You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2012/09/17 16:54:30 UTC
svn commit: r1386643 [1/2] - in
/santuario/xml-security-java/branches/1.5.x-fixes: ./
src/main/java/org/apache/xml/security/keys/
src/main/java/org/apache/xml/security/keys/content/
src/main/java/org/apache/xml/security/keys/content/x509/ src/main/java...
Author: coheigea
Date: Mon Sep 17 14:54:28 2012
New Revision: 1386643
URL: http://svn.apache.org/viewvc?rev=1386643&view=rev
Log:
[SANTUARIO-345] - Support Signature 1.1 KeyInfo Extensions: DEREncodedKeyValue, KeyInfoReference, X509Digest
- Patch applied, thanks
Conflicts:
pom.xml
Added:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/KeyInfoReference.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Digest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Signature11ElementProxy.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/KeyInfoReferenceTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/DEREncodedKeyValueResolverTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyInfoReferenceResolverTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/X509DigestResolverTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/KeyInfoReference-RSA.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/KeyInfoReference-ReferenceChain.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/KeyInfoReference-WrongReferentType.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/KeyInfoReference-X509Certificate.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/cert-KeyInfoReference.crt
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keyresolver/rsa-KeyInfoReference.key
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/DEREncodedKeyValue-DSA.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/DEREncodedKeyValue-EC.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/DEREncodedKeyValue-RSA.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/KeyInfoReference.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/dsa.key
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/ec.key
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/rsa.key
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/x509/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/x509/X509Digest.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/test/resources/org/apache/xml/security/keys/content/x509/cert-X509Digest.crt
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/CHANGELOG.txt
santuario/xml-security-java/branches/1.5.x-fixes/pom.xml
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/KeyInfo.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/X509Data.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Constants.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/CHANGELOG.txt?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/CHANGELOG.txt (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/CHANGELOG.txt Mon Sep 17 14:54:28 2012
@@ -1,6 +1,7 @@
Changelog for "Apache xml-security" <http://santuario.apache.org/>
New in v1.5.3-SNAPSHOT:
+ Fixed SANTUARIO-345 - Support Signature 1.1 KeyInfo Extensions: DEREncodedKeyValue, KeyInfoReference, X509Digest.
Fixed SANTUARIO-342 - NullPointer in javax.xml.crypto.KeySelectorException.printStackTrace
Fixed SANTUARIO-336 - Multiple race conditions in the ResolverDirectHttp implementation
Fixed SANTUARIO-335 - Remove use of X509Certificate getSubjectDN + getIssuerDN.
Modified: santuario/xml-security-java/branches/1.5.x-fixes/pom.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/pom.xml?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/pom.xml (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/pom.xml Mon Sep 17 14:54:28 2012
@@ -110,7 +110,7 @@
<targetJdk>1.5</targetJdk>
<excludes>
<exclude>
- **/XMLX509SKI.java,**/KeyInfoFactory.java,**/XMLDSigSecurity.java
+ **/XMLX509SKI.java,**/KeyInfoFactory.java,**/XMLDSigSecurity.java,**/DEREncodedKeyValue.java
</exclude>
</excludes>
</configuration>
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/KeyInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/KeyInfo.java?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/KeyInfo.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/KeyInfo.java Mon Sep 17 14:54:28 2012
@@ -31,6 +31,8 @@ import org.apache.xml.security.encryptio
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.DEREncodedKeyValue;
+import org.apache.xml.security.keys.content.KeyInfoReference;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.keys.content.KeyValue;
import org.apache.xml.security.keys.content.MgmtData;
@@ -333,6 +335,46 @@ public class KeyInfo extends SignatureEl
XMLCipher cipher = XMLCipher.getInstance();
this.constructionElement.appendChild(cipher.martial(encryptedKey));
}
+
+ /**
+ * Method addDEREncodedKeyValue
+ *
+ * @param pk
+ * @throws XMLSecurityException
+ */
+ public void addDEREncodedKeyValue(PublicKey pk) throws XMLSecurityException {
+ this.add(new DEREncodedKeyValue(this.doc, pk));
+ }
+
+ /**
+ * Method add
+ *
+ * @param derEncodedKeyValue
+ */
+ public void add(DEREncodedKeyValue derEncodedKeyValue) {
+ this.constructionElement.appendChild(derEncodedKeyValue.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
+
+ /**
+ * Method addKeyInfoReference
+ *
+ * @param URI
+ * @throws XMLSecurityException
+ */
+ public void addKeyInfoReference(String URI) throws XMLSecurityException {
+ this.add(new KeyInfoReference(this.doc, URI));
+ }
+
+ /**
+ * Method add
+ *
+ * @param keyInfoReference
+ */
+ public void add(KeyInfoReference keyInfoReference) {
+ this.constructionElement.appendChild(keyInfoReference.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
/**
* Method addUnknownElement
@@ -411,6 +453,24 @@ public class KeyInfo extends SignatureEl
}
/**
+ * Method lengthDEREncodedKeyValue
+ *
+ *@return the number of the DEREncodedKeyValue tags
+ */
+ public int lengthDEREncodedKeyValue() {
+ return this.length(Constants.SignatureSpec11NS, Constants._TAG_DERENCODEDKEYVALUE);
+ }
+
+ /**
+ * Method lengthKeyInfoReference
+ *
+ *@return the number of the KeyInfoReference tags
+ */
+ public int lengthKeyInfoReference() {
+ return this.length(Constants.SignatureSpec11NS, Constants._TAG_KEYINFOREFERENCE);
+ }
+
+ /**
* Method lengthUnknownElement
* NOTE possibly buggy.
