You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/12 21:13:25 UTC
svn commit: r1360861 [1/2] - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/config/
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/
main/java/org/apache/xml/security/stax/impl/...
Author: giger
Date: Thu Jul 12 19:13:24 2012
New Revision: 1360861
URL: http://svn.apache.org/viewvc?rev=1360861&view=rev
Log:
SANTUARIO-319 SANTUARIO-322 #resolve
additionally support for the basic XPointers #xpointer(/) and #xpointer(id('ID'))
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java (with props)
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java (with props)
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java (with props)
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java (with props)
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java (with props)
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/Init.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java (contents, props changed)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEventReaderInputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (contents, props changed)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java (contents, props changed)
santuario/xml-security-java/trunk/src/main/resources/messages/errors.properties
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (contents, props changed)
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/Init.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/Init.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/Init.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/Init.java Thu Jul 12 19:13:24 2012
@@ -69,6 +69,7 @@ public class Init {
SecurityHeaderHandlerMapper.init(configurationTypeJAXBElement.getValue().getSecurityHeaderHandlers());
JCEAlgorithmMapper.init(configurationTypeJAXBElement.getValue().getJCEAlgorithmMappings());
TransformerAlgorithmMapper.init(configurationTypeJAXBElement.getValue().getTransformAlgorithms());
+ ResourceResolverMapper.init(configurationTypeJAXBElement.getValue().getResourceResolvers());
} catch (Exception e) {
throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, null, e);
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.config;
+
+import org.apache.xml.security.stax.ext.ResourceResolver;
+import org.apache.xml.security.stax.ext.ResourceResolverLookup;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityUtils;
+import org.xmlsecurity.ns.configuration.ResolverType;
+import org.xmlsecurity.ns.configuration.ResourceResolversType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ResourceResolverMapper {
+
+ private static List<ResourceResolverLookup> resourceResolvers;
+
+ private ResourceResolverMapper() {
+ }
+
+ protected synchronized static void init(ResourceResolversType resourceResolversType) throws Exception {
+ List<ResolverType> handlerList = resourceResolversType.getResolver();
+ resourceResolvers = new ArrayList<ResourceResolverLookup>(handlerList.size() + 1);
+ for (int i = 0; i < handlerList.size(); i++) {
+ ResolverType uriResolverType = handlerList.get(i);
+ resourceResolvers.add((ResourceResolverLookup) XMLSecurityUtils.loadClass(uriResolverType.getJAVACLASS()).newInstance());
+ }
+ }
+
+ public static ResourceResolver getResourceResolver(String uri) throws XMLSecurityException {
+ for (int i = 0; i < resourceResolvers.size(); i++) {
+ ResourceResolverLookup resourceResolver = resourceResolvers.get(i);
+ ResourceResolverLookup rr = resourceResolver.canResolve(uri);
+ if (rr != null) {
+ return rr.newInstance(uri);
+ }
+ }
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "resolver.noClass", uri);
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.ext;
+
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import java.io.InputStream;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface ResourceResolver {
+
+ boolean isSameDocumentReference();
+
+ boolean matches(XMLSecStartElement xmlSecStartElement);
+
+ InputStream getInputStreamFromExternalReference() throws XMLSecurityException;
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolver.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.ext;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface ResourceResolverLookup {
+
+ ResourceResolverLookup canResolve(String uri);
+
+ ResourceResolver newInstance(String uri);
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/ResourceResolverLookup.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java Thu Jul 12 19:13:24 2012
@@ -26,8 +26,8 @@ import java.util.Map;
/**
* Class to describe which and how an element must be secured
*
- * @author $Author: giger $
- * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ * @author $Author$
+ * @version $Revision$ $Date$
*/
public class SecurePart {
@@ -59,12 +59,19 @@ public class SecurePart {
}
private QName name;
+ private boolean generateXPointer;
private Modifier modifier;
private String idToSign;
private String idToReference;
+ private String externalReference;
public SecurePart(QName name, Modifier modifier) {
+ this(name, false, modifier);
+ }
+
+ public SecurePart(QName name, boolean generateXPointer, Modifier modifier) {
this.name = name;
+ this.generateXPointer = generateXPointer;
this.modifier = modifier;
}
@@ -75,6 +82,10 @@ public class SecurePart {
this.modifier = modifier;
}
+ public SecurePart(String externalReference) {
+ this.externalReference = externalReference;
+ }
+
/**
* The name of the element to be secured
*
@@ -116,4 +127,20 @@ public class SecurePart {
public void setIdToReference(String idToReference) {
this.idToReference = idToReference;
}
+
+ public boolean isGenerateXPointer() {
+ return generateXPointer;
+ }
+
+ public void setGenerateXPointer(boolean generateXPointer) {
+ this.generateXPointer = generateXPointer;
+ }
+
+ public String getExternalReference() {
+ return externalReference;
