient->sendReceive(body);
- xml expected = xml `soap:SenderSystem.Web.Services.Protocols.SoapException: Unable to handle request without a valid action parameter. Please supply a valid soap action.
- at System.Web.Services.Protocols.Soap12ServerProtocolHelper.RouteRequest()
- at System.Web.Services.Protocols.SoapServerProtocol.RouteRequest(SoapServerMessage message)
- at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
- at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
- at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)`;
-
- test:assertEquals(response.toString(), expected.toString());
+ xml response = check soapClient->sendReceive(envelope);
+ xmlns "http://www.w3.org/2003/05/soap-envelope" as soap12;
+ error? assertUsernameToken = soap:assertUsernameToken(response.toString(), "user", "password", soap:TEXT, (envelope//*).toString());
+ test:assertTrue(assertUsernameToken !is error);
}
@test:Config {
- groups: ["soap12", "send_receive"]
+ groups: ["soap12", "send_receive", "new"]
}
function testSendReceiveWithAsymmetricBindingSecurity() returns error? {
- crypto:KeyStore serverKeyStore = {
- path: X509_KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
-
- crypto:PublicKey serverPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(serverKeyStore, KEY_ALIAS);
-
- crypto:KeyStore clientKeyStore = {
- path: X509_KEY_STORE_PATH_2,
- password: KEY_PASSWORD
- };
- crypto:PrivateKey clientPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(clientKeyStore, KEY_ALIAS, KEY_PASSWORD);
-
+ xml envelope = xml
+ `
+
+
+ 2
+ 3
+
+
+ `;
Client soapClient = check new ("http://localhost:9091",
{
outboundSecurity: {
- signatureAlgorithm: soap:RSA_SHA256,
- encryptionAlgorithm: soap:RSA_ECB,
- signatureKey: clientPrivateKey,
- encryptionKey: serverPublicKey
+ signatureConfig: {
+ keystore: {
+ path: KEY_STORE_PATH_2,
+ password: PASSWORD
+ },
+ privateKeyAlias: ALIAS,
+ privateKeyPassword: PASSWORD,
+ signatureAlgorithm: wssec:RSA_SHA512,
+ canonicalizationAlgorithm: wssec:C14N_EXCL_OMIT_COMMENTS,
+ digestAlgorithm: wssec:SHA512
+ }
}
}
);
- xml body = xml `
-
-
- 2
- 3
-
-
- `;
- xml response = check soapClient->sendReceive(body);
- xml expected = xml `soap:SenderSystem.Web.Services.Protocols.SoapException: Unable to handle request without a valid action parameter. Please supply a valid soap action.
- at System.Web.Services.Protocols.Soap12ServerProtocolHelper.RouteRequest()
- at System.Web.Services.Protocols.SoapServerProtocol.RouteRequest(SoapServerMessage message)
- at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
- at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
- at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)`;
-
- test:assertEquals(response.toString(), expected.toString());
-}
-
-@test:Config {
- groups: ["soap12", "send_receive"]
-}
-function testSendReceiveWithSymmetricBindingSecurity() returns error? {
- crypto:KeyStore serverKeyStore = {
- path: X509_KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
- crypto:PublicKey serverPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(serverKeyStore, KEY_ALIAS);
-
- crypto:KeyStore keyStore = {
- path: KEY_STORE_PATH,
- password: KEY_PASSWORD
- };
- crypto:PrivateKey symmetricKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, KEY_ALIAS, KEY_PASSWORD);
-
- Client soapClient = check new ("http://localhost:9091",
- {
- outboundSecurity: {
- signatureAlgorithm: soap:RSA_SHA256,
- encryptionAlgorithm: soap:RSA_ECB,
- symmetricKey: symmetricKey,
- servicePublicKey: serverPublicKey
- }
+ xml response = check soapClient->sendReceive(envelope);
+ wssec:InboundConfig inboundConfig = {
+ keystore: {
+ path: KEY_STORE_PATH_2,
+ password: PASSWORD
}
- );
- xml body = xml `
-
-
- 2
- 3
-
-
- `;
- xml response = check soapClient->sendReceive(body);
- xml expected = xml `soap:SenderSystem.Web.Services.Protocols.SoapException: Unable to handle request without a valid action parameter. Please supply a valid soap action.
