From 902844feeea46ae121bac4d6f4127613ef2cc750 Mon Sep 17 00:00:00 2001 From: Nuvindu Date: Sun, 15 Oct 2023 22:29:53 +0530 Subject: [PATCH] Apply suggestions from the review --- ballerina/modules/soap11/soap11.bal | 5 +-- .../soap11/tests/http_soap_service.bal | 32 ++++++++++--------- ballerina/modules/soap12/soap12.bal | 5 +-- .../soap12/tests/http_soap_service.bal | 31 +++++++++--------- ballerina/modules/wssec/encryption.bal | 12 +------ .../modules/wssec/ws_security_methods.bal | 12 +++---- ballerina/soap_utils.bal | 2 +- 7 files changed, 47 insertions(+), 52 deletions(-) diff --git a/ballerina/modules/soap11/soap11.bal b/ballerina/modules/soap11/soap11.bal index 120d5f4..5b14194 100644 --- a/ballerina/modules/soap11/soap11.bal +++ b/ballerina/modules/soap11/soap11.bal @@ -53,15 +53,16 @@ public isolated client class Client { # + path - The resource path # + return - If successful, returns the response. Else, returns an error remote isolated function sendReceive(xml|mime:Entity[] body, string action, - map headers = {}, string path = "") returns xml|mime:Entity[]|Error { + map headers = {}, string path = "") + returns xml|mime:Entity[]|Error { do { xml securedBody; - xml response; xml mimeEntity = body is xml ? body : check body[0].getXml(); lock { xml envelope = body is xml ? body.clone() : mimeEntity.clone(); securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone()); } + xml response; if body is mime:Entity[] { body[0].setXml(securedBody); response = check soap:sendReceive(body, self.soapClient, action, headers, path, false); diff --git a/ballerina/modules/soap11/tests/http_soap_service.bal b/ballerina/modules/soap11/tests/http_soap_service.bal index 57827d0..ed4e349 100644 --- a/ballerina/modules/soap11/tests/http_soap_service.bal +++ b/ballerina/modules/soap11/tests/http_soap_service.bal @@ -22,7 +22,7 @@ const crypto:KeyStore serverKeyStore = { password: KEY_PASSWORD }; crypto:PrivateKey serverPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(serverKeyStore, KEY_ALIAS, - KEY_PASSWORD); + KEY_PASSWORD); crypto:PublicKey serverPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(serverKeyStore, KEY_ALIAS); service / on new http:Listener(9090) { @@ -34,27 +34,29 @@ service / on new http:Listener(9090) { } resource function post getSamePayload(http:Request request) returns http:Response|error { - http:Response response = new; xml payload = check request.getXmlPayload(); + http:Response response = new; response.setPayload(payload); return response; } resource function post getSecuredPayload(http:Request request) returns http:Response|error { - http:Response response = new; xml payload = check request.getXmlPayload(); - xml applyOutboundConfig = check soap:applyOutboundConfig({ - verificationKey: clientPublicKey, - signatureAlgorithm: soap:RSA_SHA256, - decryptionAlgorithm: soap:RSA_ECB, - decryptionKey: serverPrivateKey - }, payload); - xml securedEnv = check soap:applySecurityPolicies({ - signatureAlgorithm: soap:RSA_SHA256, - encryptionAlgorithm: soap:RSA_ECB, - signatureKey: serverPrivateKey, - encryptionKey: clientPublicKey - }, applyOutboundConfig); + xml applyOutboundConfig = check soap:applyOutboundConfig( + { + verificationKey: clientPublicKey, + signatureAlgorithm: soap:RSA_SHA256, + decryptionAlgorithm: soap:RSA_ECB, + decryptionKey: serverPrivateKey + }, payload); + xml securedEnv = check soap:applySecurityPolicies( + { + signatureAlgorithm: soap:RSA_SHA256, + encryptionAlgorithm: soap:RSA_ECB, + signatureKey: serverPrivateKey, + encryptionKey: clientPublicKey + }, applyOutboundConfig); + http:Response response = new; response.setPayload(securedEnv); return response; } diff --git