* @return the number of the UnknownElement tags
@@ -542,7 +602,7 @@ public class KeyInfo extends SignatureEl
}
return null;
}
-
+
/**
* Method itemX509Data
*
@@ -586,6 +646,42 @@ public class KeyInfo extends SignatureEl
}
return null;
}
+
+ /**
+ * Method itemDEREncodedKeyValue
+ *
+ * @param i
+ * @return the asked DEREncodedKeyValue element, null if the index is too big
+ * @throws XMLSecurityException
+ */
+ public DEREncodedKeyValue itemDEREncodedKeyValue(int i) throws XMLSecurityException {
+ Element e =
+ XMLUtils.selectDs11Node(
+ this.constructionElement.getFirstChild(), Constants._TAG_DERENCODEDKEYVALUE, i);
+
+ if (e != null) {
+ return new DEREncodedKeyValue(e, this.baseURI);
+ }
+ return null;
+ }
+
+ /**
+ * Method itemKeyInfoReference
+ *
+ * @param i
+ * @return the asked KeyInfoReference element, null if the index is too big
+ * @throws XMLSecurityException
+ */
+ public KeyInfoReference itemKeyInfoReference(int i) throws XMLSecurityException {
+ Element e =
+ XMLUtils.selectDs11Node(
+ this.constructionElement.getFirstChild(), Constants._TAG_KEYINFOREFERENCE, i);
+
+ if (e != null) {
+ return new KeyInfoReference(e, this.baseURI);
+ }
+ return null;
+ }
/**
* Method itemUnknownElement
@@ -697,8 +793,26 @@ public class KeyInfo extends SignatureEl
public boolean containsX509Data() {
return this.lengthX509Data() > 0;
}
+
+ /**
+ * Method containsDEREncodedKeyValue
+ *
+ * @return If the KeyInfo contains a DEREncodedKeyValue node
+ */
+ public boolean containsDEREncodedKeyValue() {
+ return this.lengthDEREncodedKeyValue() > 0;
+ }
/**
+ * Method containsKeyInfoReference
+ *
+ * @return If the KeyInfo contains a KeyInfoReference node
+ */
+ public boolean containsKeyInfoReference() {
+ return this.lengthKeyInfoReference() > 0;
+ }
+
+ /**
* This method returns the public key.
*
* @return If the KeyInfo contains a PublicKey node
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/DEREncodedKeyValue.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,154 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.keys.content;
+
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.Signature11ElementProxy;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Provides content model support for the <code>dsig11:DEREncodedKeyvalue</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
+
+ /** JCA algorithm key types supported by this implementation. */
+ public static final String supportedKeyTypes[] = { "RSA", "DSA", "EC"};
+
+ /**
+ * Constructor DEREncodedKeyValue
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public DEREncodedKeyValue(Element element, String BaseURI) throws XMLSecurityException {
+ super(element, BaseURI);
+ }
+
+ /**
+ * Constructor DEREncodedKeyValue
+ *
+ * @param doc
+ * @param publicKey
+ * @throws XMLSecurityException
+ */
+ public DEREncodedKeyValue(Document doc, PublicKey publicKey) throws XMLSecurityException {
+ super(doc);
+
+ this.addBase64Text(getEncodedDER(publicKey));
+ }
+
+ /**
+ * Constructor DEREncodedKeyValue
+ *
+ * @param doc
+ * @param base64EncodedKey
+ */
+ public DEREncodedKeyValue(Document doc, byte[] encodedKey) {
+ super(doc);
+
+ this.addBase64Text(encodedKey);
+ }
+
+ /**
+ * Sets the <code>Id</code> attribute
+ *
+ * @param Id ID
+ */
+ public void setId(String id) {
+ if (id != null) {
+ this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+ } else {
+ this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
+ }
+ }
+
+ /**
+ * Returns the <code>Id</code> attribute
+ *
+ * @return the <code>Id</code> attribute
+ */
+ public String getId() {
+ return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+ }
+
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_DERENCODEDKEYVALUE;
+ }
+
+ /**
+ * Method getPublicKey
+ *
+ * @return the public key
+ * @throws XMLSecurityException
+ */
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ byte[] encodedKey = getBytesFromTextChild();
+
+ // Iterate over the supported key types until one produces a public key.
+ for (String keyType : supportedKeyTypes) {
+ try {
+ KeyFactory keyFactory = KeyFactory.getInstance(keyType);
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
+ PublicKey publicKey = keyFactory.generatePublic(keySpec);
+ if (publicKey != null) {
+ return publicKey;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ // Do nothing, try the next type
+ } catch (InvalidKeySpecException e) {
+ // Do nothing, try the next type
+ }
+ }
+ throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedEncodedKey");
+ }
+
+ /**
+ * Method getEncodedDER
+ *
+ * @return the public key
+ * @throws XMLSecurityException
+ */
+ protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException {
+ try {
+ KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
+ X509EncodedKeySpec keySpec = keyFactory.getKeySpec(publicKey, X509EncodedKeySpec.class);
+ return keySpec.getEncoded();
+ } catch (NoSuchAlgorithmException e) {
+ Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
+ throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
+ } catch (InvalidKeySpecException e) {
+ Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
+ throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
+ }
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/KeyInfoReference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/KeyInfoReference.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/KeyInfoReference.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/KeyInfoReference.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.keys.content;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.Signature11ElementProxy;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Provides content model support for the <code>dsig11:KeyInfoReference</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class KeyInfoReference extends Signature11ElementProxy implements KeyInfoContent {
+
+ /**
+ * Constructor RetrievalMethod
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public KeyInfoReference(Element element, String baseURI) throws XMLSecurityException {
+ super(element, baseURI);
+ }
+
+ /**
+ * Constructor RetrievalMethod
+ *
+ * @param doc
+ * @param URI
+ */
+ public KeyInfoReference(Document doc, String URI) {
+ super(doc);
+
+ this.constructionElement.setAttributeNS(null, Constants._ATT_URI, URI);
+ }
+
+ /**
+ * Method getURIAttr
+ *
+ * @return the URI attribute
+ */
+ public Attr getURIAttr() {
+ return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
+ }
+
+ /**
+ * Method getURI
+ *
+ * @return URI string
+ */
+ public String getURI() {
+ return this.getURIAttr().getNodeValue();
+ }
+
+ /**
+ * Sets the <code>Id</code> attribute
+ *
+ * @param Id ID
+ */
+ public void setId(String id) {
+ if (id != null) {
+ this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+ } else {
+ this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
+ }
+ }
+
+ /**
+ * Returns the <code>Id</code> attribute
+ *
+ * @return the <code>Id</code> attribute
+ */
+ public String getId() {
+ return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+ }
+
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_KEYINFOREFERENCE;
+ }
