You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by hu...@apache.org on 2022/09/01 14:12:51 UTC
[santuario-xml-security-java] branch main created (now eee3340d)
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
at eee3340d SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
This branch includes the following new commits:
new eee3340d SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[santuario-xml-security-java] 01/01: SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit eee3340d310c0c69f79334b7ab2382ecf0264cae
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Thu Sep 1 14:42:02 2022 +0100
SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
* SANTUARIO-593 - Remove here() function support from Apache Santuario
* Adding Baltimore23XalanTest
---
pom.xml | 3 +-
.../transforms/implementations/TransformXPath.java | 7 +-
.../implementations/TransformXPath2Filter.java | 7 +-
.../apache/xml/security/utils/XPathFactory.java | 32 +-
.../xml/crypto/test/dsig/Baltimore23Test.java | 27 -
.../xml/crypto/test/dsig/Baltimore23XalanTest.java | 99 +++
.../xml/crypto/test/dsig/PhaosXMLDSig3Test.java | 8 -
.../crypto/test/dsig/PhaosXMLDSig3XalanTest.java | 78 +++
.../security/test/dom/interop/BaltimoreTest.java | 56 --
.../test/dom/interop/BaltimoreXalanTest.java | 132 ++++
.../test/dom/signature/CreateSignatureTest.java | 60 --
.../dom/signature/CreateSignatureXalanTest.java | 209 +++++++
.../xml/security/test/dom/xalan}/FuncHere.java | 8 +-
.../security/test/dom/xalan/TransformXPath.java} | 16 +-
.../test/dom/xalan/TransformXPath2Filter.java} | 17 +-
.../security/test/dom/xalan}/XalanXPathAPI.java | 19 +-
.../test/dom/xalan}/XalanXPathFactory.java | 5 +-
src/test/resources/config-xalan.xml | 682 +++++++++++++++++++++
18 files changed, 1242 insertions(+), 223 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0789aaf0..5635cfed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -627,8 +627,7 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
- <scope>provided</scope>
- <optional>true</optional>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
index c70a4a57..8b1c140f 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
@@ -29,10 +29,7 @@ import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.TransformSpi;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.XPathAPI;
-import org.apache.xml.security.utils.XPathFactory;
+import org.apache.xml.security.utils.*;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -108,7 +105,7 @@ public class TransformXPath extends TransformSpi {
}
protected XPathFactory getXPathFactory() {
- return XPathFactory.newInstance();
+ return new JDKXPathFactory();
}
/**
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
index f6669441..8ea2c784 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
@@ -34,6 +34,7 @@ import org.apache.xml.security.transforms.TransformSpi;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.JDKXPathFactory;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.XPathAPI;
import org.apache.xml.security.utils.XPathFactory;
@@ -90,7 +91,7 @@ public class TransformXPath2Filter extends TransformSpi {
inputDoc = XMLUtils.getOwnerDocument(input.getNodeSet());
}
- XPathFactory xpathFactory = XPathFactory.newInstance();
+ XPathFactory xpathFactory = getXPathFactory();
for (int i = 0; i < xpathElements.length; i++) {
Element xpathElement = xpathElements[i];
@@ -126,6 +127,10 @@ public class TransformXPath2Filter extends TransformSpi {
throw new TransformationException(ex);
}
}
+
+ protected XPathFactory getXPathFactory() {
+ return new JDKXPathFactory();
+ }
}
class XPath2NodeFilter implements NodeFilter {
diff --git a/src/main/java/org/apache/xml/security/utils/XPathFactory.java b/src/main/java/org/apache/xml/security/utils/XPathFactory.java
index ebd1504a..dc765e31 100644
--- a/src/main/java/org/apache/xml/security/utils/XPathFactory.java
+++ b/src/main/java/org/apache/xml/security/utils/XPathFactory.java
@@ -20,40 +20,10 @@ package org.apache.xml.security.utils;
/**
- * A Factory to return an XPathAPI instance. If Xalan is available it returns XalanXPathAPI. If not, then
- * it returns JDKXPathAPI.
+ * A Factory to return an XPathAPI instance.