a/ballerina/modules/soap12/soap12.bal b/ballerina/modules/soap12/soap12.bal index e8ef8c9..c7b0369 100644 --- a/ballerina/modules/soap12/soap12.bal +++ b/ballerina/modules/soap12/soap12.bal @@ -53,15 +53,16 @@ public isolated client class Client { # + path - The resource path # + return - If successful, returns the response. Else, returns an error remote isolated function sendReceive(xml|mime:Entity[] body, string? action = (), - map headers = {}, string path = "") returns xml|mime:Entity[]|Error { + map headers = {}, string path = "") + returns xml|mime:Entity[]|Error { do { xml securedBody; - xml response; xml mimeEntity = body is xml ? body : check body[0].getXml(); lock { securedBody = body is xml ? check soap:applySecurityPolicies(self.inboundSecurity.clone(), body.clone()) : check soap:applySecurityPolicies(self.inboundSecurity.clone(), mimeEntity.clone()); } + xml response; if body is mime:Entity[] { body[0].setXml(securedBody); response = check soap:sendReceive(body, self.soapClient, action, headers, path); diff --git a/ballerina/modules/soap12/tests/http_soap_service.bal b/ballerina/modules/soap12/tests/http_soap_service.bal index 94a8782..5c7c6fd 100644 --- a/ballerina/modules/soap12/tests/http_soap_service.bal +++ b/ballerina/modules/soap12/tests/http_soap_service.bal @@ -34,28 +34,29 @@ service / on new http:Listener(9090) { } resource function post getSamePayload(http:Request request) returns http:Response|error { - http:Response response = new; xml payload = check request.getXmlPayload(); + http:Response response = new; response.setPayload(payload); return response; } resource function post getSecuredPayload(http:Request request) returns http:Response|error { - http:Response response = new; xml payload = check request.getXmlPayload(); - xml applyOutboundConfig = check soap:applyOutboundConfig({ - verificationKey: clientPublicKey, - signatureAlgorithm: soap:RSA_SHA256, - decryptionAlgorithm: soap:RSA_ECB, - decryptionKey: serverPrivateKey - }, payload); - - xml securedEnv = check soap:applySecurityPolicies({ - signatureAlgorithm: soap:RSA_SHA256, - encryptionAlgorithm: soap:RSA_ECB, - signatureKey: serverPrivateKey, - encryptionKey: clientPublicKey - }, applyOutboundConfig); + xml applyOutboundConfig = check soap:applyOutboundConfig( + { + verificationKey: clientPublicKey, + signatureAlgorithm: soap:RSA_SHA256, + decryptionAlgorithm: soap:RSA_ECB, + decryptionKey: serverPrivateKey + }, payload); + xml securedEnv = check soap:applySecurityPolicies( + { + signatureAlgorithm: soap:RSA_SHA256, + encryptionAlgorithm: soap:RSA_ECB, + signatureKey: serverPrivateKey, + encryptionKey: clientPublicKey + }, applyOutboundConfig); + http:Response response = new; response.setPayload(securedEnv); return response; } diff --git a/ballerina/modules/wssec/encryption.bal b/ballerina/modules/wssec/encryption.bal index a2cbc82..9a65007 100644 --- a/ballerina/modules/wssec/encryption.bal +++ b/ballerina/modules/wssec/encryption.bal @@ -24,18 +24,8 @@ isolated class Encryption { self.nativeEncryption = newEncryption(); } - isolated function encryptData(string dataString, EncryptionAlgorithm encryptionAlgorithm, - crypto:PublicKey|crypto:PrivateKey key) returns byte[]|Error { - byte[] data = dataString.toBytes(); - do { - return check crypto:encryptRsaEcb(data, key); - } on fail var e { - return error(e.message()); - } - } - public isolated function decryptData(byte[] cipherText, EncryptionAlgorithm encryptionAlgorithm, - crypto:PublicKey|crypto:PrivateKey key) returns byte[]|Error { + crypto:PublicKey|crypto:PrivateKey key) returns byte[]|Error { do { return check crypto:decryptRsaEcb(cipherText, key); } on fail var e { diff --git