You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2012/07/11 16:50:06 UTC
svn commit: r1360211 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/input/
main/java/org/apache/xml/security/stax/impl/securityToken/
test/java/org/apache/x...
Author: coheigea
Date: Wed Jul 11 14:50:06 2012
New Revision: 1360211
URL: http://svn.apache.org/viewvc?rev=1360211&view=rev
Log:
Moved some of the AbstractSecurityToken architecture to Santuario
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactory.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java Wed Jul 11 14:50:06 2012
@@ -243,5 +243,17 @@ public class OutboundXMLSec {
// TODO Auto-generated method stub
return null;
}
+
+ @Override
+ public void setElementPath(List<QName> elementPath) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setXMLSecEvent(XMLSecEvent xmlSecEvent) {
+ // TODO Auto-generated method stub
+
+ }
};
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java Wed Jul 11 14:50:06 2012
@@ -144,4 +144,8 @@ public interface SecurityToken {
void addTokenUsage(TokenUsage tokenUsage) throws XMLSecurityException;
List<TokenUsage> getTokenUsages();
+
+ void setElementPath(List<QName> elementPath);
+
+ void setXMLSecEvent(XMLSecEvent xmlSecEvent);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java Wed Jul 11 14:50:06 2012
@@ -396,7 +396,8 @@ public abstract class AbstractDecryptInp
//retrieve the securityToken which must be used for decryption
return SecurityTokenFactory.getInstance().getSecurityToken(
keyInfoType, getSecurityProperties().getDecryptionCrypto(),
- getSecurityProperties().getCallbackHandler(), inputProcessorChain.getSecurityContext());
+ getSecurityProperties().getCallbackHandler(), getSecurityProperties(),
+ inputProcessorChain.getSecurityContext());
}
private EncryptedDataType parseEncryptedDataStructure(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Wed Jul 11 14:50:06 2012
@@ -216,7 +216,7 @@ public abstract class AbstractSignatureR
throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException,
IllegalAccessException, InvocationTargetException {
if (referenceType.getTransforms() == null) {
- // If no Transforms then just default to an Exclusive with comments transform
+ // If no Transforms then just default to an Inclusive without comments transform
Transformer transformer = new Canonicalizer20010315_OmitCommentsTransformer();
transformer.setOutputStream(getBufferedDigestOutputStream());
this.setTransformer(transformer);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java Wed Jul 11 14:50:06 2012
@@ -18,26 +18,15 @@
*/
package org.apache.xml.security.stax.impl.processor.input;
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
-
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
-import org.apache.xml.security.binding.xmldsig.KeyValueType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
-import org.apache.xml.security.binding.xmldsig.X509DataType;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
-import org.apache.xml.security.stax.ext.XMLSecurityUtils;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
@@ -123,125 +112,12 @@ public class XMLSignatureInputHandler ex
protected SecurityToken retrieveSecurityToken(KeyInfoType keyInfoType,
XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException {
- SignatureSecurityToken token =
- new SignatureSecurityToken(securityProperties.getSignatureVerificationKey());
-
- // TODO revisit
- if (keyInfoType != null) {
- final KeyValueType keyValueType =
- XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
- if (keyValueType != null) {
- token.setTokenType(XMLSecurityConstants.KeyValueToken);
- }
- final X509DataType x509DataType =
- XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
- if (x509DataType != null) {
- token.setTokenType(XMLSecurityConstants.X509V3Token);
- }
- }
-
- return token;
+ return SecurityTokenFactory.getInstance().getSecurityToken(keyInfoType,
+ null,
+ securityProperties.getCallbackHandler(),
+ securityProperties,
+ securityContext);
}
}
-
- private static class SignatureSecurityToken implements SecurityToken {
- private Key key;
- private XMLSecurityConstants.TokenType tokenType;
-
- public SignatureSecurityToken(Key key) {
- this.key = key;
- }
-
- public String getId() {
- return null;
- }
-
-
- public Object getProcessor() {
- return null;