*/
public abstract class XPathFactory {
- private static final boolean xalanInstalled;
-
- static {
- boolean installed = false;
- try {
- Class<?> funcTableClass =
- ClassLoaderUtils.loadClass("org.apache.xpath.compiler.FunctionTable", XPathFactory.class);
- if (funcTableClass != null) {
- installed = true;
- }
- } catch (Exception e) { //NOPMD
- //ignore
- }
- xalanInstalled = installed;
- }
-
- /**
- * Get a new XPathFactory instance
- */
- public static XPathFactory newInstance() {
- // Xalan is available
- if (xalanInstalled && XalanXPathAPI.isInstalled()) {
- return new XalanXPathFactory();
- }
- // Some problem was encountered in fixing up the Xalan FunctionTable so fall back to the
- // JDK implementation
- return new JDKXPathFactory();
- }
-
/**
* Get a new XPathAPI instance
*/
diff --git a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
index a792a67b..8432a2cc 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
@@ -23,9 +23,7 @@ package javax.xml.crypto.test.dsig;
import java.io.File;
-import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
-import java.security.KeyStore;
import java.security.Security;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.URIDereferencer;
@@ -219,29 +217,4 @@ public class Baltimore23Test {
assertTrue(coreValidity, "Signature failed core validation");
}
- @org.junit.jupiter.api.Test
- public void test_signature() throws Exception {
-
- //
- // This test fails with the IBM JDK
- //
- if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
- return;
- }
-
- String file = "signature.xml";
- String fs = System.getProperty("file.separator");
- String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
-
- String keystore = base + fs + "src/test/resources" + fs +
- "ie" + fs + "baltimore" + fs + "merlin-examples" + fs +
- "merlin-xmldsig-twenty-three" + fs + "certs" + fs + "xmldsig.jks";
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(new FileInputStream(keystore), "changeit".toCharArray());
-
- SignatureValidator validator = new SignatureValidator(dir);
- boolean cv = validator.validate(file, new X509KeySelector(ks, false), ud);
- assertTrue(cv, "Signature failed core validation");
- }
-
}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java
new file mode 100644
index 00000000..2bd744c0
--- /dev/null
+++ b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ */
+package javax.xml.crypto.test.dsig;
+
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import javax.xml.crypto.URIDereferencer;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+
+/**
+ * This is a testcase to validate all "merlin-xmldsig-twenty-three"
+ * testcases from Baltimore. These tests require Xalan for the here() function.
+ *
+ */
+public class Baltimore23XalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ private File dir;
+ private final URIDereferencer ud;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public Baltimore23XalanTest() {
+ String fs = System.getProperty("file.separator");
+ String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+
+ dir = new File(base + fs + "src/test/resources" + fs
+ + "ie" + fs + "baltimore" + fs + "merlin-examples",
+ "merlin-xmldsig-twenty-three");
+ ud = new LocalHttpCacheURIDereferencer();
+ }
+
+ @org.junit.jupiter.api.Test
+ public void test_signature() throws Exception {
+
+ //
+ // This test fails with the IBM JDK
+ //
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+
+ String file = "signature.xml";
+ String fs = System.getProperty("file.separator");
+ String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+
+ String keystore = base + fs + "src/test/resources" + fs +
+ "ie" + fs + "baltimore" + fs + "merlin-examples" + fs +
+ "merlin-xmldsig-twenty-three" + fs + "certs" + fs + "xmldsig.jks";
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(keystore), "changeit".toCharArray());
+
+ SignatureValidator validator = new SignatureValidator(dir);
+ boolean cv = validator.validate(file, new X509KeySelector(ks, false), ud);
+ assertTrue(cv, "Signature failed core validation");
+ }
+
+}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
index d621133f..0345d769 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
@@ -307,12 +307,4 @@ public class PhaosXMLDSig3Test {
assertTrue(coreValidity, "Signature failed core validation");
}
- @org.junit.jupiter.api.Test
- public void test_signature_rsa_xpath_transform_enveloped() throws Exception {
- String file = "signature-rsa-xpath-transform-enveloped.xml";
-
- boolean coreValidity =
- validator.validate(file, new KeySelectors.RawX509KeySelector());
- assertTrue(coreValidity, "Signature failed core validation");
- }
}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java
new file mode 100644
index 00000000..52d4888f
--- /dev/null
+++ b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ */
+package javax.xml.crypto.test.dsig;
+
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import javax.xml.crypto.test.KeySelectors;
+import java.io.File;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+
+/**
+ * This is a testcase to validate all "phaos-xmldsig-three"
