You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/10/17 16:02:11 UTC
svn commit: r1399272 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/config/
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/ext/stax/
main/java/org/apache/xml/security/stax/impl/ m...
Author: giger
Date: Wed Oct 17 14:02:10 2012
New Revision: 1399272
URL: http://svn.apache.org/viewvc?rev=1399272&view=rev
Log:
resolved most todo's in the stax code
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java (with props)
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEventFactory.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamReader.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecStartElementImpl.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java Wed Oct 17 14:02:10 2012
@@ -130,7 +130,6 @@ public class XIncludeHandler extends Def
String xpointer = atts.getValue("xpointer");
URL url = this.getClass().getClassLoader().getResource(href);
- //todo implement fallback with parent systemId when xml is not in the classpath
if (url == null) {
throw new SAXException("XML file not found: " + href);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Wed Oct 17 14:02:10 2012
@@ -37,9 +37,6 @@ import org.apache.xml.security.stax.conf
*/
public class XMLSec {
- //todo crl check
- //todo outgoing client setup per policy
-
static {
try {
Init.init(XMLSec.class.getClassLoader().getResource("security-config.xml").toURI());
@@ -117,7 +114,7 @@ public class XMLSec {
securityProperties.setSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
}
if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
- securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
+ securityProperties.setSignatureCanonicalizationAlgorithm(XMLSecurityConstants.NS_C14N_EXCL_OMIT_COMMENTS);
}
if (securityProperties.getSignatureKeyIdentifierType() == null) {
securityProperties.setSignatureKeyIdentifierType(XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Wed Oct 17 14:02:10 2012
@@ -265,6 +265,13 @@ public class XMLSecurityConstants {
public static final QName ATT_NULL_PrefixList = new QName(null, "PrefixList");
public static final QName TAG_c14nExcl_InclusiveNamespaces = new QName(NS_C14N_EXCL, "InclusiveNamespaces", PREFIX_C14N_EXCL);
+ public static final String NS_C14N_OMIT_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+ public static final String NS_C14N_WITH_COMMENTS = NS_C14N_OMIT_COMMENTS + "#WithComments";
+ public static final String NS_C14N_EXCL_OMIT_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#";
+ public static final String NS_C14N_EXCL_WITH_COMMENTS = NS_C14N_EXCL_OMIT_COMMENTS + "WithComments";
+ public static final String NS_C14N11_OMIT_COMMENTS = "http://www.w3.org/2006/12/xml-c14n11";
+ public static final String NS_C14N11_WITH_COMMENTS = NS_C14N11_OMIT_COMMENTS + "#WithComments";
+
public static final String PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE = "PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION = "PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY";
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java Wed Oct 17 14:02:10 2012
@@ -103,7 +103,6 @@ public class XMLSecurityUtils {
return Thread.currentThread().getContextClassLoader().loadClass(className);
}
- //todo transformer factory?
public static Transformer getTransformer(Object methodParameter1, Object methodParameter2, String algorithm,
XMLSecurityConstants.DIRECTION direction) throws XMLSecurityException {
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java?rev=1399272&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java Wed Oct 17 14:02:10 2012
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.ext.stax;
+
+import javax.xml.stream.events.EntityDeclaration;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface XMLSecEntityDeclaration extends XMLSecEvent, EntityDeclaration {
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEntityDeclaration.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEventFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEventFactory.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEventFactory.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/stax/XMLSecEventFactory.java Wed Oct 17 14:02:10 2012
@@ -149,6 +149,10 @@ public class XMLSecEventFactory {
return new XMLSecEntityReferenceImpl(name, entityDeclaration, null);
}
+ public static XMLSecEntityDeclaration createXmlSecEntityDeclaration(String name) {
+ return new XMLSecEntityDeclarationImpl(name);
+ }
+
public static XMLSecAttribute createXMLSecAttribute(QName name, String value) {
return new XMLSecAttributeImpl(name, value);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamReader.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamReader.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamReader.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamReader.java Wed Oct 17 14:02:10 2012
@@ -71,10 +71,6 @@ public class XMLSecurityStreamReader imp
} catch (XMLSecurityException e) {
throw new XMLStreamException(e);
}
- /*todo why was this needed? Because of the Sun Stax impl?
- if (currentEvent.isCharacters() && currentEvent.asCharacters().isIgnorableWhiteSpace()) {
- return XMLStreamConstants.SPACE;
- }*/
return eventType;
}
@@ -191,7 +187,14 @@ public class XMLSecurityStreamReader imp
case START_ELEMENT:
return xmlSecEvent.asStartElement().getNamespaceURI(prefix);
case END_ELEMENT:
- //todo somehow...