- }
-
- public boolean isAsymmetric() {
- if (key instanceof PublicKey) {
- return true;
- }
- return false;
- }
-
- public Key getSecretKey(
- String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage
- ) throws XMLSecurityException {
- if (key instanceof SecretKey) {
- return key;
- }
- return null;
- }
-
- public PublicKey getPublicKey(
- String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage
- ) throws XMLSecurityException {
- if (key instanceof PublicKey) {
- return (PublicKey)key;
- }
- return null;
- }
-
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return null;
- }
-
- public void verify() throws XMLSecurityException {
- }
-
- public SecurityToken getKeyWrappingToken() {
- return null;
- }
-
- public XMLSecurityConstants.TokenType getTokenType() {
- return tokenType;
- }
-
- public void setTokenType(XMLSecurityConstants.TokenType tokenType) {
- this.tokenType = tokenType;
- }
-
- @Override
- public List<QName> getElementPath() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public XMLSecEvent getXMLSecEvent() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public List<SecurityToken> getWrappedTokens()
- throws XMLSecurityException {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public void addWrappedToken(SecurityToken securityToken) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void addTokenUsage(TokenUsage tokenUsage)
- throws XMLSecurityException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public List<TokenUsage> getTokenUsages() {
- // TODO Auto-generated method stub
- return null;
- }
- };
}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java?rev=1360211&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java Wed Jul 11 14:50:06 2012
@@ -0,0 +1,206 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
+
+import javax.crypto.SecretKey;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAKey;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.RSAKey;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1359731 $ $Date: 2012-07-10 16:39:40 +0100 (Tue, 10 Jul 2012) $
+ */
+public abstract class AbstractSecurityToken implements SecurityToken {
+
+ //todo Probably we should introduce a dynamic proxy
+ //for this class which then could test for invocation count and could also be
+ //used for SecurityEvents and such.
+ //prevent recursive key references:
+ private int invocationCount = 0;
+
+ private SecurityContext securityContext;
+ private CallbackHandler callbackHandler;
+ private final String id;
+ private Object processor;
+ private List<QName> elementPath;
+ private XMLSecEvent xmlSecEvent;
+ private XMLSecurityConstants.KeyIdentifierType keyIdentifierType;
+ private final List<SecurityToken> wrappedTokens = new ArrayList<SecurityToken>();
+ private final List<TokenUsage> tokenUsages = new ArrayList<TokenUsage>();
+
+ public AbstractSecurityToken(String id) {
+ this.id = id;
+ }
+
+ public AbstractSecurityToken(SecurityContext securityContext, CallbackHandler callbackHandler,
+ String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ this.securityContext = securityContext;
+ this.callbackHandler = callbackHandler;
+ this.id = id;
+ this.keyIdentifierType = keyIdentifierType;
+ }
+
+ private void incrementAndTestInvocationCount() throws XMLSecurityException {
+ invocationCount++;
+ if (invocationCount >= 10) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
+ }
+ }
+
+ private void decrementInvocationCount() {
+ invocationCount--;
+ }
+
+ public XMLSecurityConstants.KeyIdentifierType getKeyIdentifierType() {
+ return keyIdentifierType;
+ }
+
+ public String getId() {
+ return this.id;
+ }
+
+ public Object getProcessor() {
+ return processor;
+ }
+
+ public void setProcessor(Object processor) {
+ this.processor = processor;
+ }
+
+ @Override
+ public List<QName> getElementPath() {
+ return elementPath;
+ }
+
+ public void setElementPath(List<QName> elementPath) {
+ this.elementPath = Collections.unmodifiableList(elementPath);
+ }
+
+ @Override
+ public XMLSecEvent getXMLSecEvent() {
+ return xmlSecEvent;
+ }
+
+ @Override
+ public void setXMLSecEvent(XMLSecEvent xmlSecEvent) {
+ this.xmlSecEvent = xmlSecEvent;
+ }
+
+ public CallbackHandler getCallbackHandler() {
+ return callbackHandler;
+ }
+
+ protected abstract Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException;