- at System.Web.Services.Protocols.Soap12ServerProtocolHelper.RouteRequest()
- at System.Web.Services.Protocols.SoapServerProtocol.RouteRequest(SoapServerMessage message)
- at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
- at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
- at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)`;
- test:assertEquals(response.toString(), expected.toString());
+ };
+ boolean verifySignature = check wssec:verifySignature(response, inboundConfig);
+ test:assertTrue(verifySignature);
}
@test:Config {
diff --git a/ballerina/modules/wssec/records.bal b/ballerina/modules/wssec/records.bal
index 03d6977..a3bdb42 100644
--- a/ballerina/modules/wssec/records.bal
+++ b/ballerina/modules/wssec/records.bal
@@ -18,7 +18,7 @@ import ballerina/crypto;
# Union type of all the inbound web service security configurations.
public type OutboundSecurityConfig NoPolicy|UsernameTokenConfig|TimestampTokenConfig|SymmetricBindingConfig
- |AsymmetricBindingConfig|TransportBindingConfig;
+ |AsymmetricBindingConfig|TransportBindingConfig|AsymmetricConfig;
# Represents the record for outbound security configurations to verify and decrypt SOAP envelopes.
#
diff --git a/ballerina/modules/wssec/tests/resources/keystore.p12 b/ballerina/modules/wssec/tests/resources/keystore.p12
new file mode 100644
index 0000000..d2fae6e
Binary files /dev/null and b/ballerina/modules/wssec/tests/resources/keystore.p12 differ
diff --git a/ballerina/modules/wssec/tests/resources/keystoretest.jks b/ballerina/modules/wssec/tests/resources/keystoretest.jks
new file mode 100644
index 0000000..d6d1618
Binary files /dev/null and b/ballerina/modules/wssec/tests/resources/keystoretest.jks differ
diff --git a/ballerina/modules/wssec/tests/resources/mykeystore.jks b/ballerina/modules/wssec/tests/resources/mykeystore.jks
new file mode 100644
index 0000000..9ab60ef
Binary files /dev/null and b/ballerina/modules/wssec/tests/resources/mykeystore.jks differ
diff --git a/ballerina/modules/wssec/tests/resources/private_key1.pem b/ballerina/modules/wssec/tests/resources/private_key1.pem
new file mode 100644
index 0000000..642ceb9
--- /dev/null
+++ b/ballerina/modules/wssec/tests/resources/private_key1.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: mykey
+ localKeyID: 54 69 6D 65 20 31 37 32 38 32 32 31 33 34 37 35 35 38
+Key Attributes:
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7rrO9u6/H4Vbo
+CxbsWX7eF/Kbjhzjx61zd2gIot4t+/e7j4R/4Hejn9+cgB++NY3uHtJ5wlVYtSDn
+5XJOXwjyNClqv8adBCkiCiwGClzgd+pUk6w+8ObbCgT7NZzVU7oh6LNpzYZXYsr4
+FkPrtRwopksO1pFGMJtDxWEkUAIj/NjscwgTmZJ+Tt2ISWx8Vv0h3rYVSyLqHdgj
+Il/WFAPMbHgiPL2lqWRK7/sOUqtn+hHuj2W+T1rzSf70642Ng++DHKwiGc+N33AM
+XyvH0qkhCBytC1Bd6JeWwZaonZKkdWj/4qhWhLcKGxJWrMDLIDhEo/I2aB4DUgAE
+FgkvGaUNAgMBAAECggEALm7cfTZwGM2BSMtlknfZ0WyvUxjnwNrn6MdD788LlOjf
+s4GgUFrifpLRKdDxCYgKYz0w6XrQzq+RQo4bp5QPjIynKofjxXkADDHkDmKF8+r3
+CJG4baIAG3TxIo1zDbw3Mqh1qtl0QS5p9NLdXvVh0BTEQRmIu4rO/wdYLzm0Ld61
+nnB8TCxdgniJfFyHP86bZuOOtFT2X7FpDxP+4UMZzR+9rjvfFezuCZin8Gf4oq18
+Yf+6evBYSIPwAlAm9QbM5iwLREdVbAceNe1/utrIIl//OAH10DOzYGrLpLH2/D7v
+aYjWT8FlCt5Yspsv50W1m8f44xn+cpdVDsFzEt73QQKBgQDJtd8QCjohjNzViKn/
+LN43EYuvDH2tal+vg2lOrz8OcQDHiz8DFJzoxAwoSwcwcN+JPOVIJqKov+ztgVYq
+S1+9lK+6Gv4JasTcypPMCLN27bchp7KsZCBu2wHdr8sp19+vfEu1X48Ubb0fkX/c
+4huiAV1wjaaa+nmOpcA4/oo+VQKBgQDuMkgjqqEgsO56vM3iRM0A9stgVnUP3yyC
+vSL6pgblwROLO913l/bKDV5B1hXAFBcLLlTRGdMbVzNgnNpdZdwKkfufQfWyMKx1
+z2SoRlxgwlxrBtfmunHdMqLT+piwwuRLlbYWSmyDL9ghDEo/22oAHn57rJAZlmlb