+ }
+
+ public void setExternalReference(String externalReference) {
+ this.externalReference = externalReference;
+ }
}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java Thu Jul 12 19:13:24 2012
@@ -31,6 +31,8 @@ public class SignaturePartDef {
private String transformAlgo;
private String c14nAlgo;
private String inclusiveNamespaces;
+ private boolean externalResource;
+ private boolean generateXPointer;
public String getSigRefId() {
return sigRefId;
@@ -71,4 +73,20 @@ public class SignaturePartDef {
public void setInclusiveNamespaces(String inclusiveNamespaces) {
this.inclusiveNamespaces = inclusiveNamespaces;
}
+
+ public boolean isExternalResource() {
+ return externalResource;
+ }
+
+ public void setExternalResource(boolean externalResource) {
+ this.externalResource = externalResource;
+ }
+
+ public boolean isGenerateXPointer() {
+ return generateXPointer;
+ }
+
+ public void setGenerateXPointer(boolean generateXPointer) {
+ this.generateXPointer = generateXPointer;
+ }
}
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Thu Jul 12 19:13:24 2012
@@ -19,6 +19,7 @@
package org.apache.xml.security.stax.impl.processor.input;
import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.compress.utils.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.binding.excc14n.InclusiveNamespaces;
@@ -26,6 +27,7 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.apache.xml.security.binding.xmldsig.TransformType;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
+import org.apache.xml.security.stax.config.ResourceResolverMapper;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
@@ -36,12 +38,11 @@ import org.apache.xml.security.stax.secu
import org.xmlsecurity.ns.configuration.AlgorithmType;
import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import java.io.BufferedOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
+import javax.xml.stream.XMLStreamReader;
+import java.io.*;
import java.lang.reflect.InvocationTargetException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -58,7 +59,8 @@ public abstract class AbstractSignatureR
private final SignatureType signatureType;
private final SecurityToken securityToken;
- private final Map<String, ReferenceType> references;
+ private final Map<ResourceResolver, ReferenceType> sameDocumentReferences;
+ private final Map<ResourceResolver, ReferenceType> externalReferences;
private final List<ReferenceType> processedReferences;
public AbstractSignatureReferenceVerifyInputProcessor(
@@ -69,7 +71,8 @@ public abstract class AbstractSignatureR
this.securityToken = securityToken;
List<ReferenceType> referencesTypeList = signatureType.getSignedInfo().getReference();
- references = new HashMap<String, ReferenceType>(referencesTypeList.size() + 1);
+ sameDocumentReferences = new HashMap<ResourceResolver, ReferenceType>(referencesTypeList.size() + 1);
+ externalReferences = new HashMap<ResourceResolver, ReferenceType>(referencesTypeList.size() + 1);
processedReferences = new ArrayList<ReferenceType>(referencesTypeList.size());
Iterator<ReferenceType> referenceTypeIterator = referencesTypeList.iterator();
@@ -78,7 +81,12 @@ public abstract class AbstractSignatureR
if (referenceType.getURI() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
- references.put(XMLSecurityUtils.dropReferenceMarker(referenceType.getURI()), referenceType);
+ ResourceResolver resourceResolver = ResourceResolverMapper.getResourceResolver(referenceType.getURI());
+ if (resourceResolver.isSameDocumentReference()) {
+ sameDocumentReferences.put(resourceResolver, referenceType);
+ } else {
+ externalReferences.put(resourceResolver, referenceType);
+ }
}
}
@@ -108,14 +116,14 @@ public abstract class AbstractSignatureR
switch (xmlSecEvent.getEventType()) {
case XMLStreamConstants.START_ELEMENT:
XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
- ReferenceType referenceType = matchesReferenceId(xmlSecStartElement);
+ ReferenceType referenceType = resolvesResource(xmlSecStartElement);
if (referenceType != null) {
if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
}
InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
- getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
+ getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
referenceType, xmlSecStartElement.getName());
if (!internalSignatureReferenceVerifier.isFinished()) {
internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
@@ -125,7 +133,7 @@ public abstract class AbstractSignatureR
inputProcessorChain.getDocumentContext().setIsInSignedContent(
inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier),
internalSignatureReferenceVerifier);
-
+
// Fire a SecurityEvent
List<QName> elementPath = xmlSecStartElement.getElementPath();
processElementPath(elementPath, inputProcessorChain, xmlSecEvent);
@@ -134,36 +142,189 @@ public abstract class AbstractSignatureR
}
return xmlSecEvent;
}
-
+
protected abstract void processElementPath(
- List<QName> elementPath, InputProcessorChain inputProcessorChain, XMLSecEvent xmlSecEvent
+ List<QName> elementPath, InputProcessorChain inputProcessorChain, XMLSecEvent xmlSecEvent
) throws XMLSecurityException;
- protected ReferenceType matchesReferenceId(XMLSecStartElement xmlSecStartElement) {
- Attribute refId = getReferenceIDAttribute(xmlSecStartElement);
- if (refId != null) {
- return references.get(refId.getValue());
+ protected ReferenceType resolvesResource(XMLSecStartElement xmlSecStartElement) {
+ Iterator<Map.Entry<ResourceResolver, ReferenceType>> resourceResolverIterator = sameDocumentReferences.entrySet().iterator();
+ while (resourceResolverIterator.hasNext()) {
+ Map.Entry<ResourceResolver, ReferenceType> entry = resourceResolverIterator.next();
+ if (entry.getKey().matches(xmlSecStartElement)) {
+ return entry.getValue();
+ }
}
return null;
}
@Override
public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