+
+ @Override
+ public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ incrementAndTestInvocationCount();
+ Key key = getKey(algorithmURI, keyUsage);
+ if (key != null && this.securityContext != null) {
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+ algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI);
+ algorithmSuiteSecurityEvent.setKeyUsage(keyUsage);
+ if (key instanceof RSAKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((RSAKey) key).getModulus().bitLength());
+ } else if (key instanceof SecretKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(key.getEncoded().length * 8);
+ } else {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "invalidKeySize");
+ }
+ this.securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ }
+ decrementInvocationCount();
+ return key;
+ }
+
+ protected abstract PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException;
+
+ @Override
+ public PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ incrementAndTestInvocationCount();
+ PublicKey publicKey = getPubKey(algorithmURI, keyUsage);
+ if (publicKey != null) {
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+ algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI);
+ algorithmSuiteSecurityEvent.setKeyUsage(keyUsage);
+ if (publicKey instanceof RSAKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((RSAKey) publicKey).getModulus().bitLength());
+ } else if (publicKey instanceof DSAKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((DSAKey) publicKey).getParams().getP().bitLength());
+ } else if (publicKey instanceof ECKey) {
+ algorithmSuiteSecurityEvent.setKeyLength(((ECKey) publicKey).getParams().getOrder().bitLength());
+ } else {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM);
+ }
+ securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ }
+ decrementInvocationCount();
+ return publicKey;
+ }
+
+ public X509Certificate[] getX509Certificates() throws XMLSecurityException {
+ return null;
+ }
+
+ public void verify() throws XMLSecurityException {
+ }
+
+ @Override
+ public List<SecurityToken> getWrappedTokens() {
+ return Collections.unmodifiableList(wrappedTokens);
+ }
+
+ @Override
+ public void addWrappedToken(SecurityToken securityToken) {
+ wrappedTokens.add(securityToken);
+ }
+
+ @Override
+ public void addTokenUsage(TokenUsage tokenUsage) throws XMLSecurityException {
+ incrementAndTestInvocationCount();
+ if (!this.tokenUsages.contains(tokenUsage)) {
+ this.tokenUsages.add(tokenUsage);
+ }
+ if (getKeyWrappingToken() != null) {
+ getKeyWrappingToken().addTokenUsage(tokenUsage);
+ }
+ decrementInvocationCount();
+ }
+
+ @Override
+ public List<TokenUsage> getTokenUsages() {
+ return tokenUsages;
+ }
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java?rev=1360211&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java Wed Jul 11 14:50:06 2012
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+
+import javax.security.auth.callback.CallbackHandler;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class DsaKeyValueSecurityToken extends AbstractSecurityToken {
+
+ private PublicKey publicKey;
+
+ public DsaKeyValueSecurityToken(DSAKeyValueType dsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ super(securityContext, callbackHandler, null, keyIdentifierType);
+
+ try {
+ this.publicKey = buildPublicKey(dsaKeyValueType);
+ } catch (InvalidKeySpecException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+
+ private PublicKey buildPublicKey(DSAKeyValueType dsaKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException {
+ DSAPublicKeySpec dsaPublicKeySpec = new DSAPublicKeySpec(
+ new BigInteger(1, dsaKeyValueType.getY()),
+ new BigInteger(1, dsaKeyValueType.getP()),
+ new BigInteger(1, dsaKeyValueType.getQ()),
+ new BigInteger(1, dsaKeyValueType.getG()));
+ KeyFactory keyFactory = KeyFactory.getInstance("DSA");
+ return keyFactory.generatePublic(dsaPublicKeySpec);
+ }
+
+ @Override
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return null;
+ }
+
+ @Override
+ protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return this.publicKey;
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ return true;
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return XMLSecurityConstants.KeyValueToken;
+ }
+
+ //todo move to super class?
