You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/04/03 06:50:01 UTC
svn commit: r1876076 [2/2] - in /santuario/xml-security-java/trunk/src/test:
java/org/apache/xml/security/test/stax/signature/
java/org/apache/xml/security/test/stax/utils/ resources/
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationMaxTransTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationMaxTransTest.java?rev=1876076&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationMaxTransTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationMaxTransTest.java Fri Apr 3 06:50:01 2020
@@ -0,0 +1,140 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.stax.signature;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.InputStream;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.ext.InboundXMLSec;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.test.stax.utils.StAX2DOM;
+import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+
+/**
+ * A set of test-cases for Signature verification.
+ *
+ * These are separated out from SignatureVerificationTest as we have to change the default configuration to set
+ * "MaximumAllowedTransformsPerReference" to "0".
+ */
+public class SignatureVerificationMaxTransTest extends AbstractSignatureVerificationTest {
+
+ private XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+ private TransformerFactory transformerFactory = TransformerFactory.newInstance();
+
+ @BeforeAll
+ public static void globalSetUp() throws Exception {
+ XMLSec.init();
+ Init.init(SignatureVerificationMaxTransTest.class.getClassLoader().getResource("security-config-max-trans-per.xml").toURI(),
+ SignatureVerificationMaxTransTest.class);
+ org.apache.xml.security.Init.init();
+ }
+
+ @BeforeEach
+ @Override
+ public void setUp() throws Exception {
+
+ BASEDIR = System.getProperty("basedir");
+ if (BASEDIR == null) {
+ BASEDIR = new File(".").getCanonicalPath();
+ }
+
+ xmlInputFactory.setEventAllocator(new XMLSecEventAllocator());
+ }
+
+ @Test
+ public void testMaximumAllowedTransformsPerReference() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ Document document = XMLUtils.read(sourceDocument, false);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<>();
+ localNames.add("PaymentInfo");
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
+ );
+
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+
+ XMLStreamReader xmlStreamReader = null;
+ try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
+ xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
+ }
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ try {
+ StAX2DOM.readDoc(securityStreamReader);
+ fail("Exception expected");
+ } catch (XMLStreamException e) {
+ assertTrue(e.getCause() instanceof XMLSecurityException);
+ assertEquals("1 transforms are contained in the Reference, maximum 0 are allowed. You can raise the maximum " +
+ "via the \"MaximumAllowedTransformsPerReference\" property in the configuration.",
+ e.getCause().getMessage());
+ }
+ }
+}
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java?rev=1876076&r1=1876075&r2=1876076&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java Fri Apr 3 06:50:01 2020
@@ -65,7 +65,6 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
-import org.apache.xml.security.test.stax.utils.TestUtils;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.implementations.TransformC14N;
@@ -1268,126 +1267,6 @@ public class SignatureVerificationTest e
}
@Test
- public void testMaximumAllowedReferencesPerManifest() throws Exception {
- // Read in plaintext document
- InputStream sourceDocument =
- this.getClass().getClassLoader().getResourceAsStream(
- "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
- Document document = XMLUtils.read(sourceDocument, false);
-
- // Set up the Key
- KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(
- this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
- "default".toCharArray()
- );
- Key key = keyStore.getKey("transmitter", "default".toCharArray());
- X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
-
- // Sign using DOM
- List<String> localNames = new ArrayList<>();
- localNames.add("Item");
- localNames.add("PaymentInfo");
- localNames.add("ShippingAddress");
- XMLSignature sig = signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
- );
-
- // Add KeyInfo
- sig.addKeyInfo(cert);
-
- // Convert Document to a Stream Reader
- javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
- // Verify signature
- XMLSecurityProperties properties = new XMLSecurityProperties();
- InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
- TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
- XMLStreamReader securityStreamReader =
- inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
-
- int oldval = 0;
- try {
- oldval = TestUtils.changeValueOfMaximumAllowedReferencesPerManifest(2);
- document = StAX2DOM.readDoc(securityStreamReader);
- fail("Exception expected");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof XMLSecurityException);
- assertEquals("4 references are contained in the Manifest, maximum 2 are allowed. You can raise the maximum " +
- "via the \"MaximumAllowedReferencesPerManifest\" property in the configuration.",
- e.getCause().getMessage());
- } finally {
- TestUtils.changeValueOfMaximumAllowedReferencesPerManifest(oldval);
- }
- }
-
- @Test
- public void testMaximumAllowedTransformsPerReference() throws Exception {
- // Read in plaintext document
- InputStream sourceDocument =
- this.getClass().getClassLoader().getResourceAsStream(
- "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
- Document document = XMLUtils.read(sourceDocument, false);
-
- // Set up the Key
- KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(
- this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
- "default".toCharArray()
- );
- Key key = keyStore.getKey("transmitter", "default".toCharArray());
- X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
-
- // Sign using DOM
- List<String> localNames = new ArrayList<>();
- localNames.add("PaymentInfo");
- XMLSignature sig = signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
- );
-
- // Add KeyInfo
- sig.addKeyInfo(cert);
-
- // Convert Document to a Stream Reader
- javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
- // Verify signature
- XMLSecurityProperties properties = new XMLSecurityProperties();
- InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
- TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
- XMLStreamReader securityStreamReader =
- inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