+ @SuppressWarnings("unchecked")
+ Iterator<Namespace> namespaceIterator = xmlSecEvent.asEndElement().getNamespaces();
+ while (namespaceIterator.hasNext()) {
+ Namespace namespace = namespaceIterator.next();
+ if (prefix.equals(namespace.getPrefix())) {
+ return namespace.getNamespaceURI();
+ }
+ }
return null;
default:
throw new IllegalStateException(ERR_STATE_NOT_ELEM);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java Wed Oct 17 14:02:10 2012
@@ -27,12 +27,9 @@ import org.apache.xml.security.stax.ext.
import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
-import javax.xml.stream.Location;
-import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.stream.events.*;
-import java.io.Writer;
import java.util.*;
/**
@@ -212,9 +209,7 @@ public class XMLSecurityStreamWriter imp
public void writeEndElement() throws XMLStreamException {
outputOpenStartElement();
QName element = startElementStack.pop();
- // Map<String, XMLSecNamespace> namespaceMap = nsStack.pop();
nsStack.pop();
- //todo namespaces which are going out of scope for endElement?
chainProcessEvent(XMLSecEventFactory.createXmlSecEndElement(element));
}
@@ -224,9 +219,7 @@ public class XMLSecurityStreamWriter imp
outputOpenStartElement();
Iterator<QName> startElements = startElementStack.iterator();
while (startElements.hasNext()) {
- // Map<String, XMLSecNamespace> namespaceMap = nsStack.pop();
nsStack.pop();
- //todo namespaces which are going out of scope for endElement?
chainProcessEvent(XMLSecEventFactory.createXmlSecEndElement(startElements.next()));
}
chainProcessEvent(XMLSecEventFactory.createXMLSecEndDocument());
@@ -299,117 +292,12 @@ public class XMLSecurityStreamWriter imp
public void writeEntityRef(final String name) throws XMLStreamException {
outputOpenStartElement();
- //todo implement correctly or throw UnsupportedException
- chainProcessEvent(XMLSecEventFactory.createXMLSecEntityReference(name, new EntityDeclaration() {
- @Override
- public String getPublicId() {
- return null;
- }
-
- @Override
- public String getSystemId() {
- return null;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getNotationName() {
- return null;
- }
-
- @Override
- public String getReplacementText() {
- return null;
- }
-
- @Override
- public String getBaseURI() {
- return null;
- }
-
- @Override
- public int getEventType() {
- return XMLStreamConstants.ENTITY_REFERENCE;
- }
-
- @Override
- public Location getLocation() {
- return null;
- }
-
- @Override
- public boolean isStartElement() {
- return false;
- }
-
- @Override
- public boolean isAttribute() {
- return false;
- }
-
- @Override
- public boolean isNamespace() {
- return false;
- }
-
- @Override
- public boolean isEndElement() {
- return false;
- }
-
- @Override
- public boolean isEntityReference() {
- return true;
- }
-
- @Override
- public boolean isProcessingInstruction() {
- return false;
- }
-
- @Override
- public boolean isCharacters() {
- return false;
- }
-
- @Override
- public boolean isStartDocument() {
- return false;
- }
-
- @Override
- public boolean isEndDocument() {
- return false;
- }
-
- @Override
- public StartElement asStartElement() {
- return null;
- }
-
- @Override
- public EndElement asEndElement() {
- return null;
- }
-
- @Override
- public Characters asCharacters() {
- return null;
- }
-
- @Override
- public QName getSchemaType() {
- return null;
- }
-
- @Override
- public void writeAsEncodedUnicode(Writer writer) throws XMLStreamException {
- }
- }));
+ chainProcessEvent(
+ XMLSecEventFactory.createXMLSecEntityReference(
+ name,
+ XMLSecEventFactory.createXmlSecEntityDeclaration(name)
+ )
+ );
}
public void writeStartDocument() throws XMLStreamException {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java Wed Oct 17 14:02:10 2012
@@ -22,23 +22,26 @@ import org.apache.xml.security.binding.e
import org.apache.xml.security.binding.xmldsig.CanonicalizationMethodType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
+import org.apache.xml.security.binding.xmldsig.SignedInfoType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithmFactory;
-import org.apache.xml.security.stax.impl.util.IDGenerator;
-import org.apache.xml.security.stax.impl.util.SignerOutputStream;
-import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
+import org.apache.xml.security.stax.impl.util.*;
import javax.xml.bind.JAXBElement;
+import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.util.ArrayDeque;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
@@ -55,6 +58,18 @@ public abstract class AbstractSignatureI