+tHB/waCT2QKBgQClu+HD9CM/XdY1PU0wdVVAOhJjigfZbQWh2H+2Pxe4bfEOA8OK
+bG1gc3TpxnvpuVRyFq7tUZFkxg2OOC7sIXJQ+tJIP9VrN2b5Yxl9E8khdsB5zqho
+LPzZGOm3lLGBd/Y64g3ywMl3J5O1VH+SpdW+jxCPYlP6EsO+CUKfkcVU4QKBgQDm
+96Kz0vRCes4D/ae1y/jtAmHanHsOVN0YOMX+PZdamYmV7QqmuJf4/FV1iV21zsU5
+dkeQKnZlgHy1JeMnxWlEZqGSn6bajg/sfJmiAff5av2qWgxoEknurvbsjYYZgCFW
+mWji3G+0FWSBRyWIHf3+95K14XIpHYwz/BdKCjrmoQKBgDwoPA5+foz6BH/Ut/KV
+Hj+zqrJO8M0p4Ys4/+vB7r4Mcin8hcdY920dYxPmkmz2pMEnplOas8GZUzE/KyX5
+wOSNzobJN+Rj3q851+u1fgl/vO78nXod2e9tvojXVz9a8EW23i17fsRt9221Nfdv
+6RlOnqnMghUgVz8D7irlWLnD
+-----END PRIVATE KEY-----
diff --git a/ballerina/modules/wssec/tests/ws_security_tests.bal b/ballerina/modules/wssec/tests/ws_security_tests.bal
index dcdc4eb..8973f66 100644
--- a/ballerina/modules/wssec/tests/ws_security_tests.bal
+++ b/ballerina/modules/wssec/tests/ws_security_tests.bal
@@ -636,8 +636,20 @@ function testAsymmetricBindingWithSignatureWithRsaSha1() returns error? {
groups: ["username_token", "signature", "asymmetric_binding", "new"]
}
function testAsymmetricBindingWithSignatureWithRsaSha512() returns error? {
- xml envelope = check io:fileReadXml(SOAP_ENVELOPE_PATH);
- xmlns "http://schemas.xmlsoap.org/soap/envelope/" as soap;
+ xml envelope = xml `
+
+
+
+
+
+
+ 2
+ 3
+
+
+ `;
AsymmetricConfig asymmetricConfig = {
signatureConfig: {
@@ -652,7 +664,7 @@ function testAsymmetricBindingWithSignatureWithRsaSha512() returns error? {
digestAlgorithm: SHA512
}
};
- xml securedEnvelope = check applyAsymmetricConfigurations(envelope, false, asymmetricConfig);
+ xml securedEnvelope = check applyAsymmetricConfigurations(envelope, true, asymmetricConfig);
string envelopeString = securedEnvelope.toString();
InboundConfig inboundConfig = {
keystore: {
diff --git a/ballerina/modules/wssec/ws_security.bal b/ballerina/modules/wssec/ws_security.bal
index aa81f0a..cc5b0fd 100644
--- a/ballerina/modules/wssec/ws_security.bal
+++ b/ballerina/modules/wssec/ws_security.bal
@@ -32,18 +32,18 @@ isolated class WsSecurity {
'class: "org.wssec.WsSecurity"
} external;
- isolated function applySignatureOnly(Document soapEnvelope, SignatureConfig signatureConfig)
+ isolated function applySignatureOnly(Document soapEnvelope, boolean soap12, SignatureConfig signatureConfig)
returns string|Error = @java:Method {
'class: "org.wssec.WsSecurity"
} external;
- isolated function applyEncryptionOnly(Document soapEnvelope, EncryptionConfig encryptionConfig)
+ isolated function applyEncryptionOnly(Document soapEnvelope, boolean soap12, EncryptionConfig encryptionConfig)
returns string|Error = @java:Method {
'class: "org.wssec.WsSecurity"
} external;
- isolated function applySignatureAndEncryption(Document soapEnvelope, SignatureConfig signatureConfig,
- EncryptionConfig encryptionConfig)
+ isolated function applySignatureAndEncryption(Document soapEnvelope, boolean soap12,
+ SignatureConfig signatureConfig, EncryptionConfig encryptionConfig)
returns string|Error = @java:Method {
'class: "org.wssec.WsSecurity"
} external;
diff --git a/ballerina/modules/wssec/ws_security_methods.bal b/ballerina/modules/wssec/ws_security_methods.bal
index 4d7064e..fdf12ac 100644
--- a/ballerina/modules/wssec/ws_security_methods.bal
+++ b/ballerina/modules/wssec/ws_security_methods.bal
@@ -261,11 +261,12 @@ public isolated function applyAsymmetricConfigurations(xml envelope, boolean soa
EncryptionConfig? encryptionConfig = asymmetricBinding.encryptionConfig;