-
- int oldval = 0;
- try {
- oldval = TestUtils.changeValueOfMaximumAllowedTransformsPerReference(0);
- document = StAX2DOM.readDoc(securityStreamReader);
- fail("Exception expected");
- } catch (XMLStreamException e) {
- assertTrue(e.getCause() instanceof XMLSecurityException);
- assertEquals("1 transforms are contained in the Reference, maximum 0 are allowed. You can raise the maximum " +
- "via the \"MaximumAllowedTransformsPerReference\" property in the configuration.",
- e.getCause().getMessage());
- } finally {
- TestUtils.changeValueOfMaximumAllowedTransformsPerReference(oldval);
- }
- }
-
- @Test
public void testDisallowMD5Algorithm() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
Copied: santuario/xml-security-java/trunk/src/test/resources/security-config-max-ref-per.xml (from r1876028, santuario/xml-security-java/trunk/src/test/resources/security-config-allow-same-doc.xml)
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/resources/security-config-max-ref-per.xml?p2=santuario/xml-security-java/trunk/src/test/resources/security-config-max-ref-per.xml&p1=santuario/xml-security-java/trunk/src/test/resources/security-config-allow-same-doc.xml&r1=1876028&r2=1876076&rev=1876076&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/resources/security-config-allow-same-doc.xml (original)
+++ santuario/xml-security-java/trunk/src/test/resources/security-config-max-ref-per.xml Fri Apr 3 06:50:01 2020
@@ -22,10 +22,10 @@
<Properties>
<Property NAME="securityTokenFactory" VAL="org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
<Property NAME="MaximumAllowedTransformsPerReference" VAL="5"/>
- <Property NAME="MaximumAllowedReferencesPerManifest" VAL="30"/>
+ <Property NAME="MaximumAllowedReferencesPerManifest" VAL="2"/>
<Property NAME="DoNotThrowExceptionForManifests" VAL="false"/>
<Property NAME="AllowMD5Algorithm" VAL="false"/>
- <Property NAME="AllowNotSameDocumentReferences" VAL="true"/>
+ <Property NAME="AllowNotSameDocumentReferences" VAL="false"/>
<Property NAME="MaximumAllowedXMLStructureDepth" VAL="100"/>
<Property NAME="MaximumAllowedEncryptedDataEvents" VAL="200"/>
<Property NAME="DefaultLanguageCode" VAL="en"/>
Added: santuario/xml-security-java/trunk/src/test/resources/security-config-max-trans-per.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/resources/security-config-max-trans-per.xml?rev=1876076&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/resources/security-config-max-trans-per.xml (added)
+++ santuario/xml-security-java/trunk/src/test/resources/security-config-max-trans-per.xml Fri Apr 3 06:50:01 2020
@@ -0,0 +1,589 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- This configuration file is used for configuration of the org.apache.xml.security.stax -->
+<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration">
+ <Properties>
+ <Property NAME="securityTokenFactory" VAL="org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
+ <Property NAME="MaximumAllowedTransformsPerReference" VAL="0"/>
+ <Property NAME="MaximumAllowedReferencesPerManifest" VAL="30"/>
+ <Property NAME="DoNotThrowExceptionForManifests" VAL="false"/>
+ <Property NAME="AllowMD5Algorithm" VAL="false"/>
+ <Property NAME="AllowNotSameDocumentReferences" VAL="false"/>
+ <Property NAME="MaximumAllowedXMLStructureDepth" VAL="100"/>
+ <Property NAME="MaximumAllowedEncryptedDataEvents" VAL="200"/>
+ <Property NAME="DefaultLanguageCode" VAL="en"/>
+ <Property NAME="DefaultCountryCode" VAL="US"/>
+ </Properties>
+ <SecurityHeaderHandlers>
+ </SecurityHeaderHandlers>
+ <TransformAlgorithms>
+ <!-- c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_OmitCommentsTransformer" />
+ <!-- c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_WithCommentsTransformer" />
+ <!-- c14n 1.1 omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer11_OmitCommentsTransformer" />
+ <!-- c14n 1.1 with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer11_WithCommentsTransformer" />
+ <!-- exclusive c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_ExclOmitCommentsTransformer" />
+ <!-- exclusive c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_ExclWithCommentsTransformer" />
+
+ <!-- Base64 -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.TransformBase64Decode" />
+
+ <!-- enveloped signature -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.TransformEnvelopedSignature" />
+ <!-- XPath transform -->
+ <!-- XSLT -->
+ <!-- XPath version 2 -->
+ <!-- XPath version 2b -->
+ </TransformAlgorithms>
+ <JCEAlgorithmMappings>
+ <!-- MessageDigest Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
+ Description="MD5 message digest from RFC 1321"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="MD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
+ Description="RIPEMD-160 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="RIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
+ Description="SHA-1 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="REQUIRED"
+ JCEName="SHA-1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha224"
+ Description="SHA-224 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
+ Description="SHA-1 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="RECOMMENDED"
+ JCEName="SHA-256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"
+ Description="SHA message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA-384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
+ Description="SHA-1 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-512"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#whirlpool"
+ Description="WHIRLPOOL message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="WHIRLPOOL"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224"
+ Description="SHA-3 message digest with 224 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-224"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256"
+ Description="SHA-3 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-256"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384"
+ Description="SHA-3 message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-384"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512"
+ Description="SHA-3 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-512"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha1"
+ Description="Mask Generation Function with SHA-1 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-1"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha224"