@SuppressWarnings("unchecked")
final SignatureType signatureType = ((JAXBElement<SignatureType>) parseStructure(eventQueue, index, securityProperties)).getValue();
+ if (signatureType.getSignedInfo() == null) {
+ throw new XMLSecurityException("stax.signature.signedInfoMissing");
+ }
+ if (signatureType.getSignedInfo().getSignatureMethod() == null) {
+ throw new XMLSecurityException("stax.signature.signatureMethodMissing");
+ }
+ if (signatureType.getSignedInfo().getCanonicalizationMethod() == null) {
+ throw new XMLSecurityException("stax.signature.canonicalizationMethodMissing");
+ }
+ if (signatureType.getSignatureValue() == null) {
+ throw new XMLSecurityException("stax.signature.signatureValueMissing");
+ }
if (signatureType.getId() == null) {
signatureType.setId(IDGenerator.generateID(null));
}
@@ -69,12 +84,79 @@ public abstract class AbstractSignatureI
protected SecurityToken verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
SignatureType signatureType, Deque<XMLSecEvent> eventDeque, int index)
throws XMLSecurityException {
- //todo reparse SignedInfo when custom canonicalization method is used
- //verify SignedInfo
+
+ Iterator<XMLSecEvent> iterator;
+
+ String c14NMethod = signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
+ if (XMLSecurityConstants.NS_C14N_OMIT_COMMENTS.equals(c14NMethod) ||
+ XMLSecurityConstants.NS_C14N_WITH_COMMENTS.equals(c14NMethod) ||
+ XMLSecurityConstants.NS_C14N_EXCL_OMIT_COMMENTS.equals(c14NMethod) ||
+ XMLSecurityConstants.NS_C14N_EXCL_WITH_COMMENTS.equals(c14NMethod) ||
+ XMLSecurityConstants.NS_C14N11_OMIT_COMMENTS.equals(c14NMethod) ||
+ XMLSecurityConstants.NS_C14N11_WITH_COMMENTS.equals(c14NMethod)) {
+
+ iterator = eventDeque.descendingIterator();
+ //forward to <Signature> Element
+ int i = 0;
+ while (i < index) {
+ iterator.next();
+ i++;
+ }
+
+ } else {
+ iterator = reparseSignedInfo(inputProcessorChain, securityProperties, signatureType, eventDeque, index).descendingIterator();
+ index = 0;
+ }
+
SignatureVerifier signatureVerifier = newSignatureVerifier(inputProcessorChain, securityProperties, signatureType);
+ try {
+ loop:
+ while (iterator.hasNext()) {
+ XMLSecEvent xmlSecEvent = iterator.next();
+ switch (xmlSecEvent.getEventType()) {
+ case XMLStreamConstants.START_ELEMENT:
+ if (xmlSecEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
+ signatureVerifier.processEvent(xmlSecEvent);
+ break loop;
+ }
+ break;
+ }
+ }
+ loop:
+ while (iterator.hasNext()) {
+ XMLSecEvent xmlSecEvent = iterator.next();
+ signatureVerifier.processEvent(xmlSecEvent);
+ switch (xmlSecEvent.getEventType()) {
+ case XMLStreamConstants.END_ELEMENT:
+ if (xmlSecEvent.asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
+ break loop;
+ }
+ break;
+ }
+ }
+ } catch (XMLStreamException e) {
+ throw new XMLSecurityException(e);
+ }
+ signatureVerifier.doFinal();
+ return signatureVerifier.getSecurityToken();
+ }
+
+ protected Deque<XMLSecEvent> reparseSignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
+ SignatureType signatureType, Deque<XMLSecEvent> eventDeque, int index
+ ) throws XMLSecurityException {
+
+ Deque<XMLSecEvent> signedInfoDeque = new ArrayDeque<XMLSecEvent>();
+
+ UnsynchronizedByteArrayOutputStream unsynchronizedByteArrayOutputStream = new UnsynchronizedByteArrayOutputStream();
+ Transformer transformer = XMLSecurityUtils.getTransformer(
+ null,
+ unsynchronizedByteArrayOutputStream,
+ signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm(),
+ XMLSecurityConstants.DIRECTION.IN);
+
Iterator<XMLSecEvent> iterator = eventDeque.descendingIterator();
- //skip to <Signature> Element
+ //forward to <Signature> Element
int i = 0;
while (i < index) {
iterator.next();
@@ -88,16 +170,17 @@ public abstract class AbstractSignatureI
switch (xmlSecEvent.getEventType()) {
case XMLStreamConstants.START_ELEMENT:
if (xmlSecEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
- signatureVerifier.processEvent(xmlSecEvent);
+ transformer.transform(xmlSecEvent);
break loop;
}
break;
}
}
+
loop:
while (iterator.hasNext()) {
XMLSecEvent xmlSecEvent = iterator.next();
- signatureVerifier.processEvent(xmlSecEvent);
+ transformer.transform(xmlSecEvent);
switch (xmlSecEvent.getEventType()) {
case XMLStreamConstants.END_ELEMENT:
if (xmlSecEvent.asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
@@ -106,11 +189,29 @@ public abstract class AbstractSignatureI
break;
}
}
+
+ transformer.doFinal();
+
+ XMLStreamReader xmlStreamReader = inputProcessorChain.getSecurityContext().