+}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/X509Data.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/X509Data.java?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/X509Data.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/X509Data.java Mon Sep 17 14:54:28 2012
@@ -24,6 +24,7 @@ import java.security.cert.X509Certificat
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.x509.XMLX509CRL;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509Digest;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
@@ -223,6 +224,38 @@ public class X509Data extends SignatureE
}
/**
+ * Method addDigest
+ *
+ * @param x509certificate
+ * @param algorithmURI
+ * @throws XMLSecurityException
+ */
+ public void addDigest(X509Certificate x509certificate, String algorithmURI)
+ throws XMLSecurityException {
+ this.add(new XMLX509Digest(this.doc, x509certificate, algorithmURI));
+ }
+
+ /**
+ * Method addDigest
+ *
+ * @param x509CertificateDigestByes
+ * @param algorithmURI
+ */
+ public void addDigest(byte[] x509certificateDigestBytes, String algorithmURI) {
+ this.add(new XMLX509Digest(this.doc, x509certificateDigestBytes, algorithmURI));
+ }
+
+ /**
+ * Method add
+ *
+ * @param XMLX509Digest
+ */
+ public void add(XMLX509Digest xmlX509Digest) {
+ this.constructionElement.appendChild(xmlX509Digest.getElement());
+ XMLUtils.addReturnToElement(this.constructionElement);
+ }
+
+ /**
* Method addUnknownElement
*
* @param element
@@ -278,6 +311,15 @@ public class X509Data extends SignatureE
}
/**
+ * Method lengthDigest
+ *
+ * @return the number of X509Digest elements in this X509Data
+ */
+ public int lengthDigest() {
+ return this.length(Constants.SignatureSpec11NS, Constants._TAG_X509DIGEST);
+ }
+
+ /**
* Method lengthUnknownElement
*
* @return the number of UnknownElement elements in this X509Data
@@ -391,6 +433,25 @@ public class X509Data extends SignatureE
}
/**
+ * Method itemDigest
+ *
+ * @param i
+ * @return the X509Digest, null if not present
+ * @throws XMLSecurityException
+ */
+ public XMLX509Digest itemDigest(int i) throws XMLSecurityException {
+
+ Element e =
+ XMLUtils.selectDs11Node(
+ this.constructionElement.getFirstChild(), Constants._TAG_X509DIGEST, i);
+
+ if (e != null) {
+ return new XMLX509Digest(e, this.baseURI);
+ }
+ return null;
+ }
+
+ /**
* Method itemUnknownElement
*
* @param i
@@ -441,6 +502,15 @@ public class X509Data extends SignatureE
}
/**
+ * Method containsDigest
+ *
+ * @return true if this X509Data contains an X509Digest
+ */
+ public boolean containsDigest() {
+ return this.lengthDigest() > 0;
+ }
+
+ /**
* Method containsCRL
*
* @return true if this X509Data contains a CRL
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Digest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Digest.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Digest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Digest.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.keys.content.x509;
+
+import java.security.MessageDigest;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.Signature11ElementProxy;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Provides content model support for the <code>dsig11:X509Digest</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class XMLX509Digest extends Signature11ElementProxy implements XMLX509DataContent {
+
+ /**
+ * Constructor XMLX509Digest
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public XMLX509Digest(Element element, String BaseURI) throws XMLSecurityException {
+ super(element, BaseURI);
+ }
+
+ /**
+ * Constructor XMLX509Digest
+ *
+ * @param doc
+ * @param digestBytes
+ * @param algorithmURI
+ */
+ public XMLX509Digest(Document doc, byte[] digestBytes, String algorithmURI) {
+ super(doc);
+ this.addBase64Text(digestBytes);
+ this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
+ }
+
+ /**
+ * Constructor XMLX509Digest
+ *
+ * @param doc
+ * @param x509certificate
+ * @param algorithmURI
+ * @throws XMLSecurityException
+ */
+ public XMLX509Digest(Document doc, X509Certificate x509certificate, String algorithmURI) throws XMLSecurityException {
+ super(doc);
+ this.addBase64Text(getDigestBytesFromCert(x509certificate, algorithmURI));
+ this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
+ }
+
+ /**
+ * Method getAlgorithmAttr
+ *
+ * @return the Algorithm attribute
+ */
+ public Attr getAlgorithmAttr() {
+ return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_ALGORITHM);
+ }
+
+ /**
+ * Method getAlgorithm
+ *
+ * @return Algorithm string
+ */
+ public String getAlgorithm() {
+ return this.getAlgorithmAttr().getNodeValue();
+ }
+
+ /**
+ * Method getDigestBytes
+ *
+ * @return the digestbytes
+ * @throws XMLSecurityException
+ */
+ public byte[] getDigestBytes() throws XMLSecurityException {
+ return this.getBytesFromTextChild();
+ }
+
+ /**
+ * Method getDigestBytesFromCert
+ *
+ * @param cert
+ * @param algorithmURI
+ * @return digest bytes from the given certificate
+ *
+ * @throws XMLSecurityException
+ */
+ public static byte[] getDigestBytesFromCert(X509Certificate cert, String algorithmURI) throws XMLSecurityException {
+ String jcaDigestAlgorithm = JCEMapper.translateURItoJCEID(algorithmURI);
+ if (jcaDigestAlgorithm == null) {
+ Object exArgs[] = { algorithmURI };
+ throw new XMLSecurityException("XMLX509Digest.UnknownDigestAlgorithm", exArgs);
+ }
+
+ try {
+ MessageDigest md = MessageDigest.getInstance(jcaDigestAlgorithm);
+ return md.digest(cert.getEncoded());
+ } catch (Exception e) {
+ Object exArgs[] = { jcaDigestAlgorithm };
+ throw new XMLSecurityException("XMLX509Digest.FailedDigest", exArgs);
+ }
+
+ }
+
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_X509DIGEST;
+ }
+}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java Mon Sep 17 14:54:28 2012
@@ -27,10 +27,13 @@ import java.util.concurrent.CopyOnWriteA
import javax.crypto.SecretKey;
+import org.apache.xml.security.keys.keyresolver.implementations.DEREncodedKeyValueResolver;
import org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver;
+import org.apache.xml.security.keys.keyresolver.implementations.KeyInfoReferenceResolver;
import org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver;
import org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver;
import org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver;
+import org.apache.xml.security.keys.keyresolver.implementations.X509DigestResolver;
import org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver;
import org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver;
import org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver;
@@ -273,6 +276,9 @@ public class KeyResolver {
keyResolverList.add(new KeyResolver(new RetrievalMethodResolver()));
keyResolverList.add(new KeyResolver(new X509SubjectNameResolver()));
keyResolverList.add(new KeyResolver(new X509IssuerSerialResolver()));
+ keyResolverList.add(new KeyResolver(new DEREncodedKeyValueResolver()));
+ keyResolverList.add(new KeyResolver(new KeyInfoReferenceResolver()));
+ keyResolverList.add(new KeyResolver(new X509DigestResolver()));
resolverVector.addAll(keyResolverList);
}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,79 @@
+package org.apache.xml.security.keys.keyresolver.implementations;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.DEREncodedKeyValue;