+ Description="Mask Generation Function with SHA-224 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-224"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha256"
+ Description="Mask Generation Function with SHA-256 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-256"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha384"
+ Description="Mask Generation Function with SHA-384 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-384"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha512"
+ Description="Mask Generation Function with SHA-512 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-512"/>
+
+ <!-- Signature Algorithms -->
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+ Description="Digital Signature Algorithm with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="REQUIRED"
+ RequiredKey="DSA"
+ JCEName="SHA1withDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+ Description="RSA Signature with MD5 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="MD5withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ Description="RSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="RIPEMD160withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+ Description="RSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ Description="RSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ Description="RSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ Description="RSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ Description="RSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ Description="ECDSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA1withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+ Description="ECDSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA224withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ Description="ECDSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA256withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ Description="ECDSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA384withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ Description="ECDSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA512withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ Description="ECDSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="https://tools.ietf.org/html/rfc6931"
+ RequiredKey="EC"
+ JCEName="RIPEMD160withECDSA"/>
+
+ <!-- MAC Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ Description="Message Authentication code using MD5"
+ AlgorithmClass="Mac"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacMD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ Description="Message Authentication code using RIPEMD-160"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HMACRIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+ Description="Message Authentication code using SHA1"
+ AlgorithmClass="Mac"
+ RequirementLevel="REQUIRED"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+ Description="Message Authentication code using SHA-224"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+ Description="Message Authentication code using SHA-256"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ Description="Message Authentication code using SHA-384"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ Description="Message Authentication code using SHA-512"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA512"/>
+
+ <!-- Block encryption Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
+ Description="Block encryption using Triple-DES"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ IVLength="64"
+ RequiredKey="DESede"
+ JCEName="DESede/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+ Description="Block encryption using AES with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc"
+ Description="Block encryption using AES with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
+ Description="Block encryption using AES with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"
+ Description="Block encryption using AES with a key length of 128 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"
+ Description="Block encryption using AES with a key length of 192 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"
+ Description="Block encryption using AES with a key length of 256 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc"
+ Description="Block encryption using SEED with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="SEED"
+ JCEName="SEED/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
+ Description="Block encryption using Camellia with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc"
+ Description="Block encryption using Camellia with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc"
+ Description="Block encryption using Camellia with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
+ Description="Key Transport RSA-v1.5"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/PKCS1Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPWithSHA1AndMGF1Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
+ Description="Key Agreement Diffie-Hellman"
+ AlgorithmClass="KeyAgreement"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="DH"
+ JCEName="DH"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
+ Description="Symmetric Key Wrap using Triple DES"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ RequiredKey="DESede"
+ JCEName="DESedeWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128"
+ Description="Symmetric Key Wrap using AES with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192"
+ Description="Symmetric Key Wrap using AES with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256"
+ Description="Symmetric Key Wrap using AES with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia192"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia256"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
+ Description="Symmetric Key Wrap using SEED with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="SEED"
+ JCEName="SEEDWrap"/>
+ </JCEAlgorithmMappings>
+ <ResourceResolvers>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument"
+ DESCRIPTION="A simple resolver for requests of same-document URIs"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverFilesystem"
+ DESCRIPTION="A simple resolver for requests to the local file system"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverHttp"
+ DESCRIPTION="A simple resolver for requests to HTTP space"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer"
+ DESCRIPTION="A simple resolver for requests of XPointer fragments"/>
+ </ResourceResolvers>
+</Configuration>