+ <XMLInputFactory>get(XMLSecurityConstants.XMLINPUTFACTORY).
+ createXMLStreamReader(new UnsynchronizedByteArrayInputStream(unsynchronizedByteArrayOutputStream.toByteArray()));
+
+ while (xmlStreamReader.hasNext()) {
+ XMLSecEvent xmlSecEvent = XMLSecEventFactory.allocate(xmlStreamReader, null);
+ signedInfoDeque.push(xmlSecEvent);
+ xmlStreamReader.next();
+ }
+
+ @SuppressWarnings("unchecked")
+ final SignedInfoType signedInfoType =
+ ((JAXBElement<SignedInfoType>) parseStructure(signedInfoDeque, 0, securityProperties)).getValue();
+ signatureType.setSignedInfo(signedInfoType);
+
+ return signedInfoDeque;
+
} catch (XMLStreamException e) {
throw new XMLSecurityException(e);
}
- signatureVerifier.doFinal();
- return signatureVerifier.getSecurityToken();
}
protected abstract SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain,
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Wed Oct 17 14:02:10 2012
@@ -301,11 +301,17 @@ public abstract class AbstractSignatureR
InternalSignatureReferenceVerifier internalSignatureReferenceVerifier)
throws XMLSecurityException {
+ // If no Transforms then just default to an Inclusive without comments transform
if (referenceType.getTransforms() == null || referenceType.getTransforms().getTransform().isEmpty()) {
- // If no Transforms then just default to an Inclusive without comments transform
+
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+ algorithmSuiteSecurityEvent.setAlgorithmURI(XMLSecurityConstants.NS_C14N_OMIT_COMMENTS);
+ algorithmSuiteSecurityEvent.setKeyUsage(XMLSecurityConstants.C14n);
+ algorithmSuiteSecurityEvent.setCorrelationID(referenceType.getId());
+ inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
+
Transformer transformer = new Canonicalizer20010315_OmitCommentsTransformer();
transformer.setOutputStream(outputStream);
- //todo algoSecEvent??
return transformer;
}
@@ -314,7 +320,7 @@ public abstract class AbstractSignatureR
if (transformTypeList.size() == 1 &&
XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE.equals(transformTypeList.get(0).getAlgorithm())) {
TransformType transformType = new TransformType();
- transformType.setAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
+ transformType.setAlgorithm(XMLSecurityConstants.NS_C14N_OMIT_COMMENTS);
transformTypeList.add(transformType);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Wed Oct 17 14:02:10 2012
@@ -92,7 +92,7 @@ public class XMLEncryptedKeyInputHandler
}
this.securityToken = new AbstractInboundSecurityToken(
- securityContext, null, encryptedKeyType.getId(), null) {
+ securityContext, encryptedKeyType.getId(), null) {
private byte[] decryptedKey = null;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java Wed Oct 17 14:02:10 2012
@@ -45,18 +45,7 @@ public class XMLSignatureInputHandler ex
final XMLSecurityProperties securityProperties,
final SignatureType signatureType) throws XMLSecurityException {
- if (signatureType.getSignedInfo() == null) {
- throw new XMLSecurityException("stax.signature.signedInfoMissing");
- }
- if (signatureType.getSignedInfo().getSignatureMethod() == null) {
- throw new XMLSecurityException("stax.signature.signatureMethodMissing");
- }
- if (signatureType.getSignedInfo().getCanonicalizationMethod() == null) {
- throw new XMLSecurityException("stax.signature.canonicalizationMethodMissing");
- }
- if (signatureType.getSignatureValue() == null) {
- throw new XMLSecurityException("stax.signature.signatureValueMissing");
- }
+
final SecurityContext securityContext = inputProcessorChain.getSecurityContext();
final SignatureVerifier signatureVerifier =
new XMLSignatureVerifier(signatureType, securityContext, securityProperties) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java Wed Oct 17 14:02:10 2012
@@ -123,7 +123,6 @@ public abstract class AbstractEncryptOut
// The Spec mandates a 96-bit IV for GCM algorithms
if ("AES/GCM/NoPadding".equals(symmetricCipher.getAlgorithm())) {
- //todo we should extend the security-config.xml with an iv-length parameter
byte[] temp = new byte[12];
XMLSecurityConstants.secureRandom.nextBytes(temp);
IvParameterSpec ivParameterSpec = new IvParameterSpec(temp);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -26,7 +26,6 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import javax.crypto.SecretKey;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import java.security.Key;
import java.security.PrivateKey;
@@ -47,7 +46,6 @@ public abstract class AbstractInboundSec
private boolean invoked = false;
private SecurityContext securityContext;
- private CallbackHandler callbackHandler;
