You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/05/26 13:04:18 UTC
svn commit: r1597560 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/jcp/xml/dsig/internal/dom/
main/java/org/apache/xml/security/algorithms/
main/java/org/apache/xml/security/algorithms/implementations/
main/java/org/apache/xml/secur...
Author: coheigea
Date: Mon May 26 11:04:17 2014
New Revision: 1597560
URL: http://svn.apache.org/r1597560
Log:
Adding support for ECDSA + RIPEMD-160
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java Mon May 26 11:04:17 2014
@@ -70,6 +70,8 @@ public abstract class DOMSignatureMethod
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
static final String ECDSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+ static final String ECDSA_RIPEMD160 =
+ "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
static final String DSA_SHA256 =
"http://www.w3.org/2009/xmldsig11#dsa-sha256";
@@ -137,6 +139,8 @@ public abstract class DOMSignatureMethod
return new SHA384withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA512)) {
return new SHA512withECDSA(smElem);
+ } else if (alg.equals(ECDSA_RIPEMD160)) {
+ return new RIPEMD160withECDSA(smElem);
} else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
return new DOMHMACSignatureMethod.SHA1(smElem);
} else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA224)) {
@@ -514,4 +518,27 @@ public abstract class DOMSignatureMethod
return Type.ECDSA;
}
}
+
+ static final class RIPEMD160withECDSA extends DOMSignatureMethod {
+ RIPEMD160withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ RIPEMD160withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_RIPEMD160;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "RIPEMD160withECDSA";
+ }
+ @Override
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
+ }
+
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Mon May 26 11:04:17 2014
@@ -295,6 +295,8 @@ public final class DOMXMLSignatureFactor
return new DOMSignatureMethod.SHA384withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) {
return new DOMSignatureMethod.SHA512withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) {
+ return new DOMSignatureMethod.RIPEMD160withECDSA(params);
} else {
throw new NoSuchAlgorithmException("unsupported algorithm");
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Mon May 26 11:04:17 2014
@@ -156,6 +156,10 @@ public class JCEMapper {
new Algorithm("SHA512withECDSA", "SHA512withECDSA", "Signature")
);
algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
+ new Algorithm("RIPEMD160withECDSA", "RIPEMD160withECDSA", "Signature")
+ );
+ algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
new Algorithm("HmacMD5", "HmacMD5", "Mac", 128, 0)
);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Mon May 26 11:04:17 2014
@@ -421,6 +421,9 @@ public class SignatureAlgorithm extends
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
);
algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
+ );
+ algorithmHash.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
);
algorithmHash.put(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java Mon May 26 11:04:17 2014
@@ -467,5 +467,25 @@ public abstract class SignatureECDSA ext
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
}
}
+
+ /**
+ * Class SignatureECDSARIPEMD160
+ */
+ public static class SignatureECDSARIPEMD160 extends SignatureECDSA {
+ /**
+ * Constructor SignatureECDSARIPEMD160
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSARIPEMD160() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160;
+ }
+ }
+
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Mon May 26 11:04:17 2014
@@ -156,6 +156,10 @@ public final class XMLSignature extends
/**Signature - Optional ECDSAwithSHA512 */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+
+ /**Signature - Optional ECDSAwithRIPEMD160 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_RIPEMD160 =
+ "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
private static org.slf4j.Logger log =
org.slf4j.LoggerFactory.getLogger(XMLSignature.class);
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Mon May 26 11:04:17 2014
@@ -272,6 +272,14 @@
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
RequiredKey="SHA512withECDSA"
JCEName="SHA512withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ Description="ECDSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="https://tools.ietf.org/html/rfc6931"
+ RequiredKey="RIPEMD160withECDSA"
+ JCEName="RIPEMD160withECDSA"/>
<!-- MAC Algorithms -->
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
Modified: santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java Mon May 26 11:04:17 2014
@@ -58,7 +58,7 @@ public class PKSignatureAlgorithmTest ex
private CanonicalizationMethod withoutComments;
private DigestMethod sha1;
private SignatureMethod rsaSha1, rsaSha256, rsaSha384, rsaSha512, rsaRipemd160;
- private SignatureMethod ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512;
+ private SignatureMethod ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512, ecdsaRipemd160;
private XMLSignatureFactory fac;
private DocumentBuilder db;
private KeyPair rsaKeyPair, ecKeyPair;
@@ -111,6 +111,7 @@ public class PKSignatureAlgorithmTest ex
ecdsaSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", null);
ecdsaSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", null);
ecdsaSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", null);
+ ecdsaRipemd160 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160", null);
kvks = new KeySelectors.KeyValueKeySelector();
@@ -183,6 +184,12 @@ public class PKSignatureAlgorithmTest ex
test_create_signature_enveloping(ecdsaSha512, sha1, ecki,
ecKeyPair.getPrivate(), kvks);
}
+
+ @org.junit.Test
+ public void testECDSA_RIPEMD160() throws Exception {
+ test_create_signature_enveloping(ecdsaRipemd160, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
private void test_create_signature_enveloping(
SignatureMethod sm, DigestMethod dm, KeyInfo ki, Key signingKey, KeySelector ks
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java Mon May 26 11:04:17 2014
@@ -267,6 +267,23 @@ public class PKSignatureAlgorithmTest ex
verify(document, ecKeyPair.getPublic(), localNames);
}
+ @org.junit.Test
+ public void testECDSA_RIPEMD160() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
private XMLSignature sign(
String algorithm,
Document document,
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java Mon May 26 11:04:17 2014
@@ -487,5 +487,46 @@ public class PKSignatureCreationTest ext
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
}
+ @Test
+ public void testECDSA_RIPEMD160() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+ properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_KeyValue);
+
+ String signatureAlgorithm = "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+ properties.setSignatureKey(ecKeyPair.getPrivate());
+ properties.setSignatureVerificationKey(ecKeyPair.getPublic());
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
+ }
+
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java?rev=1597560&r1=1597559&r2=1597560&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java Mon May 26 11:04:17 2014
@@ -29,8 +29,6 @@ import java.security.Security;
import java.util.ArrayList;
import java.util.List;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamReader;
@@ -472,5 +470,43 @@ public class PKSignatureVerificationTest
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
+ @Test
+ public void testECDSA_RIPEMD160() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ String signatureAlgorithm = "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, ecKeyPair.getPrivate(),
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(ecKeyPair.getPublic());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
}