- Iterator<Map.Entry<String, ReferenceType>> refEntryIterator = this.references.entrySet().iterator();
- while (refEntryIterator.hasNext()) {
- Map.Entry<String, ReferenceType> referenceTypeEntry = refEntryIterator.next();
+ if (externalReferences.size() > 0) {
+ Iterator<Map.Entry<ResourceResolver, ReferenceType>> externalReferenceIterator = externalReferences.entrySet().iterator();
+ while (externalReferenceIterator.hasNext()) {
+ Map.Entry<ResourceResolver, ReferenceType> referenceTypeEntry = externalReferenceIterator.next();
+ ResourceResolver resourceResolver = referenceTypeEntry.getKey();
+ ReferenceType referenceType = referenceTypeEntry.getValue();
+
+ verifyExternalReference(inputProcessorChain, resourceResolver, referenceType);
+ processedReferences.add(referenceType);
+ }
+
+ externalReferenceIterator = externalReferences.entrySet().iterator();
+ while (externalReferenceIterator.hasNext()) {
+ Map.Entry<ResourceResolver, ReferenceType> referenceTypeEntry = externalReferenceIterator.next();
+ if (!processedReferences.contains(referenceTypeEntry.getValue())) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedSignatureReferences");
+ }
+ }
+ }
+
+ Iterator<Map.Entry<ResourceResolver, ReferenceType>> sameDocumentReferenceIterator = sameDocumentReferences.entrySet().iterator();
+ while (sameDocumentReferenceIterator.hasNext()) {
+ Map.Entry<ResourceResolver, ReferenceType> referenceTypeEntry = sameDocumentReferenceIterator.next();
if (!processedReferences.contains(referenceTypeEntry.getValue())) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedEncryptionReferences");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedSignatureReferences");
}
}
inputProcessorChain.doFinal();
}
-
+
protected InternalSignatureReferenceVerifier getSignatureReferenceVerifier(
XMLSecurityProperties securityProperties, InputProcessorChain inputProcessorChain,
ReferenceType referenceType, QName startElement) throws XMLSecurityException {
- return new InternalSignatureReferenceVerifier(securityProperties, inputProcessorChain,
- referenceType, startElement);
+ return new InternalSignatureReferenceVerifier(securityProperties, inputProcessorChain, referenceType, startElement);
+ }
+
+ private void verifyExternalReference(InputProcessorChain inputProcessorChain, ResourceResolver resourceResolver,
+ ReferenceType referenceType) throws XMLSecurityException, XMLStreamException {
+
+ DigestOutputStream digestOutputStream;
+ OutputStream bufferedDigestOutputStream;
+ Transformer transformer;
+
+ InputStream inputStream = new BufferedInputStream(resourceResolver.getInputStreamFromExternalReference());
+ try {
+ digestOutputStream = createMessageDigestOutputStream(referenceType, inputProcessorChain.getSecurityContext());
+ bufferedDigestOutputStream = new BufferedOutputStream(digestOutputStream);
+
+ if (referenceType.getTransforms() != null) {
+ transformer = buildTransformerChain(referenceType, bufferedDigestOutputStream, inputProcessorChain, null);
+
+ XMLStreamReader xmlStreamReader =
+ inputProcessorChain.getSecurityContext().<XMLInputFactory>get(
+ XMLSecurityConstants.XMLINPUTFACTORY).createXMLStreamReader(inputStream);
+ XMLEventReaderInputProcessor xmlEventReaderInputProcessor = new XMLEventReaderInputProcessor(null, xmlStreamReader);
+
+ XMLSecEvent xmlSecEvent;
+ do {
+ xmlSecEvent = xmlEventReaderInputProcessor.processNextEvent(null);
+ transformer.transform(xmlSecEvent);
+ } while (xmlSecEvent.getEventType() != XMLStreamConstants.END_DOCUMENT);
+
+ bufferedDigestOutputStream.close();
+ } else {
+ IOUtils.copy(inputStream, bufferedDigestOutputStream);
+ bufferedDigestOutputStream.close();
+ }
+ } catch (IOException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (NoSuchMethodException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (IllegalAccessException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (InstantiationException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (NoSuchProviderException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (InvocationTargetException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } finally {
+ try {
+ inputStream.close();
+ } catch (IOException e) {
+ logger.warn("Could not close external resource input stream, ignored.");
+ }
+ }
+ compareDigest(digestOutputStream.getDigestValue(), referenceType);
+ }
+
+ protected DigestOutputStream createMessageDigestOutputStream(ReferenceType referenceType, SecurityContext securityContext)
+ throws XMLSecurityException, NoSuchAlgorithmException, NoSuchProviderException {
+ AlgorithmType digestAlgorithm =
+ JCEAlgorithmMapper.getAlgorithmMapping(referenceType.getDigestMethod().getAlgorithm());
+
+ MessageDigest messageDigest;
+ if (digestAlgorithm.getJCEProvider() != null) {
+ messageDigest = MessageDigest.getInstance(digestAlgorithm.getJCEName(), digestAlgorithm.getJCEProvider());
+ } else {
+ messageDigest = MessageDigest.getInstance(digestAlgorithm.getJCEName());
+ }
+
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+ algorithmSuiteSecurityEvent.setAlgorithmURI(digestAlgorithm.getURI());
+ algorithmSuiteSecurityEvent.setKeyUsage(XMLSecurityConstants.Dig);
+ securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
+
+ return new DigestOutputStream(messageDigest);
+ }
+
+ protected Transformer buildTransformerChain(ReferenceType referenceType, OutputStream outputStream,
+ InputProcessorChain inputProcessorChain,
+ InternalSignatureReferenceVerifier internalSignatureReferenceVerifier)
+ throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException,
+ IllegalAccessException, InvocationTargetException {
+
+ if (referenceType.getTransforms() == null) {
+ // If no Transforms then just default to an Inclusive without comments transform
+ Transformer transformer = new Canonicalizer20010315_OmitCommentsTransformer();
+ transformer.setOutputStream(outputStream);
+ //todo algoSecEvent??