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return null;
+ }
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java?rev=1360211&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java Wed Jul 11 14:50:06 2012
@@ -0,0 +1,131 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.EllipticCurve;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.impl.algorithms.ECDSAUtils;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class ECKeyValueSecurityToken extends AbstractSecurityToken {
+
+ private PublicKey publicKey;
+
+ public ECKeyValueSecurityToken(ECKeyValueType ecKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ super(securityContext, callbackHandler, null, keyIdentifierType);
+
+ if (ecKeyValueType.getECParameters() != null) {
+ throw new XMLSecurityException("ECParameters not supported");
+ }
+ if (ecKeyValueType.getNamedCurve() == null) {
+ throw new XMLSecurityException("NamedCurve is missing");
+ }
+
+ try {
+ this.publicKey = buildPublicKey(ecKeyValueType);
+ } catch (InvalidKeySpecException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+
+ private PublicKey buildPublicKey(ECKeyValueType ecKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException, XMLSecurityException {
+ String oid = ecKeyValueType.getNamedCurve().getURI();
+ if (oid.startsWith("urn:oid:")) {
+ oid = oid.substring(8);
+ }
+ ECDSAUtils.ECCurveDefinition ecCurveDefinition = ECDSAUtils.getECCurveDefinition(oid);
+ if (ecCurveDefinition == null) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
+ }
+ final EllipticCurve curve = new EllipticCurve(
+ new ECFieldFp(
+ new BigInteger(ecCurveDefinition.getField(), 16)
+ ),
+ new BigInteger(ecCurveDefinition.getA(), 16),
+ new BigInteger(ecCurveDefinition.getB(), 16)
+ );
+ ECPoint ecPointG = ECDSAUtils.decodePoint(ecKeyValueType.getPublicKey(), curve);
+ ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(
+ new ECPoint(
+ ecPointG.getAffineX(),
+ ecPointG.getAffineY()
+ ),
+ new ECParameterSpec(
+ curve,
+ new ECPoint(
+ new BigInteger(ecCurveDefinition.getX(), 16),
+ new BigInteger(ecCurveDefinition.getY(), 16)
+ ),
+ new BigInteger(ecCurveDefinition.getN(), 16),
+ ecCurveDefinition.getH()
+ )
+ );
+ KeyFactory keyFactory = KeyFactory.getInstance("EC");
+ return keyFactory.generatePublic(ecPublicKeySpec);
+ }
+
+ @Override
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return null;
+ }
+
+ @Override
+ protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return this.publicKey;
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ return true;
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return XMLSecurityConstants.KeyValueToken;
+ }
+
+ //todo move to super class?
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return null;
+ }
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java?rev=1360211&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java Wed Jul 11 14:50:06 2012
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+
+import javax.security.auth.callback.CallbackHandler;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.RSAPublicKeySpec;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class RsaKeyValueSecurityToken extends AbstractSecurityToken {
+
+ private PublicKey publicKey;
+
+ public RsaKeyValueSecurityToken(RSAKeyValueType rsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ super(securityContext, callbackHandler, null, keyIdentifierType);
+
+ try {
+ this.publicKey = buildPublicKey(rsaKeyValueType);
+ } catch (InvalidKeySpecException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+
+ private PublicKey buildPublicKey(RSAKeyValueType rsaKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException {
+ RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(
+ new BigInteger(1, rsaKeyValueType.getModulus()),
+ new BigInteger(1, rsaKeyValueType.getExponent()));
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ return keyFactory.generatePublic(rsaPublicKeySpec);
+ }
+
+ @Override
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return null;
+ }
+
+ @Override
+ protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return this.publicKey;
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ return true;
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return XMLSecurityConstants.KeyValueToken;
+ }
+
+ //todo move to super class?
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return null;
+ }
+}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactory.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactory.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactory.java Wed Jul 11 14:50:06 2012
@@ -24,6 +24,7 @@ import org.apache.xml.security.stax.cryp
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import javax.security.auth.callback.CallbackHandler;
@@ -61,5 +62,6 @@ public abstract class SecurityTokenFacto
public abstract SecurityToken getSecurityToken(KeyInfoType keyInfoType, Crypto crypto,
final CallbackHandler callbackHandler,
+ XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Wed Jul 11 14:50:06 2012
@@ -18,13 +18,27 @@
*/
package org.apache.xml.security.stax.impl.securityToken;
+import java.security.Key;
+import java.security.PublicKey;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
+import org.apache.xml.security.binding.xmldsig.KeyValueType;
+import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
+import org.apache.xml.security.binding.xmldsig.X509DataType;