+import org.apache.xml.security.keys.keyresolver.KeyResolverException;
+import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
+import org.apache.xml.security.keys.storage.StorageResolver;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * KeyResolverSpi implementation which resolves public keys from a
+ * <code>dsig11:DEREncodedKeyValue</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class DEREncodedKeyValueResolver extends KeyResolverSpi {
+
+ /** {@link org.apache.commons.logging} logging facility */
+ private static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(DEREncodedKeyValueResolver.class);
+
+ /** {@inheritDoc}. */
+ public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_DERENCODEDKEYVALUE);
+ }
+
+ /** {@inheritDoc}. */
+ public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ DEREncodedKeyValue derKeyValue = new DEREncodedKeyValue(element, baseURI);
+ return derKeyValue.getPublicKey();
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+ return null;
+ }
+
+
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,286 @@
+package org.apache.xml.security.keys.keyresolver.implementations;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.crypto.SecretKey;
+import javax.xml.XMLConstants;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.xml.security.c14n.CanonicalizationException;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.KeyInfoReference;
+import org.apache.xml.security.keys.keyresolver.KeyResolverException;
+import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
+import org.apache.xml.security.keys.storage.StorageResolver;
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+/**
+ * KeyResolverSpi implementation which resolves public keys, private keys, secret keys, and X.509 certificates from a
+ * <code>dsig11:KeyInfoReference</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class KeyInfoReferenceResolver extends KeyResolverSpi {
+
+ /** {@link org.apache.commons.logging} logging facility */
+ private static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(KeyInfoReferenceResolver.class);
+
+ /** {@inheritDoc}. */
+ public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_KEYINFOREFERENCE);
+ }
+
+ /** {@inheritDoc}. */
+ public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ if (referent != null) {
+ return referent.getPublicKey();
+ }
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ if (referent != null) {
+ return referent.getX509Certificate();
+ }
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ if (referent != null) {
+ return referent.getSecretKey();
+ }
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ if (referent != null) {
+ return referent.getPrivateKey();
+ }
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
+ *
+ * @param element
+ * @param baseURI
+ * @param storage
+ * @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
+ * @throws XMLSecurityException
+ */
+ private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
+ KeyInfoReference reference = new KeyInfoReference(element, baseURI);
+ Attr uriAttr = reference.getURIAttr();
+
+ XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
+
+ Element referentElement = null;
+ try {
+ referentElement = obtainReferenceElement(resource);
+ } catch (Exception e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ return null;
+ }
+
+ if (referentElement == null) {
+ log.debug("De-reference of KeyInfoReference URI returned null: " + uriAttr.getValue());
+ return null;
+ }
+
+ validateReference(referentElement);
+
+ KeyInfo referent = new KeyInfo(referentElement, baseURI);
+ referent.addStorageResolver(storage);
+ return referent;
+ }
+
+ /**
+ * Validate the Element referred to by the KeyInfoReference.
+ *
+ * @param referentElement
+ *
+ * @throws XMLSecurityException
+ */
+ private void validateReference(Element referentElement) throws XMLSecurityException {
+ if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) {
+ Object exArgs[] = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) };
+ throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs);
+ }
+
+ KeyInfo referent = new KeyInfo(referentElement, "");
+ if (referent.containsKeyInfoReference()) {
+ if (secureValidation) {
+ throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure");
+ } else {
+ // Don't support chains of references at this time. If do support in the future, this is where the code
+ // would go to validate that don't have a cycle, resulting in an infinite loop. This may be unrealistic
+ // to implement, and/or very expensive given remote URI references.
+ throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithoutSecure");
+ }
+ }
+
+ }
+
+ /**
+ * Resolve the XML signature input represented by the specified URI.
+ *
+ * @param uri
+ * @param baseURI
+ * @param secureValidation
+ * @return
+ * @throws XMLSecurityException
+ */
+ private XMLSignatureInput resolveInput(Attr uri, String baseURI, boolean secureValidation)
+ throws XMLSecurityException {
+ ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
+ XMLSignatureInput resource = resRes.resolve(uri, baseURI);
+ return resource;
+ }
+
+ /**
+ * Resolve the Element effectively represented by the XML signature input source.
+ *
+ * @param resource
+ * @return
+ * @throws CanonicalizationException
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ * @throws KeyResolverException
+ */
+ private Element obtainReferenceElement(XMLSignatureInput resource)
+ throws CanonicalizationException, ParserConfigurationException,
+ IOException, SAXException, KeyResolverException {
+
+ Element e;
+ if (resource.isElement()){
+ e = (Element) resource.getSubNode();
+ } else if (resource.isNodeSet()) {
+ log.debug("De-reference of KeyInfoReference returned an unsupported NodeSet");
+ return null;
+ } else {
+ // Retrieved resource is a byte stream
+ byte inputBytes[] = resource.getBytes();
+ e = getDocFromBytes(inputBytes);
+ }
+ return e;
+ }
+
+ /**
+ * Parses a byte array and returns the parsed Element.
+ *
+ * @param bytes
+ * @return the Document Element after parsing bytes
+ * @throws KeyResolverException if something goes wrong
+ */
+ private Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
+ try {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.parse(new ByteArrayInputStream(bytes));
+ return doc.getDocumentElement();
+ } catch (SAXException ex) {
+ throw new KeyResolverException("empty", ex);
+ } catch (IOException ex) {
+ throw new KeyResolverException("empty", ex);
+ } catch (ParserConfigurationException ex) {
+ throw new KeyResolverException("empty", ex);
+ }
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,160 @@
+package org.apache.xml.security.keys.keyresolver.implementations;
+
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Iterator;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.x509.XMLX509Digest;
+import org.apache.xml.security.keys.keyresolver.KeyResolverException;
+import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
+import org.apache.xml.security.keys.storage.StorageResolver;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * KeyResolverSpi implementation which resolves public keys and X.509 certificates from a
+ * <code>dsig11:X509Digest</code> element.