+ return transformer;
+ }
+
+ List<TransformType> transformTypeList = referenceType.getTransforms().getTransform();
+
+ Transformer parentTransformer = null;
+ for (int i = transformTypeList.size() - 1; i >= 0; i--) {
+ TransformType transformType = transformTypeList.get(i);
+
+ InclusiveNamespaces inclusiveNamespacesType =
+ XMLSecurityUtils.getQNameType(transformType.getContent(),
+ XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
+ List<String> inclusiveNamespaces = inclusiveNamespacesType != null
+ ? inclusiveNamespacesType.getPrefixList()
+ : null;
+ String algorithm = transformType.getAlgorithm();
+
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+ algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
+ algorithmSuiteSecurityEvent.setKeyUsage(XMLSecurityConstants.C14n);
+ inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
+
+ if (parentTransformer != null) {
+ parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, inclusiveNamespaces, algorithm);
+ } else {
+ parentTransformer =
+ XMLSecurityUtils.getTransformer(inclusiveNamespaces, outputStream, algorithm);
+ }
+ }
+ return parentTransformer;
+ }
+
+ private void compareDigest(byte[] calculatedDigest, ReferenceType referenceType) throws XMLSecurityException {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Calculated Digest: " + new String(Base64.encodeBase64(calculatedDigest)));
+ logger.debug("Stored Digest: " + new String(Base64.encodeBase64(referenceType.getDigestValue())));
+ }
+
+ if (!MessageDigest.isEqual(referenceType.getDigestValue(), calculatedDigest)) {
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILED_CHECK,
+ "digestVerificationFailed", referenceType.getURI());
+ }
}
public class InternalSignatureReferenceVerifier extends AbstractInputProcessor {
@@ -183,73 +344,19 @@ public abstract class AbstractSignatureR
this.setStartElement(startElement);
this.setReferenceType(referenceType);
try {
- createMessageDigest(inputProcessorChain.getSecurityContext());
- buildTransformerChain(referenceType, inputProcessorChain);
+ this.digestOutputStream = createMessageDigestOutputStream(referenceType, inputProcessorChain.getSecurityContext());
+ this.bufferedDigestOutputStream = new BufferedOutputStream(this.getDigestOutputStream());
+ this.transformer = buildTransformerChain(referenceType, bufferedDigestOutputStream, inputProcessorChain);
} catch (Exception e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
- protected AlgorithmType createMessageDigest(SecurityContext securityContext)
- throws XMLSecurityException, NoSuchAlgorithmException, NoSuchProviderException {
- AlgorithmType digestAlgorithm =
- JCEAlgorithmMapper.getAlgorithmMapping(getReferenceType().getDigestMethod().getAlgorithm());
-
- MessageDigest messageDigest;
- if (digestAlgorithm.getJCEProvider() != null) {
- messageDigest = MessageDigest.getInstance(digestAlgorithm.getJCEName(), digestAlgorithm.getJCEProvider());
- } else {
- messageDigest = MessageDigest.getInstance(digestAlgorithm.getJCEName());
- }
- this.setDigestOutputStream(new DigestOutputStream(messageDigest));
- this.setBufferedDigestOutputStream(new BufferedOutputStream(this.getDigestOutputStream()));
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI(digestAlgorithm.getURI());
- algorithmSuiteSecurityEvent.setKeyUsage(XMLSecurityConstants.Dig);
- securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
-
- return digestAlgorithm;
- }
-
- protected void buildTransformerChain(ReferenceType referenceType, InputProcessorChain inputProcessorChain)
+ public Transformer buildTransformerChain(ReferenceType referenceType, OutputStream outputStream, InputProcessorChain inputProcessorChain)
throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException,
IllegalAccessException, InvocationTargetException {
- if (referenceType.getTransforms() == null) {
- // If no Transforms then just default to an Inclusive without comments transform
- Transformer transformer = new Canonicalizer20010315_OmitCommentsTransformer();
- transformer.setOutputStream(getBufferedDigestOutputStream());
- this.setTransformer(transformer);
- return;
- }
-
- List<TransformType> transformTypeList = referenceType.getTransforms().getTransform();
-
- Transformer parentTransformer = null;
- for (int i = transformTypeList.size() - 1; i >= 0; i--) {
- TransformType transformType = transformTypeList.get(i);
-
- InclusiveNamespaces inclusiveNamespacesType =
- XMLSecurityUtils.getQNameType(transformType.getContent(),
- XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
- List<String> inclusiveNamespaces = inclusiveNamespacesType != null
- ? inclusiveNamespacesType.getPrefixList()
- : null;
- String algorithm = transformType.getAlgorithm();
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
- algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
- algorithmSuiteSecurityEvent.setKeyUsage(XMLSecurityConstants.C14n);
- inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
-
- if (parentTransformer != null) {
- parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, inclusiveNamespaces, algorithm);
- } else {
- parentTransformer =
- XMLSecurityUtils.getTransformer(inclusiveNamespaces, this.getBufferedDigestOutputStream(), algorithm);
- }
- }
- this.setTransformer(parentTransformer);
+ return AbstractSignatureReferenceVerifyInputProcessor.this.buildTransformerChain(
+ referenceType, outputStream, inputProcessorChain, this);
}
@Override
@@ -266,7 +373,7 @@ public abstract class AbstractSignatureR
return xmlSecEvent;
}
- protected void processEvent(XMLSecEvent xmlSecEvent, InputProcessorChain inputProcessorChain)