+import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.stax.crypto.Crypto;
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.KeyIdentifierType;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.KeyUsage;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.TokenType;
import org.apache.xml.security.stax.ext.XMLSecurityException;
-
-import javax.security.auth.callback.CallbackHandler;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.ext.XMLSecurityUtils;
/**
* Factory to create SecurityToken Objects from keys in XML
@@ -40,8 +54,101 @@ public class SecurityTokenFactoryImpl ex
@Override
public SecurityToken getSecurityToken(KeyInfoType keyInfoType, Crypto crypto,
final CallbackHandler callbackHandler,
+ XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException {
+ if (keyInfoType != null) {
+ final KeyValueType keyValueType
+ = XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
+ if (keyValueType != null) {
+ return getSecurityToken(keyValueType, callbackHandler, securityContext);
+ }
+ // TODO revisit
+ final X509DataType x509DataType =
+ XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
+ if (x509DataType != null) {
+ X509SecurityToken token =
+ new X509SecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ callbackHandler, "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+ }
+ }
+
+ // TODO revisit
+ SecretKeySecurityToken token =
+ new SecretKeySecurityToken(securityContext, callbackHandler, "",
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+
+ // throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
+ }
+
+ private static SecurityToken getSecurityToken(KeyValueType keyValueType,
+ final CallbackHandler callbackHandler, SecurityContext securityContext)
+ throws XMLSecurityException {
+
+ final RSAKeyValueType rsaKeyValueType =
+ XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_RSAKeyValue);
+ if (rsaKeyValueType != null) {
+ return new RsaKeyValueSecurityToken(rsaKeyValueType, securityContext,
+ callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ }
+ final DSAKeyValueType dsaKeyValueType =
+ XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_DSAKeyValue);
+ if (dsaKeyValueType != null) {
+ return new DsaKeyValueSecurityToken(dsaKeyValueType, securityContext,
+ callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ }
+ final ECKeyValueType ecKeyValueType =
+ XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig11_ECKeyValue);
+ if (ecKeyValueType != null) {
+ return new ECKeyValueSecurityToken(ecKeyValueType, securityContext,
+ callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
+ }
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
+ }
+
+ private static class SecretKeySecurityToken extends AbstractSecurityToken {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
+ private Key key;
+
+ public SecretKeySecurityToken(SecurityContext securityContext,
+ CallbackHandler callbackHandler, String id,
+ KeyIdentifierType keyIdentifierType) {
+ super(securityContext, callbackHandler, id, keyIdentifierType);
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ return false;
+ }
+
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return null;
+ }
+
+ @Override
+ public TokenType getTokenType() {
+ return null;
+ }
+
+ @Override
+ protected Key getKey(String algorithmURI, KeyUsage keyUsage)
+ throws XMLSecurityException {
+ return key;
+ }
+
+ public void setKey(Key key) {
+ this.key = key;
+ }
+
+ @Override
+ protected PublicKey getPubKey(String algorithmURI, KeyUsage keyUsage)
+ throws XMLSecurityException {
+ return null;
+ }
+
}
}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java?rev=1360211&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java Wed Jul 11 14:50:06 2012
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class X509SecurityToken extends AbstractSecurityToken {
+ private X509Certificate[] x509Certificates;
+ private Key key;
+ private final XMLSecurityConstants.TokenType tokenType;
+
+ protected X509SecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
+ CallbackHandler callbackHandler, String id,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(securityContext, callbackHandler, id, keyIdentifierType);
+ this.tokenType = tokenType;
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ return true;
+ }
+
+ @Override
+ public Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return key;
+ }
+
+ public void setKey(Key key) {
+ this.key = key;
+ }
+
+ @Override
+ public PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ X509Certificate[] x509Certificates = getX509Certificates();
+ if (x509Certificates == null || x509Certificates.length == 0) {
+ if (getKey(algorithmURI, keyUsage) instanceof PublicKey) {
+ return (PublicKey)getKey(algorithmURI, keyUsage);
+ }
+ return null;
+ }
+ return x509Certificates[0].getPublicKey();
+ }
+
+ @Override
+ public X509Certificate[] getX509Certificates() throws XMLSecurityException {
+ return this.x509Certificates;
+ }
+
+ public void setX509Certificates(X509Certificate[] x509Certificates) {
+ this.x509Certificates = x509Certificates;
+ }
+
+ @Override
+ public SecurityToken getKeyWrappingToken() {
+ return null;
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return tokenType;
+ }
+}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java?rev=1360211&r1=1360210&r2=1360211&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java Wed Jul 11 14:50:06 2012
@@ -63,7 +63,6 @@ import org.apache.xml.security.test.dom.