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public class X509DigestResolver extends KeyResolverSpi {
+
+ /** {@link org.apache.commons.logging} logging facility */
+ private static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(X509DigestResolver.class);
+
+ /** {@inheritDoc}. */
+ public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
+ try {
+ X509Data x509Data = new X509Data(element, baseURI);
+ return x509Data.containsDigest();
+ } catch (XMLSecurityException e) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
+
+ /** {@inheritDoc}. */
+ public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
+
+ if (cert != null) {
+ return cert.getPublicKey();
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Can I resolve " + element.getTagName());
+ }
+
+ if (!engineCanResolve(element, baseURI, storage)) {
+ return null;
+ }
+
+ try {
+ return resolveCertificate(element, baseURI, storage);
+ } catch (XMLSecurityException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("XMLSecurityException", e);
+ }
+ }
+
+ return null;
+ }
+
+ /** {@inheritDoc}. */
+ public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ throws KeyResolverException {
+ return null;
+ }
+
+ /**
+ * Resolves from the storage resolver the actual certificate represented by the digest.
+ *
+ * @param element
+ * @param baseURI
+ * @param storage
+ * @return
+ * @throws XMLSecurityException
+ */
+ private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage)
+ throws XMLSecurityException {
+
+ XMLX509Digest x509Digests[] = null;
+
+ Element x509childNodes[] = XMLUtils.selectDs11Nodes(element.getFirstChild(), Constants._TAG_X509DIGEST);
+
+ if (x509childNodes == null || x509childNodes.length <= 0) {
+ return null;
+ }
+
+ try {
+ checkStorage(storage);
+
+ x509Digests = new XMLX509Digest[x509childNodes.length];
+
+ for (int i = 0; i < x509childNodes.length; i++) {
+ x509Digests[i] = new XMLX509Digest(x509childNodes[i], baseURI);
+ }
+
+ Iterator<Certificate> storageIterator = storage.getIterator();
+ while (storageIterator.hasNext()) {
+ X509Certificate cert = (X509Certificate) storageIterator.next();
+
+ for (int i = 0; i < x509Digests.length; i++) {
+ XMLX509Digest keyInfoDigest = x509Digests[i];
+ byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm());
+
+ if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Found certificate with: " + cert.getSubjectX500Principal().getName());
+ }
+ return cert;
+ }
+
+ }
+ }
+
+ } catch (XMLSecurityException ex) {
+ throw new KeyResolverException("empty", ex);
+ }
+
+ return null;
+ }
+
+ /**
+ * Method checkSrorage
+ *
+ * @param storage
+ * @throws KeyResolverException
+ */
+ private void checkStorage(StorageResolver storage) throws KeyResolverException {
+ if (storage == null) {
+ Object exArgs[] = { Constants._TAG_X509DIGEST };
+ KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
+ if (log.isDebugEnabled()) {
+ log.debug("", ex);
+ }
+ throw ex;
+ }
+ }
+
+}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Constants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Constants.java?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Constants.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Constants.java Mon Sep 17 14:54:28 2012
@@ -56,6 +56,12 @@ public class Constants {
*/
public static final String SignatureSpecNS = "http://www.w3.org/2000/09/xmldsig#";
+ /**
+ * The namespace of the
+ * <A HREF="http://www.w3.org/TR/xmldsig-core1/">XML Signature specification</A>
+ */
+ public static final String SignatureSpec11NS = "http://www.w3.org/2009/xmldsig11#";
+
/** The URL for more algorithms **/
public static final String MoreAlgorithmsSpecNS = "http://www.w3.org/2001/04/xmldsig-more#";
@@ -234,6 +240,15 @@ public class Constants {
/** Tag of Element PGPKeyPacket **/
public static final String _TAG_PGPKEYPACKET = "PGPKeyPacket";
+ /** Tag of Element PGPKeyPacket **/
+ public static final String _TAG_DERENCODEDKEYVALUE = "DEREncodedKeyValue";
+
+ /** Tag of Element PGPKeyPacket **/
+ public static final String _TAG_KEYINFOREFERENCE = "KeyInfoReference";
+
+ /** Tag of Element PGPKeyPacket **/
+ public static final String _TAG_X509DIGEST = "X509Digest";
+
/** Tag of Element SPKISexp **/
public static final String _TAG_SPKISEXP = "SPKISexp";
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Signature11ElementProxy.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Signature11ElementProxy.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Signature11ElementProxy.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/Signature11ElementProxy.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.utils;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Class SignatureElementProxy
+ *
+ * @author Brent Putman (putmanb@georgetown.edu)
+ */
+public abstract class Signature11ElementProxy extends ElementProxy {
+
+ protected Signature11ElementProxy() {
+ };
+
+ /**
+ * Constructor Signature11ElementProxy
+ *
+ * @param doc
+ */
+ public Signature11ElementProxy(Document doc) {
+ if (doc == null) {
+ throw new RuntimeException("Document is null");
+ }
+
+ this.doc = doc;
+ this.constructionElement =
+ XMLUtils.createElementInSignature11Space(this.doc, this.getBaseLocalName());
+ }
+
+ /**
+ * Constructor Signature11ElementProxy
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public Signature11ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
+ super(element, BaseURI);
+
+ }
+
+ /** @inheritDoc */
+ public String getBaseNamespace() {
+ return Constants.SignatureSpec11NS;
+ }
+}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1386643&r1=1386642&r2=1386643&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java Mon Sep 17 14:54:28 2012
@@ -56,6 +56,7 @@ public class XMLUtils {
}).booleanValue();
private static volatile String dsPrefix = "ds";
+ private static volatile String ds11Prefix = "dsig11";
private static volatile String xencPrefix = "xenc";
private static volatile String xenc11Prefix = "xenc11";
@@ -81,6 +82,14 @@ public class XMLUtils {
}
/**
+ * Set the prefix for the digital signature 1.1 namespace
+ * @param prefix the new prefix for the digital signature 1.1 namespace
+ */
+ public static void setDs11Prefix(String prefix) {
+ ds11Prefix = prefix;
+ }
+
+ /**
* Set the prefix for the encryption namespace
* @param prefix the new prefix for the encryption namespace
*/
@@ -278,6 +287,24 @@ public class XMLUtils {
}
return doc.createElementNS(Constants.SignatureSpecNS, dsPrefix + ":" + elementName);
}
+
+ /**
+ * Creates an Element in the XML Signature 1.1 specification namespace.