a/ballerina/modules/wssec/ws_security_methods.bal b/ballerina/modules/wssec/ws_security_methods.bal index 9d690e9..fbb4e47 100644 --- a/ballerina/modules/wssec/ws_security_methods.bal +++ b/ballerina/modules/wssec/ws_security_methods.bal @@ -136,7 +136,8 @@ public isolated function applyUsernameToken(xml envelope, *UsernameTokenConfig u # + envelope - The SOAP envelope # + symmetricBinding - The `SymmetricBindingConfig` record with the required parameters # + return - A `xml` type of SOAP envelope if the security binding is successfully added or else `wssec:Error` -public isolated function applySymmetricBinding(xml envelope, *SymmetricBindingConfig symmetricBinding) returns xml|Error { +public isolated function applySymmetricBinding(xml envelope, *SymmetricBindingConfig symmetricBinding) + returns xml|crypto:Error|Error { Document document = check new (envelope); WSSecurityHeader wsSecurityHeader = check addSecurityHeader(document); string securedEnvelope = envelope.toBalString(); @@ -153,8 +154,8 @@ public isolated function applySymmetricBinding(xml envelope, *SymmetricBindingCo } if encryptionAlgorithm is EncryptionAlgorithm { Encryption encryption = check new (); - byte[] encryptData = check encryption.encryptData((envelope//*).toString(), encryptionAlgorithm - , symmetricBinding.symmetricKey); + byte[] encryptData = check crypto:encryptRsaEcb((envelope//*).toString().toBytes(), + symmetricBinding.symmetricKey); Encryption encryptionResult = check addEncryption(encryption, encryptionAlgorithm, encryptData); WsSecurity wsSecurity = new; securedEnvelope = check wsSecurity.applyEncryptionOnlyPolicy(wsSecurityHeader, encryptionResult); @@ -169,7 +170,7 @@ public isolated function applySymmetricBinding(xml envelope, *SymmetricBindingCo # + envelope - The SOAP envelope # + asymmetricBinding - The `AsymmetricBindingConfig` record with the required parameters # + return - A `xml` type of SOAP envelope if the security binding is successfully added or else `wssec:Error` -public isolated function applyAsymmetricBinding(xml envelope, *AsymmetricBindingConfig asymmetricBinding) returns xml|Error { +public isolated function applyAsymmetricBinding(xml envelope, *AsymmetricBindingConfig asymmetricBinding) returns xml|crypto:Error|Error { Document document = check new (envelope); WSSecurityHeader wsSecurityHeader = check addSecurityHeader(document); string securedEnvelope = envelope.toBalString(); @@ -194,8 +195,7 @@ public isolated function applyAsymmetricBinding(xml envelope, *AsymmetricBinding if encryptionKey !is crypto:PublicKey { return error Error("Encryption key cannot be nil"); } - byte[] encryptData = check encryption.encryptData((envelope//*).toString(), encryptionAlgorithm, - encryptionKey); + byte[] encryptData = check crypto:encryptRsaEcb((envelope//*).toString().toBytes(), encryptionKey); Encryption encryptionResult = check addEncryption(encryption, encryptionAlgorithm, encryptData); WsSecurity wsSecurity = new; securedEnvelope = check wsSecurity.applyEncryptionOnlyPolicy(wsSecurityHeader, encryptionResult); diff --git a/ballerina/soap_utils.bal b/ballerina/soap_utils.bal index 182ae98..c26f089 100644 --- a/ballerina/soap_utils.bal +++ b/ballerina/soap_utils.bal @@ -42,7 +42,7 @@ public isolated function getReadOnlyClientConfig(ClientConfig original) returns } external; public isolated function applySecurityPolicies(wssec:InboundSecurityConfig|wssec:InboundSecurityConfig[] security, - xml envelope) returns xml|wssec:Error { + xml envelope) returns xml|crypto:Error|wssec:Error { if security is wssec:TimestampTokenConfig { return wssec:applyTimestampToken(envelope, security); } else if security is wssec:UsernameTokenConfig {