private final String id;
private List<QName> elementPath;
private XMLSecEvent xmlSecEvent;
@@ -59,10 +57,9 @@ public abstract class AbstractInboundSec
private PublicKey publicKey;
private X509Certificate[] x509Certificates;
- public AbstractInboundSecurityToken(SecurityContext securityContext, CallbackHandler callbackHandler,
- String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ public AbstractInboundSecurityToken(SecurityContext securityContext, String id,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
this.securityContext = securityContext;
- this.callbackHandler = callbackHandler;
this.id = id;
this.keyIdentifierType = keyIdentifierType;
}
@@ -104,10 +101,6 @@ public abstract class AbstractInboundSec
this.xmlSecEvent = xmlSecEvent;
}
- protected CallbackHandler getCallbackHandler() {
- return callbackHandler;
- }
-
@Override
public boolean isAsymmetric() throws XMLSecurityException {
if (getSecretKey() instanceof PrivateKey || getPublicKey() != null) {
@@ -145,18 +138,23 @@ public abstract class AbstractInboundSec
@Override
public final Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
+ String correlationID) throws XMLSecurityException {
+ if (correlationID == null) {
+ throw new IllegalArgumentException("correlationID must not be null");
+ }
testAndSetInvocation();
Key key = getKey(algorithmURI, keyUsage, correlationID);
- //todo remove correlationID null check when we have implemented a better api to access the key
- if (key != null && this.securityContext != null && correlationID != null) {
+ if (key != null && this.securityContext != null) {
AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI);
algorithmSuiteSecurityEvent.setKeyUsage(keyUsage);
algorithmSuiteSecurityEvent.setCorrelationID(correlationID);
- //todo what's with a DSA key?
if (key instanceof RSAKey) {
algorithmSuiteSecurityEvent.setKeyLength(((RSAKey) key).getModulus().bitLength());
+ } else if (key instanceof DSAKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((DSAKey) key).getParams().getP().bitLength());
+ } else if (key instanceof ECKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((ECKey) key).getParams().getOrder().bitLength());
} else if (key instanceof SecretKey) {
algorithmSuiteSecurityEvent.setKeyLength(key.getEncoded().length * 8);
} else {
@@ -191,11 +189,13 @@ public abstract class AbstractInboundSec
@Override
public final PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
+ String correlationID) throws XMLSecurityException {
+ if (correlationID == null) {
+ throw new IllegalArgumentException("correlationID must not be null");
+ }
testAndSetInvocation();
PublicKey publicKey = getPubKey(algorithmURI, keyUsage, correlationID);
- //todo remove correlationID null check when we have implemented a better api to access the key
- if (publicKey != null && this.securityContext != null && correlationID != null) {
+ if (publicKey != null && this.securityContext != null) {
AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI);
algorithmSuiteSecurityEvent.setKeyUsage(keyUsage);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -23,7 +23,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@@ -39,9 +38,9 @@ public class DsaKeyValueSecurityToken ex
private DSAKeyValueType dsaKeyValueType;
- public DsaKeyValueSecurityToken(DSAKeyValueType dsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
+ public DsaKeyValueSecurityToken(DSAKeyValueType dsaKeyValueType, SecurityContext securityContext,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
- super(securityContext, callbackHandler, null, keyIdentifierType);
+ super(securityContext, null, keyIdentifierType);
this.dsaKeyValueType = dsaKeyValueType;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -24,7 +24,6 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.algorithms.ECDSAUtils;
-import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@@ -39,11 +38,11 @@ public class ECKeyValueSecurityToken ext
private ECKeyValueType ecKeyValueType;
- public ECKeyValueSecurityToken(ECKeyValueType ecKeyValueType, SecurityContext securityContext,
- CallbackHandler callbackHandler,
- XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ public ECKeyValueSecurityToken(
+ ECKeyValueType ecKeyValueType, SecurityContext securityContext,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
- super(securityContext, callbackHandler, null, keyIdentifierType);
+ super(securityContext, null, keyIdentifierType);
if (ecKeyValueType.getECParameters() != null) {