string securedEnvelope = envelope.toString();
if signatureConfig !is () && encryptionConfig !is () {
- securedEnvelope = check wsSecurity.applySignatureAndEncryption(document, signatureConfig, encryptionConfig);
+ securedEnvelope = check wsSecurity
+ .applySignatureAndEncryption(document, soap12, signatureConfig, encryptionConfig);
} else if signatureConfig !is () {
- securedEnvelope = check wsSecurity.applySignatureOnly(document, signatureConfig);
+ securedEnvelope = check wsSecurity.applySignatureOnly(document, soap12, signatureConfig);
} else if encryptionConfig !is () {
- securedEnvelope = check wsSecurity.applyEncryptionOnly(document, encryptionConfig);
+ securedEnvelope = check wsSecurity.applyEncryptionOnly(document, soap12, encryptionConfig);
}
return convertStringToXml(securedEnvelope);
}
diff --git a/ballerina/soap_utils.bal b/ballerina/soap_utils.bal
index cad6653..e1efaa1 100644
--- a/ballerina/soap_utils.bal
+++ b/ballerina/soap_utils.bal
@@ -51,6 +51,8 @@ public isolated function applySecurityPolicies(wssec:OutboundSecurityConfig|wsse
return wssec:applyUsernameToken(envelope, security);
} else if security is wssec:SymmetricBindingConfig {
return wssec:applySymmetricBinding(envelope, soap12, security);
+ } else if security is wssec:AsymmetricConfig {
+ return wssec:applyAsymmetricConfigurations(envelope, soap12, security);
} else if security is wssec:AsymmetricBindingConfig {
return wssec:applyAsymmetricBinding(envelope, soap12, security);
} else if security is wssec:OutboundSecurityConfig {
diff --git a/native/src/main/java/org/wssec/WsSecurity.java b/native/src/main/java/org/wssec/WsSecurity.java
index 024668f..32a28f3 100644
--- a/native/src/main/java/org/wssec/WsSecurity.java
+++ b/native/src/main/java/org/wssec/WsSecurity.java
@@ -195,7 +195,8 @@ public static BMap getReadOnlyClientConfig(BMap securityConfig) {
return securityConfig;
}
- public static Object applySignatureOnly(BObject documentBuilder, BMap signatureConfig) {
+ public static Object applySignatureOnly(BObject documentBuilder, Boolean soap12, BMap signatureConfig) {
Document document = (Document) documentBuilder.getNativeData(NATIVE_DOCUMENT);
BMap keyStore = (BMap) signatureConfig
.getMapValue(StringUtils.fromString("keystore"));
@@ -208,7 +209,7 @@ public static Object applySignatureOnly(BObject documentBuilder, BMap config) {
try {
Document document = (Document) documentBuilder.getNativeData(NATIVE_DOCUMENT);
@@ -326,7 +327,7 @@ public static Object applyEncryptionOnly(BObject documentBuilder,
String path = keyStore.get(StringUtils.fromString("path")).toString();
String password = keyStore.get(StringUtils.fromString("password")).toString();
String publicKeyAlias = config.get(StringUtils.fromString("publicKeyAlias")).toString();
- validateSoapHeader(document);
+ validateSoapHeader(soap12, document);
WSSecHeader secHeader = new WSSecHeader(document);
secHeader.insertSecurityHeader();
WSSecEncrypt encrypt = new WSSecEncrypt(secHeader);
@@ -347,7 +348,8 @@ public static Object applyEncryptionOnly(BObject documentBuilder,
}
}
- public static Object applySignatureAndEncryption(BObject documentBuilder, BMap signatureConfig,
+ public static Object applySignatureAndEncryption(BObject documentBuilder, Boolean soap12,
+ BMap signatureConfig,
BMap encryptionConfig) {
try {
Document document = (Document) documentBuilder.getNativeData(NATIVE_DOCUMENT);
@@ -362,7 +364,7 @@ public static Object applySignatureAndEncryption(BObject documentBuilder, BMap