+ *
+ * @param doc the factory Document
+ * @param elementName the local name of the Element
+ * @return the Element
+ */
+ public static Element createElementInSignature11Space(Document doc, String elementName) {
+ if (doc == null) {
+ throw new RuntimeException("Document is null");
+ }
+
+ if ((ds11Prefix == null) || (ds11Prefix.length() == 0)) {
+ return doc.createElementNS(Constants.SignatureSpec11NS, elementName);
+ }
+ return doc.createElementNS(Constants.SignatureSpec11NS, ds11Prefix + ":" + elementName);
+ }
/**
* Creates an Element in the XML Encryption specification namespace.
@@ -338,6 +365,24 @@ public class XMLUtils {
return Constants.SignatureSpecNS.equals(element.getNamespaceURI())
&& element.getLocalName().equals(localName);
}
+
+ /**
+ * Returns true if the element is in XML Signature 1.1 namespace and the local
+ * name equals the supplied one.
+ *
+ * @param element
+ * @param localName
+ * @return true if the element is in XML Signature namespace and the local name equals
+ * the supplied one
+ */
+ public static boolean elementIsInSignature11Space(Element element, String localName) {
+ if (element == null) {
+ return false;
+ }
+
+ return Constants.SignatureSpec11NS.equals(element.getNamespaceURI())
+ && element.getLocalName().equals(localName);
+ }
/**
* Returns true if the element is in XML Encryption namespace and the local
@@ -583,7 +628,7 @@ public class XMLUtils {
sibling = node.getNextSibling();
} while (true);
}
-
+
/**
* @param sibling
* @param nodeName
@@ -608,6 +653,26 @@ public class XMLUtils {
* @param sibling
* @param nodeName
* @param number
+ * @return nodes with the constraint
+ */
+ public static Element selectDs11Node(Node sibling, String nodeName, int number) {
+ while (sibling != null) {
+ if (Constants.SignatureSpec11NS.equals(sibling.getNamespaceURI())
+ && sibling.getLocalName().equals(nodeName)) {
+ if (number == 0){
+ return (Element)sibling;
+ }
+ number--;
+ }
+ sibling = sibling.getNextSibling();
+ }
+ return null;
+ }
+
+ /**
+ * @param sibling
+ * @param nodeName
+ * @param number
* @return nodes with the constrain
*/
public static Element selectXencNode(Node sibling, String nodeName, int number) {
@@ -642,6 +707,24 @@ public class XMLUtils {
}
return (Text)n;
}
+
+ /**
+ * @param sibling
+ * @param nodeName
+ * @param number
+ * @return nodes with the constrain
+ */
+ public static Text selectDs11NodeText(Node sibling, String nodeName, int number) {
+ Node n = selectDs11Node(sibling,nodeName,number);
+ if (n == null) {
+ return null;
+ }
+ n = n.getFirstChild();
+ while (n != null && n.getNodeType() != Node.TEXT_NODE) {
+ n = n.getNextSibling();
+ }
+ return (Text)n;
+ }
/**
* @param sibling
@@ -694,6 +777,15 @@ public class XMLUtils {
/**
* @param sibling
+ * @param nodeName
+ * @return nodes with the constrain
+ */
+ public static Element[] selectDs11Nodes(Node sibling, String nodeName) {
+ return selectNodes(sibling, Constants.SignatureSpec11NS, nodeName);
+ }
+
+ /**
+ * @param sibling
* @param uri
* @param nodeName
* @return nodes with the constraint
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,192 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.keys;
+
+import java.io.FileInputStream;
+import java.lang.reflect.Constructor;
+import java.security.KeyFactory;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.keys.content.DEREncodedKeyValue;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.JavaUtils;
+import org.junit.Assert;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+public class DEREncodedKeyValueTest extends Assert {
+
+ private static final String BASEDIR = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private DocumentBuilder documentBuilder;
+
+ private PublicKey rsaKeyControl;
+ private PublicKey dsaKeyControl;
+ private PublicKey ecKeyControl;
+
+ private final String idControl = "abc123";
+
+ public DEREncodedKeyValueTest() throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ documentBuilder = dbf.newDocumentBuilder();
+
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons != null) {
+ Provider provider = (java.security.Provider)cons.newInstance(new Object[]{});
+ Security.insertProviderAt(provider, 1);
+ ecKeyControl = loadPublicKey("ec.key", "EC");
+ }
+ }
+
+ rsaKeyControl = loadPublicKey("rsa.key", "RSA");
+ dsaKeyControl = loadPublicKey("dsa.key", "DSA");
+ }
+
+ @org.junit.Test
+ public void testSchema() throws Exception {
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(documentBuilder.newDocument(), rsaKeyControl);
+ Element element = derEncodedKeyValue.getElement();
+
+ assertEquals("http://www.w3.org/2009/xmldsig11#", element.getNamespaceURI());
+ assertEquals("DEREncodedKeyValue", element.getLocalName());
+ }
+
+ @org.junit.Test
+ public void testRSAPublicKeyFromElement() throws Exception {
+ Document doc = loadXML("DEREncodedKeyValue-RSA.xml");
+ NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpec11NS, Constants._TAG_DERENCODEDKEYVALUE);
+ Element element = (Element) nl.item(0);
+
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(element, "");
+ assertEquals(rsaKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(rsaKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ assertEquals(idControl, derEncodedKeyValue.getId());
+ }
+
+ @org.junit.Test
+ public void testDSAPublicKeyFromElement() throws Exception {
+ Document doc = loadXML("DEREncodedKeyValue-DSA.xml");
+ NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpec11NS, Constants._TAG_DERENCODEDKEYVALUE);
+ Element element = (Element) nl.item(0);
+
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(element, "");
+ assertEquals(dsaKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(dsaKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ assertEquals(idControl, derEncodedKeyValue.getId());
+ }
+
+ @org.junit.Test
+ public void testECPublicKeyFromElement() throws Exception {
+ if (ecKeyControl == null) {
+ return;
+ }
+
+ Document doc = loadXML("DEREncodedKeyValue-EC.xml");
+ NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpec11NS, Constants._TAG_DERENCODEDKEYVALUE);
+ Element element = (Element) nl.item(0);
+
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(element, "");