throw new XMLSecurityException("stax.ecParametersNotSupported");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -22,7 +22,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
/**
* @author $Author: coheigea $
@@ -32,9 +31,9 @@ public class KeyNameSecurityToken extend
private String keyName;
- public KeyNameSecurityToken(String keyName, SecurityContext securityContext, CallbackHandler callbackHandler,
+ public KeyNameSecurityToken(String keyName, SecurityContext securityContext,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
- super(securityContext, callbackHandler, null, keyIdentifierType);
+ super(securityContext, null, keyIdentifierType);
this.keyName = keyName;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -50,8 +50,7 @@ public interface OutboundSecurityToken {
* Returns the secret key
*
* @return The key
- * @throws XMLSecurityException
- * if the key can't be loaded
+ * @throws XMLSecurityException if the key can't be loaded
*/
Key getSecretKey(String algorithmURI) throws XMLSecurityException;
@@ -59,8 +58,7 @@ public interface OutboundSecurityToken {
* Returns the public key if one exist for this token type
*
* @return The Public-Key for asymmetric algorithms
- * @throws XMLSecurityException
- * if the key can't be loaded
+ * @throws XMLSecurityException if the key can't be loaded
*/
PublicKey getPublicKey() throws XMLSecurityException;
@@ -68,8 +66,7 @@ public interface OutboundSecurityToken {
* Returns the certificate chain if one exists for this token type
*
* @return The certificate chain
- * @throws XMLSecurityException
- * if the certificates can't be retrieved
+ * @throws XMLSecurityException if the certificates can't be retrieved
*/
X509Certificate[] getX509Certificates() throws XMLSecurityException;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -23,7 +23,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@@ -39,9 +38,9 @@ public class RsaKeyValueSecurityToken ex
private RSAKeyValueType rsaKeyValueType;
- public RsaKeyValueSecurityToken(RSAKeyValueType rsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
+ public RsaKeyValueSecurityToken(RSAKeyValueType rsaKeyValueType, SecurityContext securityContext,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
- super(securityContext, callbackHandler, null, keyIdentifierType);
+ super(securityContext, null, keyIdentifierType);
this.rsaKeyValueType = rsaKeyValueType;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Wed Oct 17 14:02:10 2012
@@ -26,7 +26,6 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayInputStream;
import org.apache.xml.security.utils.RFC2253Parser;
-import javax.security.auth.callback.CallbackHandler;
import java.io.InputStream;
import java.security.Key;
import java.security.PublicKey;
@@ -55,7 +54,7 @@ public class SecurityTokenFactoryImpl ex
final KeyValueType keyValueType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
if (keyValueType != null) {
- return getSecurityToken(keyValueType, securityProperties.getCallbackHandler(), securityContext);
+ return getSecurityToken(keyValueType, securityContext);
}
// KeyName
@@ -63,7 +62,7 @@ public class SecurityTokenFactoryImpl ex
XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyName);
if (keyName != null) {
KeyNameSecurityToken token =
- new KeyNameSecurityToken(keyName, securityContext, securityProperties.getCallbackHandler(),
+ new KeyNameSecurityToken(keyName, securityContext,
XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME);
setTokenKey(securityProperties, keyInfoUsage, token);
return token;
@@ -81,7 +80,7 @@ public class SecurityTokenFactoryImpl ex
if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION
&& securityProperties.getSignatureVerificationKey() != null) {
AbstractInboundSecurityToken token =
- new AbstractInboundSecurityToken(securityContext, securityProperties.getCallbackHandler(), null,
+ new AbstractInboundSecurityToken(securityContext, null,
XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
@Override
public TokenType getTokenType() {
@@ -93,7 +92,7 @@ public class SecurityTokenFactoryImpl ex
} else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION
&& securityProperties.getDecryptionKey() != null) {
AbstractInboundSecurityToken token =
- new AbstractInboundSecurityToken(securityContext, securityProperties.getCallbackHandler(), null,
+ new AbstractInboundSecurityToken(securityContext, null,
XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
@Override
public TokenType getTokenType() {
@@ -107,28 +106,26 @@ public class SecurityTokenFactoryImpl ex
throw new XMLSecurityException("stax.noKey", keyInfoUsage);
}
- //todo can the callbackhandler be eliminated?