+ public void processEvent(XMLSecEvent xmlSecEvent, InputProcessorChain inputProcessorChain)
throws XMLStreamException, XMLSecurityException {
getTransformer().transform(xmlSecEvent);
@@ -285,19 +392,8 @@ public abstract class AbstractSignatureR
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
- byte[] calculatedDigest = this.getDigestOutputStream().getDigestValue();
- byte[] storedDigest = getReferenceType().getDigestValue();
+ compareDigest(this.getDigestOutputStream().getDigestValue(), getReferenceType());
- if (logger.isDebugEnabled()) {
- logger.debug("Calculated Digest: " + new String(Base64.encodeBase64(calculatedDigest)));
- logger.debug("Stored Digest: " + new String(Base64.encodeBase64(storedDigest)));
- }
-
- if (!MessageDigest.isEqual(storedDigest, calculatedDigest)) {
- throw new XMLSecurityException(
- XMLSecurityException.ErrorCode.FAILED_CHECK,
- "digestVerificationFailed", getReferenceType().getURI());
- }
inputProcessorChain.removeProcessor(this);
inputProcessorChain.getDocumentContext().unsetIsInSignedContent(this);
setFinished(true);
@@ -310,47 +406,47 @@ public abstract class AbstractSignatureR
return finished;
}
- protected void setFinished(boolean finished) {
+ public void setFinished(boolean finished) {
this.finished = finished;
}
- protected ReferenceType getReferenceType() {
+ public ReferenceType getReferenceType() {
return referenceType;
}
- protected void setReferenceType(ReferenceType referenceType) {
+ public void setReferenceType(ReferenceType referenceType) {
this.referenceType = referenceType;
}
- protected Transformer getTransformer() {
+ public Transformer getTransformer() {
return transformer;
}
- protected void setTransformer(Transformer transformer) {
+ public void setTransformer(Transformer transformer) {
this.transformer = transformer;
}
- protected DigestOutputStream getDigestOutputStream() {
+ public DigestOutputStream getDigestOutputStream() {
return digestOutputStream;
}
- protected void setDigestOutputStream(DigestOutputStream digestOutputStream) {
+ public void setDigestOutputStream(DigestOutputStream digestOutputStream) {
this.digestOutputStream = digestOutputStream;
}
- protected OutputStream getBufferedDigestOutputStream() {
+ public OutputStream getBufferedDigestOutputStream() {
return bufferedDigestOutputStream;
}
- protected void setBufferedDigestOutputStream(OutputStream bufferedDigestOutputStream) {
+ public void setBufferedDigestOutputStream(OutputStream bufferedDigestOutputStream) {
this.bufferedDigestOutputStream = bufferedDigestOutputStream;
}
- protected QName getStartElement() {
+ public QName getStartElement() {
return startElement;
}
- protected void setStartElement(QName startElement) {
+ public void setStartElement(QName startElement) {
this.startElement = startElement;
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEventReaderInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEventReaderInputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEventReaderInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEventReaderInputProcessor.java Thu Jul 12 19:13:24 2012
@@ -26,6 +26,7 @@ import org.apache.xml.security.stax.ext.
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
+import java.util.NoSuchElementException;
/**
* The XMLEventReaderInputProcessor reads requested XMLEvents from the original XMLEventReader
@@ -38,6 +39,7 @@ public class XMLEventReaderInputProcesso
private final XMLStreamReader xmlStreamReader;
private XMLSecStartElement parentXmlSecStartElement;
+ private boolean EOF = false;
public XMLEventReaderInputProcessor(XMLSecurityProperties securityProperties, XMLStreamReader xmlStreamReader) {
super(securityProperties);
@@ -71,6 +73,11 @@ public class XMLEventReaderInputProcesso
}
if (xmlStreamReader.hasNext()) {
xmlStreamReader.next();
+ } else {
+ if (EOF) {
+ throw new NoSuchElementException();
+ }
+ EOF = true;
}
return xmlSecEvent;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Thu Jul 12 19:13:24 2012
@@ -142,12 +142,18 @@ public abstract class AbstractSignatureE
Iterator<SignaturePartDef> signaturePartDefIterator = signaturePartDefList.iterator();
while (signaturePartDefIterator.hasNext()) {
SignaturePartDef signaturePartDef = signaturePartDefIterator.next();
+ String uriString;
+ if (signaturePartDef.isExternalResource()) {
+ uriString = signaturePartDef.getSigRefId();
+ } else if (signaturePartDef.isGenerateXPointer()) {
+ uriString = "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))";
+ } else {
+ uriString = "#" + signaturePartDef.getSigRefId();
+ }
attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, "#" + signaturePartDef.getSigRefId()));
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, uriString));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Reference, false, attributes);
- createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, null);
createTransformsStructureForSignature(subOutputProcessorChain, signaturePartDef);
- createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getSignatureDigestAlgorithm()));
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java Thu Jul 12 19:13:24 2012
@@ -19,9 +19,11 @@
package org.apache.xml.security.stax.impl.processor.output;
import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.compress.utils.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
+import org.apache.xml.security.stax.config.ResourceResolverMapper;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.SignaturePartDef;
@@ -33,13 +35,16 @@ import javax.xml.stream.XMLStreamConstan