+ * testcases from Phaos, that require Xalan for the here() function
+ *
+ */
+public class PhaosXMLDSig3XalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ private SignatureValidator validator;
+ private File base;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public PhaosXMLDSig3XalanTest() {
+ String fs = System.getProperty("file.separator");
+ String basedir = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ base = new File(basedir + fs + "src/test/resources" + fs +
+ "com" + fs + "phaos", "phaos-xmldsig-three");
+ validator = new SignatureValidator(base);
+ }
+
+ @org.junit.jupiter.api.Test
+ public void test_signature_rsa_xpath_transform_enveloped() throws Exception {
+ String file = "signature-rsa-xpath-transform-enveloped.xml";
+
+ boolean coreValidity =
+ validator.validate(file, new KeySelectors.RawX509KeySelector());
+ assertTrue(coreValidity, "Signature failed core validation");
+ }
+}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
index 555f041d..54362eb4 100644
--- a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
@@ -277,34 +277,6 @@ public class BaltimoreTest extends InteropTestBase {
assertTrue(verify, filename);
}
- /**
- * Method test_sixteen_external_dsa
- *
- * @throws Exception
- */
- @org.junit.jupiter.api.Test
- public void test_sixteen_external_dsa() throws Exception {
-
- String filename =
- merlinsDir16 + "/signature.xml";
- ResourceResolverSpi resolver = new OfflineResolver();
- boolean followManifests = false;
- boolean verify = false;
-
- try {
- verify = this.verify(filename, resolver, followManifests);
- } catch (RuntimeException ex) {
- LOG.error("Verification crashed for " + filename);
- throw ex;
- }
-
- if (!verify) {
- LOG.error("Verification failed for " + filename);
- }
-
- assertTrue(verify, filename);
- }
-
/**
* Method test_sixteen_bad_signature. This tests make sure that an
* invalid signature is not valid. This is validating merlin's 16
@@ -543,32 +515,4 @@ public class BaltimoreTest extends InteropTestBase {
assertTrue(verify, filename);
}
- /**
- * Method test_twenty_three_external_dsa_2
- *
- * @throws Exception
- */
- @org.junit.jupiter.api.Test
- public void test_twenty_three_external_dsa_2() throws Exception {
-
- String filename =
- merlinsDir23 + "signature.xml";
- ResourceResolverSpi resolver = new OfflineResolver();
- boolean followManifests = false;
- boolean verify = false;
-
- try {
- verify = this.verify(filename, resolver, followManifests);
- } catch (RuntimeException ex) {
- LOG.error("Verification crashed for " + filename);
- throw ex;
- }
-
- if (!verify) {
- LOG.error("Verification failed for " + filename);
- }
-
- assertTrue(verify, filename);
- }
-
}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java
new file mode 100644
index 00000000..9853b472
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.interop;
+
+import org.apache.xml.security.test.dom.utils.resolver.OfflineResolver;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+
+/**
+ * This test is to ensure interoperability with the examples provided by Merlin Huges
+ * from Baltimore using KeyTools XML. These test vectors are located in the directory
+ * <CODE>data/ie/baltimore/merlin-examples/</CODE>. These tests require Xalan for the here() function
+ *
+ * @see <A HREF="http://www.baltimore.com/keytools/xml/index.html">The KeyTools XML Website</A>
+ */
+public class BaltimoreXalanTest extends InteropTestBase {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ static org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(BaltimoreXalanTest.class);
+
+ static String merlinsDir16 =
+ "src/test/resources/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen";
+ static String merlinsDir23 =
+ "src/test/resources/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/";
+
+ static {
+ System.setProperty("org.apache.xml.security.allowUnsafeResourceResolving", "true");
+
+ String basedir = System.getProperty("basedir");
+ if(basedir != null && basedir.length() != 0) {
+ merlinsDir16 = basedir + "/" + merlinsDir16;
+ merlinsDir23 = basedir + "/" + merlinsDir23;
+ }
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ /**
+ * Constructor BaltimoreTest
+ */
+ public BaltimoreXalanTest() {
+ super();
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method test_sixteen_external_dsa
+ *
+ * @throws Exception
+ */
+ @org.junit.jupiter.api.Test
+ public void test_sixteen_external_dsa() throws Exception {
+
+ String filename =
+ merlinsDir16 + "/signature.xml";
+ ResourceResolverSpi resolver = new OfflineResolver();
+ boolean followManifests = false;
+ boolean verify = false;
+
+ try {
+ verify = this.verify(filename, resolver, followManifests);
+ } catch (RuntimeException ex) {
+ LOG.error("Verification crashed for " + filename);
+ throw ex;
+ }
+
+ if (!verify) {
+ LOG.error("Verification failed for " + filename);
+ }
+
+ assertTrue(verify, filename);
+ }
+
+ /**
+ * Method test_twenty_three_external_dsa_2
+ *
+ * @throws Exception
+ */
+ @org.junit.jupiter.api.Test
+ public void test_twenty_three_external_dsa_2() throws Exception {
+
+ String filename =
