You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/01/29 15:55:25 UTC
svn commit: r1562468 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/impl/processor/output/
test/java/org/apache/xml/security/test/stax/signature/
Author: coheigea
Date: Wed Jan 29 14:55:25 2014
New Revision: 1562468
URL: http://svn.apache.org/r1562468
Log:
Allow creating an XML Signature with no KeyInfo
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1562468&r1=1562467&r2=1562468&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Wed Jan 29 14:55:25 2014
@@ -46,6 +46,7 @@ import org.apache.xml.security.stax.impl
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
@@ -197,9 +198,12 @@ public abstract class AbstractSignatureE
attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
- createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, attributes);
- createKeyInfoStructureForSignature(subOutputProcessorChain, wrappingSecurityToken, getSecurityProperties().isUseSingleCert());
- createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
+ if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(
+ getSecurityProperties().getSignatureKeyIdentifier())) {
+ createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, attributes);
+ createKeyInfoStructureForSignature(subOutputProcessorChain, wrappingSecurityToken, getSecurityProperties().isUseSingleCert());
+ createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
+ }
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature);
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java?rev=1562468&r1=1562467&r2=1562468&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java Wed Jan 29 14:55:25 2014
@@ -73,7 +73,7 @@ public class AbstractSignatureCreationTe
) throws Exception {
verifyUsingDOM(document, cert, secureParts, null);
}
-
+
/**
* Verify the document using DOM
*/
@@ -83,6 +83,19 @@ public class AbstractSignatureCreationTe
List<SecurePart> secureParts,
ResourceResolverSpi resourceResolverSpi
) throws Exception {
+ verifyUsingDOM(document, cert, secureParts, resourceResolverSpi, true);
+ }
+
+ /**
+ * Verify the document using DOM
+ */
+ protected void verifyUsingDOM(
+ Document document,
+ X509Certificate cert,
+ List<SecurePart> secureParts,
+ ResourceResolverSpi resourceResolverSpi,
+ boolean keyInfoRequired
+ ) throws Exception {
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
@@ -107,8 +120,10 @@ public class AbstractSignatureCreationTe
if (resourceResolverSpi != null) {
signature.addResourceResolver(resourceResolverSpi);
}
- KeyInfo ki = signature.getKeyInfo();
- Assert.assertNotNull(ki);
+ if (keyInfoRequired) {
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ }
Assert.assertTrue(signature.checkSignatureValue(cert));
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1562468&r1=1562467&r2=1562468&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Wed Jan 29 14:55:25 2014
@@ -939,4 +939,51 @@ public class SignatureCreationTest exten
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
}
+
+ @Test
+ public void testNoKeyInfo() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ properties.setSignatureKey(key);
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setSignatureCerts(new X509Certificate[]{cert});
+
+ properties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
+ properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_NoKeyInfo);
+
+ SecurePart securePart =
+ new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Content);
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, false);
+
+ }
}