import javax.xml.stream.XMLStreamException;
import java.io.BufferedOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map;
/**
* @author $Author$
@@ -64,6 +69,48 @@ public abstract class AbstractSignatureO
public abstract void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException;
+ @Override
+ public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+ Map<Object, SecurePart> dynamicSecureParts = outputProcessorChain.getSecurityContext().getAsMap(XMLSecurityConstants.SIGNATURE_PARTS);
+ Iterator<Map.Entry<Object, SecurePart>> securePartsMapIterator = dynamicSecureParts.entrySet().iterator();
+ while (securePartsMapIterator.hasNext()) {
+ Map.Entry<Object, SecurePart> securePartEntry = securePartsMapIterator.next();
+ final String externalReference = securePartEntry.getValue().getExternalReference();
+ if (externalReference != null) {
+ ResourceResolver resourceResolver = ResourceResolverMapper.getResourceResolver(externalReference);
+
+ DigestOutputStream digestOutputStream = null;
+ try {
+ digestOutputStream = createMessageDigestOutputStream();
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ } catch (NoSuchProviderException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ }
+
+ InputStream inputStream = resourceResolver.getInputStreamFromExternalReference();
+ try {
+ IOUtils.copy(inputStream, digestOutputStream);
+ } catch (IOException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ }
+ String calculatedDigest = new String(Base64.encodeBase64(digestOutputStream.getDigestValue()));
+ if (logger.isDebugEnabled()) {
+ logger.debug("Calculated Digest: " + calculatedDigest);
+ }
+
+ //todo we need a per SecurePart C14N and Digest algorithm property
+ SignaturePartDef signaturePartDef = new SignaturePartDef();
+ signaturePartDef.setSigRefId(externalReference);
+ signaturePartDef.setDigestValue(calculatedDigest);
+ signaturePartDef.setExternalResource(true);
+ getSignaturePartDefList().add(signaturePartDef);
+ }
+ }
+
+ super.doFinal(outputProcessorChain);
+ }
+
protected InternalSignatureOutputProcessor getActiveInternalSignatureOutputProcessor() {
return activeInternalSignatureOutputProcessor;
}
@@ -73,6 +120,17 @@ public abstract class AbstractSignatureO
this.activeInternalSignatureOutputProcessor = activeInternalSignatureOutputProcessor;
}
+ private DigestOutputStream createMessageDigestOutputStream() throws NoSuchAlgorithmException, NoSuchProviderException {
+ AlgorithmType algorithmID = JCEAlgorithmMapper.getAlgorithmMapping(getSecurityProperties().getSignatureDigestAlgorithm());
+ MessageDigest messageDigest;
+ if (algorithmID.getJCEProvider() != null) {
+ messageDigest = MessageDigest.getInstance(algorithmID.getJCEName(), algorithmID.getJCEProvider());
+ } else {
+ messageDigest = MessageDigest.getInstance(algorithmID.getJCEName());
+ }
+ return new DigestOutputStream(messageDigest);
+ }
+
public class InternalSignatureOutputProcessor extends AbstractOutputProcessor {
private SignaturePartDef signaturePartDef;
@@ -94,14 +152,7 @@ public abstract class AbstractSignatureO
@Override
public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
try {
- AlgorithmType algorithmID = JCEAlgorithmMapper.getAlgorithmMapping(getSecurityProperties().getSignatureDigestAlgorithm());
- MessageDigest messageDigest;
- if (algorithmID.getJCEProvider() != null) {
- messageDigest = MessageDigest.getInstance(algorithmID.getJCEName(), algorithmID.getJCEProvider());
- } else {
- messageDigest = MessageDigest.getInstance(algorithmID.getJCEName());
- }
- this.digestOutputStream = new DigestOutputStream(messageDigest);
+ this.digestOutputStream = createMessageDigestOutputStream();
this.bufferedDigestOutputStream = new BufferedOutputStream(digestOutputStream);
if (signaturePartDef.getTransformAlgo() != null) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Thu Jul 12 19:13:24 2012
@@ -96,15 +96,19 @@ public class XMLSignatureEndingOutputPro
@Override
protected void createTransformsStructureForSignature(OutputProcessorChain subOutputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
if (signaturePartDef.getTransformAlgo() != null) {
+ createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, null);
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getTransformAlgo()));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
- } else {
+ createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
+ } else if (signaturePartDef.getC14nAlgo() != null) {
+ createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, null);
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getC14nAlgo()));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
+ createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
}
}
}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java Thu Jul 12 19:13:24 2012
@@ -74,6 +74,7 @@ public class XMLSignatureOutputProcessor
try {
SignaturePartDef signaturePartDef = new SignaturePartDef();
if (securePart.getIdToSign() == null) {
+ signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
signaturePartDef.setSigRefId(IDGenerator.generateID(null));
signaturePartDef.setC14nAlgo(getSecurityProperties().getSignatureCanonicalizationAlgorithm());
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.resourceResolvers;
+
+import org.apache.xml.security.stax.ext.ResourceResolver;
+import org.apache.xml.security.stax.ext.ResourceResolverLookup;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import java.io.InputStream;
+import java.net.URI;
+
+/**
+ * Resolver for local filesystem resources. Use the standard java security-manager to
+ * restrict filesystem accesses.