+ merlinsDir23 + "signature.xml";
+ ResourceResolverSpi resolver = new OfflineResolver();
+ boolean followManifests = false;
+ boolean verify = false;
+
+ try {
+ verify = this.verify(filename, resolver, followManifests);
+ } catch (RuntimeException ex) {
+ LOG.error("Verification crashed for " + filename);
+ throw ex;
+ }
+
+ if (!verify) {
+ LOG.error("Verification failed for " + filename);
+ }
+
+ assertTrue(verify, filename);
+ }
+
+}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
index 2cb9a799..e9e46e57 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
@@ -158,66 +158,6 @@ public class CreateSignatureTest {
}
}
- @org.junit.jupiter.api.Test
- public void testXFilter2Signature() throws Exception {
- Document doc = TestUtils.newDocument();
- doc.appendChild(doc.createComment(" Comment before "));
- Element root = doc.createElementNS("", "RootElement");
-
- doc.appendChild(root);
- root.appendChild(doc.createTextNode("Some simple text\n"));
-
- // Sign
- XMLSignature sig =
- new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
- root.appendChild(sig.getElement());
-
- Transforms transforms = new Transforms(doc);
- String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
- XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
- xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
-
- Element node = xpathC.getElement();
- transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
- sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
-
- KeyStore ks = KeyStore.getInstance("JKS");
- FileInputStream fis = null;
- if (BASEDIR != null && BASEDIR.length() != 0) {
- fis =
- new FileInputStream(BASEDIR + SEP
- + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks"
- );
- } else {
- fis =
- new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
- }
- ks.load(fis, "xmlsecurity".toCharArray());
- PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
-
- sig.sign(privateKey);
-
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- XMLUtils.outputDOMc14nWithComments(doc, bos);
- String signedDoc = new String(bos.toByteArray());
-
- // Now Verify
- try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
- doc = XMLUtils.read(is, false);
- }
-
- XPathFactory xpf = XPathFactory.newInstance();
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DSNamespaceContext());
-
- String expression = "//ds:Signature[1]";
- Element sigElement =
- (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
-
- XMLSignature signature = new XMLSignature(sigElement, "");
- assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
- }
-
@org.junit.jupiter.api.Test
public void testXPathSignature() throws Exception {
Document doc = TestUtils.newDocument();
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java
new file mode 100644
index 00000000..254e6aa2
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java
@@ -0,0 +1,209 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.signature;
+
+
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.*;
+import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.test.dom.TestUtils;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.*;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Tests that create signatures that require Xalan for the here() function
+ */
+public class CreateSignatureXalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ static org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(CreateSignatureXalanTest.class);
+
+ private static final String BASEDIR = System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private KeyPair kp;
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public CreateSignatureXalanTest() throws Exception {
+ org.apache.xml.security.Init.init();
+ kp = KeyPairGenerator.getInstance("RSA").genKeyPair();
+ }
+
+ @org.junit.jupiter.api.Test
+ public void testXFilter2Signature() throws Exception {
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ // Sign
+ XMLSignature sig =
+ new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+ root.appendChild(sig.getElement());
+
+ Transforms transforms = new Transforms(doc);
+ String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
+ XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
+ xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
+
+ Element node = xpathC.getElement();
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ FileInputStream fis = null;
+ if (BASEDIR != null && BASEDIR.length() != 0) {
+ fis =
+ new FileInputStream(BASEDIR + SEP
+ + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks"
+ );
+ } else {
+ fis =
+ new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
+ }
+ ks.load(fis, "xmlsecurity".toCharArray());
+ PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
+
+ sig.sign(privateKey);
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ String signedDoc = new String(bos.toByteArray());
+
+ // Now Verify
+ try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
+ }
+
+ private String doSign() throws Exception {
+ PrivateKey privateKey = kp.getPrivate();
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ Element canonElem =
+ XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
+ canonElem.setAttributeNS(
+ null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
+ );
+
+ SignatureAlgorithm signatureAlgorithm =
+ new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
+ XMLSignature sig =
+ new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
+
+ root.appendChild(sig.getElement());
+ doc.appendChild(doc.createComment(" Comment after "));
+ Transforms transforms = new Transforms(doc);
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ sig.addKeyInfo(kp.getPublic());
+ sig.sign(privateKey);
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ return new String(bos.toByteArray());
+ }
+
+ private void doVerify(String signedXML, int expectedObjectCount) throws Exception {
+ Document doc = null;
+ try (InputStream is = new ByteArrayInputStream(signedXML.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki == null) {
+ throw new RuntimeException("No keyinfo");
+ }
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk == null) {
+ throw new RuntimeException("No public key");
+ }
+ assertTrue(signature.checkSignatureValue(pk));
+
+ assertEquals(expectedObjectCount, signature.getObjectLength());
+ if (expectedObjectCount > 0) {
+ for (int i = 0; i < expectedObjectCount; i++) {
+ assertNotNull(signature.getObjectItem(i));
+ }
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java b/src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
similarity index 97%
rename from src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
index e7fc9a6e..fee78555 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
@@ -16,9 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.transforms.implementations;
-
-import javax.xml.transform.TransformerException;
+package org.apache.xml.security.test.dom.xalan;
import org.apache.xml.dtm.DTM;
import org.apache.xml.security.utils.I18n;
@@ -32,6 +30,8 @@ import org.apache.xpath.res.XPATHErrorResources;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
+import javax.xml.transform.TransformerException;
+
/**
* The 'here()' function returns a node-set containing the attribute or
* processing instruction node or the parent element of the text node
@@ -65,7 +65,7 @@ public class FuncHere extends Function {
*
* @param xctxt
* @return the xobject
- * @throws javax.xml.transform.TransformerException
+ * @throws TransformerException
*/
public XObject execute(XPathContext xctxt) throws TransformerException {
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
similarity index 73%
copy from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
copy to src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
index cac23a18..ae08270c 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
@@ -16,18 +16,14 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathFactory;
-/**
- * A Factory to return a XalanXPathAPI instance.
- */
-public class XalanXPathFactory extends XPathFactory {
+public class TransformXPath extends org.apache.xml.security.transforms.implementations.TransformXPath {
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new XalanXPathAPI();
+ protected XPathFactory getXPathFactory() {
+ return new XalanXPathFactory();
}
+
}
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
similarity index 64%
copy from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
copy to src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
index cac23a18..768b5081 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
@@ -16,18 +16,19 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathFactory;
/**
- * A Factory to return a XalanXPathAPI instance.
+ * Implements the <I>XML Signature XPath Filter v2.0</I>
+ *
+ * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
*/
-public class XalanXPathFactory extends XPathFactory {
+public class TransformXPath2Filter extends org.apache.xml.security.transforms.implementations.TransformXPath2Filter {
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new XalanXPathAPI();
+ protected XPathFactory getXPathFactory() {
+ return new XalanXPathFactory();
}
+
}
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
similarity index 98%
rename from src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
index bec20bc8..69b6e0fa 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
@@ -16,17 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-
-import javax.xml.transform.ErrorListener;
-import javax.xml.transform.SourceLocator;
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.transforms.implementations.FuncHere;
+import org.apache.xml.security.utils.XPathAPI;
import org.apache.xml.utils.PrefixResolver;
import org.apache.xml.utils.PrefixResolverDefault;
import org.apache.xpath.Expression;
@@ -38,6 +30,13 @@ import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import javax.xml.transform.ErrorListener;
+import javax.xml.transform.SourceLocator;
+import javax.xml.transform.TransformerException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+
/**
* An implementation of XPathAPI using Xalan. This supports the "here()" function defined in the digital
* signature spec.
