/**
* Licensed to the Austrian Association for Software Tool Integration (AASTI)
* under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright
* ownership. The AASTI licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.openengsb.core.services;
import java.util.Arrays;
import java.util.List;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Base64;
import org.openengsb.core.api.remote.MethodCallMessage;
import org.openengsb.core.api.remote.MethodResultMessage;
import org.openengsb.core.api.security.model.EncryptedMessage;
import org.openengsb.core.common.remote.FilterChain;
import org.openengsb.core.common.remote.FilterChainFactory;
import org.openengsb.core.services.filter.EncryptedJsonMessageMarshaller;
import org.openengsb.core.services.filter.JsonSecureRequestMarshallerFilter;
import org.openengsb.core.services.filter.MessageCryptoFilterFactory;
import org.openengsb.core.util.CipherUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.databind.ObjectMapper;
public class SecureJsonPortTest extends GenericSecurePortTest<String> {
private static final Logger LOGGER = LoggerFactory.getLogger(SecureJsonPortTest.class);
private ObjectMapper mapper = new ObjectMapper();
@Override
protected MethodResultMessage decryptAndDecode(String message, SecretKey sessionKey) throws Exception {
LOGGER.info("decrypting: " + new String(message));
byte[] decrypt = CipherUtils.decrypt(Base64.decodeBase64(message), sessionKey);
LOGGER.info("decoding: " + new String(decrypt));
return mapper.readValue(decrypt, MethodResultMessage.class);
}
@Override
protected String encodeAndEncrypt(MethodCallMessage secureRequest, SecretKey sessionKey) throws Exception {
byte[] content = mapper.writeValueAsBytes(secureRequest);
LOGGER.info("encrypting: " + new String(content));
byte[] encryptedContent = CipherUtils.encrypt(content, sessionKey);
EncryptedMessage encryptedMessage = new EncryptedMessage();
encryptedMessage.setEncryptedContent(encryptedContent);
byte[] encryptedKey = CipherUtils.encrypt(sessionKey.getEncoded(), serverPublicKey);
encryptedMessage.setEncryptedKey(encryptedKey);
return mapper.writeValueAsString(encryptedMessage);
}
@Override
protected String manipulateMessage(String encryptedRequest) {
return encryptedRequest.replaceAll("a", "b");
}
@Override
protected FilterChain getSecureRequestHandlerFilterChain() {
FilterChainFactory<String, String> factory = new FilterChainFactory<String, String>(String.class, String.class);
List<Object> asList =
Arrays.asList(
EncryptedJsonMessageMarshaller.class,
new MessageCryptoFilterFactory(privateKeySource, "AES"),
JsonSecureRequestMarshallerFilter.class,
filterTop.create());
factory.setFilters(asList);
return factory.create();
}
}