- private static SecurityToken getSecurityToken(KeyValueType keyValueType,
- final CallbackHandler callbackHandler, SecurityContext securityContext)
+ private static SecurityToken getSecurityToken(KeyValueType keyValueType, SecurityContext securityContext)
throws XMLSecurityException {
final RSAKeyValueType rsaKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_RSAKeyValue);
if (rsaKeyValueType != null) {
return new RsaKeyValueSecurityToken(rsaKeyValueType, securityContext,
- callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
final DSAKeyValueType dsaKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_DSAKeyValue);
if (dsaKeyValueType != null) {
return new DsaKeyValueSecurityToken(dsaKeyValueType, securityContext,
- callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
final ECKeyValueType ecKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig11_ECKeyValue);
if (ecKeyValueType != null) {
return new ECKeyValueSecurityToken(ecKeyValueType, securityContext,
- callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
throw new XMLSecurityException("stax.unsupportedKeyValue");
}
@@ -152,8 +149,7 @@ public class SecurityTokenFactoryImpl ex
}
X509SecurityToken token =
new X509SecurityToken(tokenType, securityContext,
- securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
+ "", XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
token.setX509Certificates(new X509Certificate[]{cert});
setTokenKey(securityProperties, keyInfoUsage, token);
@@ -174,7 +170,7 @@ public class SecurityTokenFactoryImpl ex
}
X509IssuerSerialSecurityToken token =
new X509IssuerSerialSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
+ "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
token.setIssuerName(issuerSerialType.getX509IssuerName());
token.setSerialNumber(issuerSerialType.getX509SerialNumber());
@@ -194,7 +190,7 @@ public class SecurityTokenFactoryImpl ex
}
X509SKISecurityToken token =
new X509SKISecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
+ "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
token.setSkiBytes(skiBytes);
setTokenKey(securityProperties, keyInfoUsage, token);
@@ -215,8 +211,7 @@ public class SecurityTokenFactoryImpl ex
RFC2253Parser.normalize(subjectName);
X509SubjectNameSecurityToken token =
new X509SubjectNameSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
+ "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
token.setSubjectName(normalizedSubjectName);
setTokenKey(securityProperties, keyInfoUsage, token);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -21,7 +21,6 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
/**
@@ -33,9 +32,8 @@ public class X509IssuerSerialSecurityTok
private BigInteger serialNumber;
protected X509IssuerSerialSecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
- CallbackHandler callbackHandler, String id,
- XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
- super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(tokenType, securityContext, id, keyIdentifierType);
}
public String getIssuerName() {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java Wed Oct 17 14:02:10 2012
@@ -21,8 +21,6 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
-
/**
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
@@ -31,10 +29,9 @@ public class X509SKISecurityToken extend
private byte[] skiBytes;
- protected X509SKISecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
- CallbackHandler callbackHandler, String id,
+ protected X509SKISecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext, String id,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
- super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ super(tokenType, securityContext, id, keyIdentifierType);
}
public byte[] getSkiBytes() {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java Wed Oct 17 14:02:10 2012
@@ -22,8 +22,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
-
/**
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
@@ -33,9 +31,8 @@ public class X509SecurityToken extends A
private final XMLSecurityConstants.TokenType tokenType;
protected X509SecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
- CallbackHandler callbackHandler, String id,
- XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
- super(securityContext, callbackHandler, id, keyIdentifierType);
+ String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(securityContext, id, keyIdentifierType);
this.tokenType = tokenType;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java Wed Oct 17 14:02:10 2012
@@ -21,8 +21,6 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import javax.security.auth.callback.CallbackHandler;
-
/**
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
@@ -32,9 +30,8 @@ public class X509SubjectNameSecurityToke
private String subjectName;
protected X509SubjectNameSecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
- CallbackHandler callbackHandler, String id,
- XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
- super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(tokenType, securityContext, id, keyIdentifierType);
}
public String getSubjectName() {
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java?rev=1399272&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java Wed Oct 17 14:02:10 2012
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.stax;
+
+import org.apache.xml.security.stax.ext.stax.XMLSecEntityDeclaration;
+
+import javax.xml.stream.XMLStreamConstants;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class XMLSecEntityDeclarationImpl extends XMLSecEventBaseImpl implements XMLSecEntityDeclaration {
+
+ public XMLSecEntityDeclarationImpl(String name) {
+ this.name = name;
+ }
+
+ private String name;
+
+ @Override
+ public String getPublicId() {
+ return null;
+ }
+
+ @Override
+ public String getSystemId() {
+ return null;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getNotationName() {
+ return null;
+ }
+
+ @Override
+ public String getReplacementText() {
+ return null;
+ }
+
+ @Override
+ public String getBaseURI() {
+ return null;
+ }
+
+ @Override
+ public int getEventType() {
+ return XMLStreamConstants.ENTITY_DECLARATION;
+ }
+
+ @Override
+ public boolean isEntityReference() {
+ return true;
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecEntityDeclarationImpl.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecStartElementImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecStartElementImpl.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecStartElementImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/stax/XMLSecStartElementImpl.java Wed Oct 17 14:02:10 2012
@@ -163,8 +163,52 @@ public class XMLSecStartElementImpl exte
@Override
public NamespaceContext getNamespaceContext() {
- //todo implement me. Needed by XMLSecurityStreamReader!