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
similarity index 87%
rename from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
index cac23a18..ea0aac6c 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
@@ -16,9 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathAPI;
+import org.apache.xml.security.utils.XPathFactory;
+
/**
* A Factory to return a XalanXPathAPI instance.
*/
diff --git a/src/test/resources/config-xalan.xml b/src/test/resources/config-xalan.xml
new file mode 100644
index 00000000..06b7320f
--- /dev/null
+++ b/src/test/resources/config-xalan.xml
@@ -0,0 +1,682 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!--
+<!DOCTYPE Configuration SYSTEM "config.dtd">
+-->
+<!-- This configuration file is used for configuration of the org.apache.xml.security package -->
+<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/#configuration">
+ <CanonicalizationMethods>
+ <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments" />
+ <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments" />
+
+ <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments"/>
+ <CanonicalizationMethod URI="http://santuario.apache.org/c14n/physical"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.CanonicalizerPhysical"/>
+ </CanonicalizationMethods>
+ <TransformAlgorithms>
+ <!-- Base64 -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformBase64Decode" />
+ <!-- c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N" />
+ <!-- c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NWithComments" />
+ <!-- c14n 1.1 omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11" />
+ <!-- c14n 1.1 with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments" />
+ <!-- exclusive c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusive" />
+ <!-- exclusive c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments" />
+
+ <!-- XPath transform -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xpath-19991116"
+ JAVACLASS="org.apache.xml.security.test.dom.xalan.TransformXPath" />
+ <!-- enveloped signature -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" />
+ <!-- XSLT -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xslt-19991116"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXSLT" />
+ <!-- XPath version 2 -->
+ <TransformAlgorithm URI="http://www.w3.org/2002/06/xmldsig-filter2"
+ JAVACLASS="org.apache.xml.security.test.dom.xalan.TransformXPath2Filter" />
+ </TransformAlgorithms>
+ <SignatureAlgorithms>
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureDSA" />
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512MGF1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_224MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_256MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_384MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_512MGF1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA224" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSARIPEMD160" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512" />
+ </SignatureAlgorithms>
+ <JCEAlgorithmMappings>
+ <Algorithms>
+ <!-- MessageDigest Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
+ Description="MD5 message digest from RFC 1321"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="MD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
+ Description="RIPEMD-160 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="RIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
+ Description="SHA-1 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="REQUIRED"
+ JCEName="SHA-1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha224"
+ Description="SHA-224 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
+ Description="SHA-1 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="RECOMMENDED"
+ JCEName="SHA-256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"
+ Description="SHA message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA-384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
+ Description="SHA-1 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-512"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#whirlpool"
+ Description="WHIRLPOOL message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="WHIRLPOOL"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224"
+ Description="SHA-3 message digest with 224 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-224"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256"
+ Description="SHA-3 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-256"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384"
+ Description="SHA-3 message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-384"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512"
+ Description="SHA-3 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-512"/>
+
+ <!-- Signature Algorithms -->
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+ Description="Digital Signature Algorithm with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="REQUIRED"
+ RequiredKey="DSA"
+ JCEName="SHA1withDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+ Description="RSA Signature with MD5 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="MD5withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ Description="RSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="RIPEMD160withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+ Description="RSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ Description="RSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ Description="RSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ Description="RSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ Description="RSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ Description="ECDSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA1withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+ Description="ECDSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA224withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ Description="ECDSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA256withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ Description="ECDSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA384withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ Description="ECDSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA512withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ Description="ECDSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="https://tools.ietf.org/html/rfc6931"