+ assertEquals(ecKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(ecKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ assertEquals(idControl, derEncodedKeyValue.getId());
+ }
+
+ @org.junit.Test
+ public void testRSAPublicKeyFromKey() throws Exception {
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(documentBuilder.newDocument(), rsaKeyControl);
+ assertEquals(rsaKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(rsaKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ }
+
+ @org.junit.Test
+ public void testDSAPublicKeyFromKey() throws Exception {
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(documentBuilder.newDocument(), dsaKeyControl);
+ assertEquals(dsaKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(dsaKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ }
+
+ @org.junit.Test
+ public void testECPublicKeyFromKey() throws Exception {
+ if (ecKeyControl == null) {
+ return;
+ }
+
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(documentBuilder.newDocument(), ecKeyControl);
+ assertEquals(ecKeyControl, derEncodedKeyValue.getPublicKey());
+ assertArrayEquals(ecKeyControl.getEncoded(), derEncodedKeyValue.getBytesFromTextChild());
+ }
+
+ @org.junit.Test
+ public void testId() throws Exception {
+ DEREncodedKeyValue derEncodedKeyValue = new DEREncodedKeyValue(documentBuilder.newDocument(), rsaKeyControl);
+ assertEquals("", derEncodedKeyValue.getId());
+ assertNull(derEncodedKeyValue.getElement().getAttributeNodeNS(null, Constants._ATT_ID));
+
+ derEncodedKeyValue.setId(idControl);
+ assertEquals(idControl, derEncodedKeyValue.getId());
+ assertTrue(derEncodedKeyValue.getElement().getAttributeNodeNS(null, Constants._ATT_ID).isId());
+
+ derEncodedKeyValue.setId(null);
+ assertEquals("", derEncodedKeyValue.getId());
+ assertNull(derEncodedKeyValue.getElement().getAttributeNodeNS(null, Constants._ATT_ID));
+ }
+
+ // Utility methods
+
+ private String getControlFilePath(String fileName) {
+ return BASEDIR + SEP + "src" + SEP + "test" + SEP + "resources" +
+ SEP + "org" + SEP + "apache" + SEP + "xml" + SEP + "security" +
+ SEP + "keys" + SEP + "content" +
+ SEP + fileName;
+ }
+
+ private Document loadXML(String fileName) throws Exception {
+ return documentBuilder.parse(new FileInputStream(getControlFilePath(fileName)));
+ }
+
+ private PublicKey loadPublicKey(String filePath, String algorithm) throws Exception {
+ String fileData = new String(JavaUtils.getBytesFromFile(getControlFilePath(filePath)));
+ byte[] keyBytes = Base64.decode(fileData);
+ KeyFactory kf = KeyFactory.getInstance(algorithm);
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
+ return kf.generatePublic(keySpec);
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/KeyInfoReferenceTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/KeyInfoReferenceTest.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/KeyInfoReferenceTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/KeyInfoReferenceTest.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.keys;
+
+import java.io.FileInputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.keys.content.KeyInfoReference;
+import org.apache.xml.security.utils.Constants;
+import org.junit.Assert;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+public class KeyInfoReferenceTest extends Assert {
+
+ private static final String BASEDIR = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private DocumentBuilder documentBuilder;
+
+ private final String idControl = "abc123";
+ private final String uriControl = "http://www.example.org/keyinfo.xml";
+
+ public KeyInfoReferenceTest() throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ documentBuilder = dbf.newDocumentBuilder();
+ }
+
+ @org.junit.Test
+ public void testSchema() throws Exception {
+ KeyInfoReference keyInfoReference = new KeyInfoReference(documentBuilder.newDocument(), uriControl);
+ Element element = keyInfoReference.getElement();
+
+ assertEquals("http://www.w3.org/2009/xmldsig11#", element.getNamespaceURI());
+ assertEquals("KeyInfoReference", element.getLocalName());
+ }
+
+ @org.junit.Test
+ public void testURIFromElement() throws Exception {
+ Document doc = loadXML("KeyInfoReference.xml");
+ NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpec11NS, Constants._TAG_KEYINFOREFERENCE);
+ Element element = (Element) nl.item(0);
+
+ KeyInfoReference keyInfoReference = new KeyInfoReference(element, "");
+ assertEquals(uriControl, keyInfoReference.getURI());
+ assertEquals(idControl, keyInfoReference.getId());
+ }
+
+ @org.junit.Test
+ public void testURIOnConstruction() throws Exception {
+ KeyInfoReference keyInfoReference = new KeyInfoReference(documentBuilder.newDocument(), uriControl);
+ assertEquals(uriControl, keyInfoReference.getURI());
+ }
+
+ @org.junit.Test
+ public void testId() throws Exception {
+ KeyInfoReference keyInfoReference = new KeyInfoReference(documentBuilder.newDocument(), uriControl);
+ assertEquals("", keyInfoReference.getId());
+ assertNull(keyInfoReference.getElement().getAttributeNodeNS(null, Constants._ATT_ID));
+
+ keyInfoReference.setId(idControl);
+ assertEquals(idControl, keyInfoReference.getId());
+ assertTrue(keyInfoReference.getElement().getAttributeNodeNS(null, Constants._ATT_ID).isId());
+
+ keyInfoReference.setId(null);
+ assertEquals("", keyInfoReference.getId());
+ assertNull(keyInfoReference.getElement().getAttributeNodeNS(null, Constants._ATT_ID));
+ }
+
+ // Utility methods
+
+ private String getControlFilePath(String fileName) {
+ return BASEDIR + SEP + "src" + SEP + "test" + SEP + "resources" +
+ SEP + "org" + SEP + "apache" + SEP + "xml" + SEP + "security" +
+ SEP + "keys" + SEP + "content" +
+ SEP + fileName;
+ }
+
+ private Document loadXML(String fileName) throws Exception {
+ return documentBuilder.parse(new FileInputStream(getControlFilePath(fileName)));
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.keys.content.x509;
+
+import java.io.FileInputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.Init;
+import org.apache.xml.security.keys.content.x509.XMLX509Digest;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.Constants;
+import org.junit.Assert;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+public class XMLX509DigestTest extends Assert {
+
+ private static final String BASEDIR = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private DocumentBuilder documentBuilder;