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
// import org.apache.xml.security.utils.XMLUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -335,7 +334,10 @@ public class SignatureVerificationTest e
document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
// Check the SecurityEvents
- checkSecurityEvents(securityEventListener);
+ checkSecurityEvents(securityEventListener,
+ "http://www.w3.org/2001/10/xml-exc-c14n#",
+ "http://www.w3.org/2000/09/xmldsig#sha1",
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1");
checkSignedElementSecurityEvents(securityEventListener);
}
@@ -387,7 +389,8 @@ public class SignatureVerificationTest e
// Check the SecurityEvents
checkSecurityEvents(securityEventListener,
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
- "http://www.w3.org/2000/09/xmldsig#sha1");
+ "http://www.w3.org/2000/09/xmldsig#sha1",
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
checkSignedElementSecurityEvents(securityEventListener);
}
@@ -439,7 +442,61 @@ public class SignatureVerificationTest e
// Check the SecurityEvents
checkSecurityEvents(securityEventListener,
"http://www.w3.org/2006/12/xml-c14n11",
- "http://www.w3.org/2000/09/xmldsig#sha1");
+ "http://www.w3.org/2000/09/xmldsig#sha1",
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
+ checkSignedElementSecurityEvents(securityEventListener);
+ }
+
+ @Test
+ public void testStrongSignatureVerification() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+ signUsingDOM(
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", document, localNames, cert, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2001/04/xmlenc#sha256"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+
+ // Check the SecurityEvents
+ checkSecurityEvents(securityEventListener,
+ "http://www.w3.org/2001/10/xml-exc-c14n#",
+ "http://www.w3.org/2001/04/xmlenc#sha256",
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
checkSignedElementSecurityEvents(securityEventListener);
}
@@ -468,6 +525,22 @@ public class SignatureVerificationTest e
Key signingKey,
String c14nMethod
) throws Exception {
+ String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
+ signUsingDOM(algorithm, document, localNames, cert, signingKey, c14nMethod, digestMethod);
+ }
+
+ /**
+ * Sign the document using DOM
+ */
+ private void signUsingDOM(
+ String algorithm,
+ Document document,
+ List<String> localNames,
+ X509Certificate cert,
+ Key signingKey,
+ String c14nMethod,
+ String digestMethod
+ ) throws Exception {
XMLSignature sig = new XMLSignature(document, "", algorithm, c14nMethod);
Element root = document.getDocumentElement();
root.appendChild(sig.getElement());
@@ -487,7 +560,7 @@ public class SignatureVerificationTest e
Transforms transforms = new Transforms(document);
transforms.addTransform(c14nMethod);
- sig.addDocument("#" + id, transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ sig.addDocument("#" + id, transforms, digestMethod);
}
if (cert != null) {
@@ -537,13 +610,15 @@ public class SignatureVerificationTest e
private void checkSecurityEvents(TestSecurityEventListener securityEventListener) {
String c14nAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
String digestAlgorithm = "http://www.w3.org/2000/09/xmldsig#sha1";
- checkSecurityEvents(securityEventListener, c14nAlgorithm, digestAlgorithm);
+ String signatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+ checkSecurityEvents(securityEventListener, c14nAlgorithm, digestAlgorithm, signatureMethod);
}
private void checkSecurityEvents(
TestSecurityEventListener securityEventListener,
String c14nAlgorithm,
- String digestAlgorithm
+ String digestAlgorithm,
+ String signatureMethod
) {
X509TokenSecurityEvent tokenEvent =
(X509TokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.X509Token);
@@ -573,6 +648,15 @@ public class SignatureVerificationTest e
assertEquals(digestAlgorithm, algorithmEvent.getAlgorithmURI());
}
}
+
+ // Signature method
+ for (SecurityEvent event : algorithmEvents) {
+ AlgorithmSuiteSecurityEvent algorithmEvent = (AlgorithmSuiteSecurityEvent)event;
+ if (algorithmEvent.getKeyUsage() == XMLSecurityConstants.Asym_Sig
+ || algorithmEvent.getKeyUsage() == XMLSecurityConstants.Sym_Sig) {
+ assertEquals(signatureMethod, algorithmEvent.getAlgorithmURI());
+ }
+ }
}
private void checkSignedElementSecurityEvents(TestSecurityEventListener securityEventListener) {