+ RequiredKey="EC"
+ JCEName="RIPEMD160withECDSA"/>
+
+ <!-- MAC Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ Description="Message Authentication code using MD5"
+ AlgorithmClass="Mac"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacMD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ Description="Message Authentication code using RIPEMD-160"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HMACRIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+ Description="Message Authentication code using SHA1"
+ AlgorithmClass="Mac"
+ RequirementLevel="REQUIRED"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+ Description="Message Authentication code using SHA-224"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+ Description="Message Authentication code using SHA-256"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ Description="Message Authentication code using SHA-384"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ Description="Message Authentication code using SHA-512"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA512"/>
+
+ <!-- Block encryption Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
+ Description="Block encryption using Triple-DES"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ IVLength="64"
+ RequiredKey="DESede"
+ JCEName="DESede/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+ Description="Block encryption using AES with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc"
+ Description="Block encryption using AES with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
+ Description="Block encryption using AES with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"
+ Description="Block encryption using AES with a key length of 128 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"
+ Description="Block encryption using AES with a key length of 192 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"
+ Description="Block encryption using AES with a key length of 256 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc"
+ Description="Block encryption using SEED with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="SEED"
+ JCEName="SEED/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
+ Description="Block encryption using Camellia with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc"
+ Description="Block encryption using Camellia with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc"
+ Description="Block encryption using Camellia with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
+ Description="Key Transport RSA-v1.5"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/PKCS1Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
+ Description="Key Agreement Diffie-Hellman"
+ AlgorithmClass="KeyAgreement"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="DH"
+ JCEName="DH"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
+ Description="Symmetric Key Wrap using Triple DES"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ RequiredKey="DESede"
+ JCEName="DESedeWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128"
+ Description="Symmetric Key Wrap using AES with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192"
+ Description="Symmetric Key Wrap using AES with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256"
+ Description="Symmetric Key Wrap using AES with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia192"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia256"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
+ Description="Symmetric Key Wrap using SEED with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="SEED"
+ JCEName="SEEDWrap"/>
+
+ </Algorithms>
+ </JCEAlgorithmMappings>
+ <ResourceBundles defaultLanguageCode="en" defaultCountryCode="US"/>
+ <ResourceResolvers>
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP"
+ DESCRIPTION="A simple resolver for requests to HTTP space" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem"
+ DESCRIPTION="A simple resolver for requests to the local file system" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment"
+ DESCRIPTION="A simple resolver for requests of same-document URIs" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer"
+ DESCRIPTION="A simple resolver for requests of XPointer fragments" />
+ </ResourceResolvers>
+ <KeyResolver>
+ <!-- This section contains a list of KeyResolvers that are available in
+ every KeyInfo object -->
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver"
+ DESCRIPTION="Can extract RSA public keys" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver"
+ DESCRIPTION="Can extract DSA public keys" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver"
+ DESCRIPTION="Can extract public keys from X509 certificates" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver"
+ DESCRIPTION="Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver"
+ DESCRIPTION="Resolves keys and certificates using ResourceResolvers" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver"
+ DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver"
+ DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.ECKeyValueResolver"
+ DESCRIPTION="Can extract EC public keys" />
+ </KeyResolver>
+
+ <PrefixMappings>
+ <!-- Many classes create Elements which are in a specific namespace;
+ here, the prefixes for these namespaces are defined. But this
+ can also be overwritten using the ElementProxy#setDefaultPrefix()
+ method. You can even set all prefixes to "" so that the corresponding
+ elements are created using the default namespace -->
+ <PrefixMapping namespace="http://www.w3.org/2000/09/xmldsig#"
+ prefix="ds" />
+ <PrefixMapping namespace="http://www.w3.org/2001/04/xmlenc#"
+ prefix="xenc" />
+ <PrefixMapping namespace="http://www.xmlsecurity.org/experimental#"
+ prefix="experimental" />
+ <PrefixMapping namespace="http://www.w3.org/2002/04/xmldsig-filter2"
+ prefix="dsig-xpath-old" />
+ <PrefixMapping namespace="http://www.w3.org/2002/06/xmldsig-filter2"
+ prefix="dsig-xpath" />
+ <PrefixMapping namespace="http://www.w3.org/2001/10/xml-exc-c14n#"
+ prefix="ec" />
+ <PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"
+ prefix="xx" />
+ <PrefixMapping namespace="http://www.w3.org/2009/xmldsig11#"
+ prefix="dsig11" />
+ </PrefixMappings>
+</Configuration>