You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/04/16 11:23:15 UTC
svn commit: r1876596 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/output/
test/java/org/apache/xml/security/test/stax/encryption/
Author: coheigea
Date: Thu Apr 16 11:23:15 2020
New Revision: 1876596
URL: http://svn.apache.org/viewvc?rev=1876596&view=rev
Log:
SANTUARIO-536 - Deprecated get/setIdToSign in favor of new and more appropriate get/setIdToSecure. Thanks to Peter De Maeyer for the patch. This closes #25.
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java?rev=1876596&r1=1876595&r2=1876596&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java Thu Apr 16 11:23:15 2020
@@ -116,16 +116,16 @@ public class OutboundXMLSec {
configureSignatureKeys(outboundSecurityContext);
List<SecurePart> signatureParts = securityProperties.getSignatureSecureParts();
for (SecurePart securePart : signatureParts) {
- if (securePart.getIdToSign() == null && securePart.getName() != null) {
+ if (securePart.getIdToSecure() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
securePart.getName(),
securePart
);
- } else if (securePart.getIdToSign() != null) {
+ } else if (securePart.getIdToSecure() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
- securePart.getIdToSign(),
+ securePart.getIdToSecure(),
securePart
);
} else if (securePart.getExternalReference() != null) {
@@ -146,16 +146,16 @@ public class OutboundXMLSec {
configureEncryptionKeys(outboundSecurityContext);
List<SecurePart> encryptionParts = securityProperties.getEncryptionSecureParts();
for (SecurePart securePart : encryptionParts) {
- if (securePart.getIdToSign() == null && securePart.getName() != null) {
+ if (securePart.getIdToSecure() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
securePart.getName(),
securePart
);
- } else if (securePart.getIdToSign() != null) {
+ } else if (securePart.getIdToSecure() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
- securePart.getIdToSign(),
+ securePart.getIdToSecure(),
securePart
);
} else if (securePart.isSecureEntireRequest()) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java?rev=1876596&r1=1876595&r2=1876596&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java Thu Apr 16 11:23:15 2020
@@ -59,13 +59,17 @@ public class SecurePart {
private QName name;
private boolean generateXPointer;
private Modifier modifier;
- private String idToSign;
+ private String idToSecure;
private String externalReference;
private String[] transforms;
private String digestMethod;
private boolean required = true;
private boolean secureEntireRequest;
+ public SecurePart(Modifier modifier) {
+ this(null, false, modifier);
+ }
+
public SecurePart(QName name, Modifier modifier) {
this(name, false, modifier);
}
@@ -125,16 +129,35 @@ public class SecurePart {
}
/**
- * The id of the Element
+ * The ID of the element to secure (encrypt or sign), possibly {@code null}.
+ * This matches the attribute value of an element that has an attribute with a name given by
+ * {@link XMLSecurityProperties#getIdAttributeNS()}.
*
- * @return The id
+ * @return The ID of the element to secure, possibly {@code null}.
+ */
+ public String getIdToSecure() {
+ return idToSecure;
+ }
+
+ public void setIdToSecure(String idToSecure) {
+ this.idToSecure = idToSecure;
+ }
+
+ /**
+ * Use {@link #getIdToSecure()} instead.
*/
+ @Deprecated
public String getIdToSign() {
- return idToSign;
+ return getIdToSecure();
}
+ /**
+ * Use {@link #setIdToSecure(String)} instead.
+ * @param idToSign
+ */
+ @Deprecated
public void setIdToSign(String idToSign) {
- this.idToSign = idToSign;
+ setIdToSecure(idToSign);
}
public boolean isGenerateXPointer() {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java?rev=1876596&r1=1876595&r2=1876596&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java Thu Apr 16 11:23:15 2020
@@ -83,7 +83,7 @@ public class XMLSignatureOutputProcessor
}
if (securityProperties.isSignatureGenerateIds()) {
- if (securePart.getIdToSign() == null) {
+ if (securePart.getIdToSecure() == null) {
signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
signaturePartDef.setSigRefId(IDGenerator.generateID(null));
@@ -96,7 +96,7 @@ public class XMLSignatureOutputProcessor
xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
}
} else {
- signaturePartDef.setSigRefId(securePart.getIdToSign());
+ signaturePartDef.setSigRefId(securePart.getIdToSecure());
}
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java?rev=1876596&r1=1876595&r2=1876596&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java Thu Apr 16 11:23:15 2020
@@ -30,6 +30,7 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.crypto.KeyGenerator;
@@ -1696,6 +1697,88 @@ public class EncryptionCreationTest {
return keyFactory.generateSecret(keySpec);
}
+ @Test
+ public void testEncryptionIdToEncrypt() throws Exception {
+ SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+ securePart.setIdToSecure("abc");
+ testEncryptionIdToEncrypt(securePart);
+ }
+
+ @Test
+ public void testEncryptionIdToSign() throws Exception {
+ SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+ securePart.setIdToSign("abc");
+ testEncryptionIdToEncrypt(securePart);
+ }
+
+ private void testEncryptionIdToEncrypt(SecurePart securePart) throws Exception {
+ String xml = "<?xml version='1.0'?>\n" +
+ "<Root>\n" +
+ " <Branch attr1='abc'/>\n" +
+ "</Root>\n";
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setIdAttributeNS(new QName("attr1"));
+ properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+ properties.addEncryptionPart(securePart);
+ byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+ SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ properties.setEncryptionTransportKey(transportKey);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+ InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+ byte[] encryptedData = encryptedOut.toByteArray();
+// System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+ Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+ NodeList encryptedElements = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ assertEquals(encryptedElements.getLength(), 1);
+ }
+
+ @Test
+ public void testEncryptionIdToSecureSupersedesName() throws Exception {
+ String xml = "<?xml version='1.0'?>\n" +
+ "<Root>\n" +
+ " <Branch1 attr1='abc'/>\n" +
+ " <Branch2 attr1='def'/>\n" +
+ "</Root>\n";
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setIdAttributeNS(new QName("attr1"));
+ properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+ SecurePart securePart = new SecurePart(new QName("Branch1"), SecurePart.Modifier.Element);
+ securePart.setIdToSecure("def");
+ properties.addEncryptionPart(securePart);
+ byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+ SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ properties.setEncryptionTransportKey(transportKey);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+ InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+ byte[] encryptedData = encryptedOut.toByteArray();
+// System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+ Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+ NodeList encryptedElements = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ assertEquals(1, encryptedElements.getLength());
+ assertEquals(1, document.getElementsByTagName("Branch1").getLength());
+ assertEquals(0, document.getElementsByTagName("Branch2").getLength());
+ }
+
/**
* Decrypt the document using DOM API and run some tests on the decrypted Document.
*/