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ResolverFilesystem implements ResourceResolver, ResourceResolverLookup {
+
+ private String uri;
+
+ public ResolverFilesystem() {
+ }
+
+ public ResolverFilesystem(String uri) {
+ this.uri = uri;
+ }
+
+ @Override
+ public ResourceResolverLookup canResolve(String uri) {
+ if (uri != null && uri.startsWith("file:")) {
+ return this;
+ }
+ return null;
+ }
+
+ @Override
+ public ResourceResolver newInstance(String uri) {
+ return new ResolverFilesystem(uri);
+ }
+
+ @Override
+ public boolean isSameDocumentReference() {
+ return false;
+ }
+
+ @Override
+ public boolean matches(XMLSecStartElement xmlSecStartElement) {
+ return false;
+ }
+
+ @Override
+ public InputStream getInputStreamFromExternalReference() throws XMLSecurityException {
+ try {
+ URI tmp = new URI(uri);
+ if (tmp.getFragment() != null) {
+ tmp = new URI(tmp.getScheme(), tmp.getSchemeSpecificPart(), null);
+ }
+ return tmp.toURL().openStream();
+ } catch (Exception e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ }
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverFilesystem.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.resourceResolvers;
+
+import org.apache.xml.security.stax.ext.ResourceResolver;
+import org.apache.xml.security.stax.ext.ResourceResolverLookup;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.regex.Pattern;
+
+/**
+ * Resolver for external http[s] resources.
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ResolverHttp implements ResourceResolver, ResourceResolverLookup {
+
+ private String uri;
+ private Pattern pattern = Pattern.compile("^http[s]?://.*");
+
+ public ResolverHttp() {
+ }
+
+ public ResolverHttp(String uri) {
+ this.uri = uri;
+ }
+
+ @Override
+ public ResourceResolverLookup canResolve(String uri) {
+ if (uri != null && pattern.matcher(uri).matches()) {
+ return this;
+ }
+ return null;
+ }
+
+ @Override
+ public ResourceResolver newInstance(String uri) {
+ return new ResolverHttp(uri);
+ }
+
+ @Override
+ public boolean isSameDocumentReference() {
+ return false;
+ }
+
+ @Override
+ public boolean matches(XMLSecStartElement xmlSecStartElement) {
+ return false;
+ }
+
+ @Override
+ public InputStream getInputStreamFromExternalReference() throws XMLSecurityException {
+ try {
+ URI tmp = new URI(uri);
+ if (tmp.getFragment() != null) {
+ tmp = new URI(tmp.getScheme(), tmp.getSchemeSpecificPart(), null);
+ }
+ HttpURLConnection urlConnection = (HttpURLConnection) tmp.toURL().openConnection();
+ InputStream inputStream = urlConnection.getInputStream();
+ if (urlConnection.getResponseCode() != 200) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
+ }
+ return inputStream;
+ } catch (MalformedURLException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (IOException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (URISyntaxException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
+ }
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverHttp.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.resourceResolvers;
+
+import org.apache.xml.security.stax.ext.*;
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import javax.xml.stream.events.Attribute;
+import java.io.InputStream;
+
+/**
+ * Resolver for references in the same document.
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ResolverSameDocument implements ResourceResolver, ResourceResolverLookup {
+
+ private String id;
+
+ public ResolverSameDocument() {
+ }
+
+ public ResolverSameDocument(String uri) {
+ this.id = XMLSecurityUtils.dropReferenceMarker(uri);
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ @Override
+ public ResourceResolverLookup canResolve(String uri) {
+ if (uri != null && uri.charAt(0) == '#') {
+ if (uri.startsWith("#xpointer")) {
+ return null;
+ }
+ return this;
+ }
+ return null;
+ }
+
+ @Override
+ public ResourceResolver newInstance(String uri) {
+ return new ResolverSameDocument(uri);
+ }
+
+ @Override
+ public boolean isSameDocumentReference() {
+ return true;
+ }
+
+ @Override
+ public boolean matches(XMLSecStartElement xmlSecStartElement) {
+ Attribute attribute = xmlSecStartElement.getAttributeByName(XMLSecurityConstants.ATT_NULL_Id);
+ if (attribute != null && attribute.getValue().equals(id)) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public InputStream getInputStreamFromExternalReference() throws XMLSecurityException {
+ return null;
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.resourceResolvers;
+
+import org.apache.xml.security.stax.ext.ResourceResolver;
+import org.apache.xml.security.stax.ext.ResourceResolverLookup;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import javax.xml.stream.events.Attribute;
+import java.io.InputStream;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Resolver for xpointer references in the same document.