+
+ private X509Certificate certControl;
+
+ private final String algorithmURIControl = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+ private final String digestBase64Control = "jToLQ/K7aaLHy/aXLFnjEfCwSQd9z0MrBOH6Ru/aJyY=";
+ private final byte[] digestControl;
+
+ public XMLX509DigestTest() throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ documentBuilder = dbf.newDocumentBuilder();
+
+ certControl = loadCertificate("cert-X509Digest.crt");
+
+ digestControl = Base64.decode(digestBase64Control);
+
+ if (!Init.isInitialized()) {
+ Init.init();
+ }
+ }
+
+ @org.junit.Test
+ public void testSchema() throws Exception {
+ XMLX509Digest x509Digest = new XMLX509Digest(documentBuilder.newDocument(), digestControl, algorithmURIControl);
+ Element element = x509Digest.getElement();
+
+ assertEquals("http://www.w3.org/2009/xmldsig11#", element.getNamespaceURI());
+ assertEquals("X509Digest", element.getLocalName());
+ }
+
+ @org.junit.Test
+ public void testDigestFromElement() throws Exception {
+ Document doc = loadXML("X509Digest.xml");
+ NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpec11NS, Constants._TAG_X509DIGEST);
+ Element element = (Element) nl.item(0);
+
+ XMLX509Digest x509Digest = new XMLX509Digest(element, "");
+ assertEquals(algorithmURIControl, x509Digest.getAlgorithm());
+ assertArrayEquals(digestControl, x509Digest.getDigestBytes());
+ }
+
+ @org.junit.Test
+ public void testDigestOnConstructionWithCert() throws Exception {
+ XMLX509Digest x509Digest = new XMLX509Digest(documentBuilder.newDocument(), certControl, algorithmURIControl);
+ assertEquals(algorithmURIControl, x509Digest.getAlgorithm());
+ assertArrayEquals(digestControl, x509Digest.getDigestBytes());
+ }
+
+ @org.junit.Test
+ public void testDigestOnConstructionWithBytes() throws Exception {
+ XMLX509Digest x509Digest = new XMLX509Digest(documentBuilder.newDocument(), digestControl, algorithmURIControl);
+ assertEquals(algorithmURIControl, x509Digest.getAlgorithm());
+ assertArrayEquals(digestControl, x509Digest.getDigestBytes());
+ }
+
+ @org.junit.Test
+ public void testGetDigestBytesFromCert() throws Exception {
+ assertArrayEquals(digestControl, XMLX509Digest.getDigestBytesFromCert(certControl, algorithmURIControl));
+ }
+
+
+ // Utility methods
+
+ private String getControlFilePath(String fileName) {
+ return BASEDIR + SEP + "src" + SEP + "test" + SEP + "resources" +
+ SEP + "org" + SEP + "apache" + SEP + "xml" + SEP + "security" +
+ SEP + "keys" + SEP + "content" + SEP + "x509" +
+ SEP + fileName;
+ }
+
+ private Document loadXML(String fileName) throws Exception {
+ return documentBuilder.parse(new FileInputStream(getControlFilePath(fileName)));
+ }
+
+ private X509Certificate loadCertificate(String fileName) throws Exception {
+ FileInputStream fis = new FileInputStream(getControlFilePath(fileName));
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ return (X509Certificate) certFactory.generateCertificate(fis);
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/DEREncodedKeyValueResolverTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/DEREncodedKeyValueResolverTest.java?rev=1386643&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/DEREncodedKeyValueResolverTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/DEREncodedKeyValueResolverTest.java Mon Sep 17 14:54:28 2012
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.keys.keyresolver;
+
+import java.io.FileInputStream;
+import java.lang.reflect.Constructor;
+import java.security.KeyFactory;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.Init;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.JavaUtils;
+import org.junit.Assert;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class DEREncodedKeyValueResolverTest extends Assert {
+
+ private static final String BASEDIR = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private DocumentBuilder documentBuilder;
+
+ private PublicKey rsaKeyControl;
+ private PublicKey dsaKeyControl;
+ private PublicKey ecKeyControl;
+
+ public DEREncodedKeyValueResolverTest() throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ documentBuilder = dbf.newDocumentBuilder();
+
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons != null) {
+ Provider provider = (java.security.Provider)cons.newInstance(new Object[]{});
+ Security.insertProviderAt(provider, 1);
+ ecKeyControl = loadPublicKey("ec.key", "EC");
+ }
+ }
+
+ rsaKeyControl = loadPublicKey("rsa.key", "RSA");
+ dsaKeyControl = loadPublicKey("dsa.key", "DSA");
+
+ if (!Init.isInitialized()) {
+ Init.init();
+ }
+ }
+
+ @org.junit.Test
+ public void testRSAPublicKey() throws Exception {
+ Document doc = loadXML("DEREncodedKeyValue-RSA.xml");
+ Element element = doc.getDocumentElement();
+
+ KeyInfo keyInfo = new KeyInfo(element, "");
+ assertEquals(rsaKeyControl, keyInfo.getPublicKey());
+ }
+
+ @org.junit.Test
+ public void testDSAPublicKey() throws Exception {
+ Document doc = loadXML("DEREncodedKeyValue-DSA.xml");
+ Element element = doc.getDocumentElement();
+
+ KeyInfo keyInfo = new KeyInfo(element, "");
+ assertEquals(dsaKeyControl, keyInfo.getPublicKey());
+ }
+
+ @org.junit.Test
+ public void testECPublicKey() throws Exception {
+ if (ecKeyControl == null) {
+ return;
+ }
+
+ Document doc = loadXML("DEREncodedKeyValue-EC.xml");
+ Element element = doc.getDocumentElement();
+
+ KeyInfo keyInfo = new KeyInfo(element, "");
+ assertEquals(ecKeyControl, keyInfo.getPublicKey());
+ }
+
+ // Utility methods
+
+ private String getControlFilePath(String fileName) {
+ return BASEDIR + SEP + "src" + SEP + "test" + SEP + "resources" +
+ SEP + "org" + SEP + "apache" + SEP + "xml" + SEP + "security" +
+ SEP + "keys" + SEP + "content" +
+ SEP + fileName;
+ }
+
+ private Document loadXML(String fileName) throws Exception {
+ return documentBuilder.parse(new FileInputStream(getControlFilePath(fileName)));
+ }
+
+ private PublicKey loadPublicKey(String filePath, String algorithm) throws Exception {
+ String fileData = new String(JavaUtils.getBytesFromFile(getControlFilePath(filePath)));
+ byte[] keyBytes = Base64.decode(fileData);
+ KeyFactory kf = KeyFactory.getInstance(algorithm);
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
+ return kf.generatePublic(keySpec);
+ }
+
+}