- return null;
+ return new NamespaceContext() {
+ @Override
+ public String getNamespaceURI(String prefix) {
+ for (int i = 0; i < namespaces.size(); i++) {
+ XMLSecNamespace comparableNamespace = namespaces.get(i);
+ if (prefix.equals(comparableNamespace.getPrefix())) {
+ return comparableNamespace.getNamespaceURI();
+ }
+ }
+ if (parentXMLSecStartELement != null) {
+ return parentXMLSecStartELement.getNamespaceURI(prefix);
+ }
+ return null;
+ }
+
+ @Override
+ public String getPrefix(String namespaceURI) {
+ for (int i = 0; i < namespaces.size(); i++) {
+ XMLSecNamespace comparableNamespace = namespaces.get(i);
+ if (namespaceURI.equals(comparableNamespace.getNamespaceURI())) {
+ return comparableNamespace.getPrefix();
+ }
+ }
+ if (parentXMLSecStartELement != null) {
+ return parentXMLSecStartELement.getNamespaceContext().getPrefix(namespaceURI);
+ }
+ return null;
+ }
+
+ @Override
+ public Iterator getPrefixes(String namespaceURI) {
+
+ Set<String> prefixes = new HashSet<String>();
+
+ List<XMLSecNamespace> xmlSecNamespaces = new ArrayList<XMLSecNamespace>();
+ getNamespacesFromCurrentScope(xmlSecNamespaces);
+
+ for (int i = 0; i < xmlSecNamespaces.size(); i++) {
+ XMLSecNamespace xmlSecNamespace = xmlSecNamespaces.get(i);
+ if (namespaceURI.equals(xmlSecNamespace.getNamespaceURI())) {
+ prefixes.add(xmlSecNamespace.getPrefix());
+ }
+ }
+ return prefixes.iterator();
+ }
+ };
}
@Override
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/util/IVSplittingOutputStream.java Wed Oct 17 14:02:10 2012
@@ -48,7 +48,6 @@ public class IVSplittingOutputStream ext
public IVSplittingOutputStream(OutputStream out, Cipher cipher, Key secretKey) {
super(out);
- //todo we should extend the security-config.xml with an iv-length parameter
if ("AES/GCM/NoPadding".equals(cipher.getAlgorithm())) {
ivLength = 12;
} else {
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java Wed Oct 17 14:02:10 2012
@@ -75,8 +75,12 @@ public class SignatureCreationReferenceU
new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element);
properties.addSignaturePart(securePart);
- //todo remove null-c14n when external transformation is implemented
- securePart = new SecurePart("file://" + BASEDIR + "/src/test/resources/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml", null, XMLSecurityConstants.NS_XMLDSIG_SHA1);
+ securePart = new SecurePart(
+ "file://" +
+ BASEDIR +
+ "/src/test/resources/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml",
+ new String[]{"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"},
+ XMLSecurityConstants.NS_XMLDSIG_SHA1);
properties.addSignaturePart(securePart);
OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
@@ -122,7 +126,9 @@ public class SignatureCreationReferenceU
properties.addSignaturePart(securePart);
securePart = new SecurePart(
- "file://" + BASEDIR + "/target/test-classes/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.class",
+ "file://" +
+ BASEDIR +
+ "/target/test-classes/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.class",
null,
XMLSecurityConstants.NS_XMLDSIG_SHA1);
properties.addSignaturePart(securePart);
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java?rev=1399272&r1=1399271&r2=1399272&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java Wed Oct 17 14:02:10 2012
@@ -21,12 +21,14 @@ package org.apache.xml.security.test.sta
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
+import java.lang.reflect.Field;
import java.security.Key;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -39,6 +41,8 @@ import javax.xml.transform.TransformerFa
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
@@ -46,11 +50,14 @@ import org.apache.xml.security.keys.cont
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.securityEvent.*;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.TestUtils;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.transforms.implementations.TransformC14N;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -1359,4 +1366,62 @@ public class SignatureVerificationTest e
TestUtils.changeValueOfMaximumAllowedXMLStructureDepth(oldval);
}
}
+
+ @Test
+ public void testCustomC14nAlgo() throws Exception {
+
+ final String customC14N = "customC14N";
+ Transform.register(customC14N, TransformC14N.class);
+ Canonicalizer.register(customC14N, Canonicalizer20010315OmitComments.class);
+
+ Field algorithmsClassMapInField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapIn");
+ algorithmsClassMapInField.setAccessible(true);
+ Map<String, Class<?>> transformMap = (Map<String, Class<?>>)algorithmsClassMapInField.get(null);
+ transformMap.put(customC14N, org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_OmitCommentsTransformer.class);
+
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key,
+ customC14N, (List<ReferenceInfo>)null
+ );
+
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
+
+ StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+ }
}