+ * Supported xpointers are '#xpointer(/)' and '#xpointer(id('ID'))'
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ResolverXPointer implements ResourceResolver, ResourceResolverLookup {
+
+ private Pattern pattern = Pattern.compile("^#xpointer\\((/)|(id\\([\"\']([^\"\']*)[\"\']\\))\\)");
+ private String id;
+ private boolean rootNodeOccured = false;
+
+ public ResolverXPointer() {
+ }
+
+ public ResolverXPointer(String uri) {
+ Matcher matcher = pattern.matcher(uri);
+ if (matcher.find() && matcher.groupCount() == 3) {
+ String slash = matcher.group(1);
+ if (slash != null) {
+ this.id = null;
+ return;
+ }
+ String id = matcher.group(3);
+ if (id != null) {
+ this.id = id;
+ return;
+ }
+ }
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public boolean isRootNodeOccured() {
+ return rootNodeOccured;
+ }
+
+ public void setRootNodeOccured(boolean rootNodeOccured) {
+ this.rootNodeOccured = rootNodeOccured;
+ }
+
+ @Override
+ public ResourceResolverLookup canResolve(String uri) {
+ if (uri != null && pattern.matcher(uri).find()) {
+ return this;
+ }
+ return null;
+ }
+
+ @Override
+ public ResourceResolver newInstance(String uri) {
+ return new ResolverXPointer(uri);
+ }
+
+ @Override
+ public boolean isSameDocumentReference() {
+ return true;
+ }
+
+ @Override
+ public boolean matches(XMLSecStartElement xmlSecStartElement) {
+ //when id is null we have #xpointer(/) and then we just return true for the first start-element
+ if (id == null) {
+ if (!rootNodeOccured) {
+ rootNodeOccured = true;
+ return true;
+ }
+ return false;
+ }
+ //case #xpointer(id('ID')):
+ Attribute attribute = xmlSecStartElement.getAttributeByName(XMLSecurityConstants.ATT_NULL_Id);
+ if (attribute != null && attribute.getValue().equals(id)) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public InputStream getInputStreamFromExternalReference() throws XMLSecurityException {
+ return null;
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverXPointer.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/resources/messages/errors.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/messages/errors.properties?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/messages/errors.properties (original)
+++ santuario/xml-security-java/trunk/src/main/resources/messages/errors.properties Thu Jul 12 19:13:24 2012
@@ -123,6 +123,8 @@ notASOAPMessage = Request is not a valid
digestVerificationFailed = Digest verification failed for URI {0}
unsupportedSecurityToken = Unsupported SecurityToken {0}
+resolver.noClass = Could not find a resolver for URI {0}
+
proxyNotFound = Proxy file ({0}) not found.
ioError00 = Failed to load credentials.
secError00 = Failed to load credentials.
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1360861&r1=1360860&r2=1360861&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Thu Jul 12 19:13:24 2012
@@ -351,14 +351,14 @@
RequiredKey="AES"
JCEName="AESWrap"/>
</JCEAlgorithmMappings>
- <ResourceResolvers>
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP"
- DESCRIPTION="A simple resolver for requests to HTTP space" />
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem"
- DESCRIPTION="A simple resolver for requests to the local file system" />
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment"
- DESCRIPTION="A simple resolver for requests of same-document URIs" />
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer"
- DESCRIPTION="A simple resolver for requests of XPointer fragents" />
- </ResourceResolvers>
+ <ResourceResolvers>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument"
+ DESCRIPTION="A simple resolver for requests of same-document URIs"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverFilesystem"
+ DESCRIPTION="A simple resolver for requests to the local file system"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverHttp"
+ DESCRIPTION="A simple resolver for requests to HTTP space"/>
+ <Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer"
+ DESCRIPTION="A simple resolver for requests of XPointer fragents"/>
+ </ResourceResolvers>
</Configuration>
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java?rev=1360861&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java Thu Jul 12 19:13:24 2012
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.stax.signature;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
+import org.junit.Assert;
+import org.junit.Before;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.crypto.SecretKey;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+import java.io.File;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AbstractSignatureCreationTest extends org.junit.Assert {
+
+ protected static String BASEDIR;
+
+ protected XMLInputFactory xmlInputFactory;
+ protected DocumentBuilderFactory documentBuilderFactory;
+
+ @Before
+ public void setUp() throws Exception {
+
+ BASEDIR = System.getProperty("basedir");
+ if (BASEDIR == null) {
+ BASEDIR = new File(".").getCanonicalPath();
+ }
+
+ org.apache.xml.security.Init.init();
+
+ xmlInputFactory = XMLInputFactory.newInstance();
+ xmlInputFactory.setEventAllocator(new XMLSecEventAllocator());
+
+ documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ documentBuilderFactory.setIgnoringComments(false);
+ documentBuilderFactory.setCoalescing(false);
+ documentBuilderFactory.setIgnoringElementContentWhitespace(false);
+ }
+
+ /**
+ * Verify the document using DOM
+ */
+ protected void verifyUsingDOM(
+ Document document,
+ X509Certificate cert,
+ List<SecurePart> secureParts
+ ) throws Exception {
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//dsig:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+
+ for (SecurePart securePart : secureParts) {
+ if (securePart.getName() == null) {
+ continue;
+ }
+ expression = "//*[local-name()='" + securePart.getName().getLocalPart() + "']";
+ Element signedElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(signedElement);
+ signedElement.setIdAttributeNS(null, "Id", true);
+ }
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+
+ Assert.assertTrue(signature.checkSignatureValue(cert));
+ }
+
+ /**
+ * Verify the document using DOM
+ */
+ protected void verifyUsingDOM(
+ Document document,
+ SecretKey secretKey,
+ List<SecurePart> secureParts
+ ) throws Exception {
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//dsig:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+
+ for (SecurePart securePart : secureParts) {
+ expression = "//*[local-name()='" + securePart.getName().getLocalPart() + "']";
+ Element signedElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(signedElement);
+ signedElement.setIdAttributeNS(null, "Id", true);
+ }
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ Assert.assertTrue(signature.checkSignatureValue(secretKey));
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision