You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2017/10/17 11:35:03 UTC
svn commit: r1812389 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/algorithms/
main/java/org/apache/xml/security/algorithms/implementations/
main/java/org/apache/xml/security/resource/
main/java/org/apache/xml/security/...
Author: coheigea
Date: Tue Oct 17 11:35:03 2017
New Revision: 1812389
URL: http://svn.apache.org/viewvc?rev=1812389&view=rev
Log:
SANTUARIO-480 - Support of RSASSA-PSS with SHA3
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Tue Oct 17 11:35:03 2017
@@ -164,6 +164,22 @@ public class JCEMapper {
new Algorithm("RSA", "SHA512withRSAandMGF1", "Signature")
);
algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1,
+ new Algorithm("RSA", "SHA3-224withRSAandMGF1", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1,
+ new Algorithm("RSA", "SHA3-256withRSAandMGF1", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1,
+ new Algorithm("RSA", "SHA3-384withRSAandMGF1", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1,
+ new Algorithm("RSA", "SHA3-512withRSAandMGF1", "Signature")
+ );
+ algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
new Algorithm("EC", "SHA1withECDSA", "Signature")
);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Tue Oct 17 11:35:03 2017
@@ -144,14 +144,12 @@ public class SignatureAlgorithm extends
Class<? extends SignatureAlgorithmSpi> implementingClass =
algorithmHash.get(algorithmURI);
LOG.debug("Create URI \"{}\" class \"{}\"", algorithmURI, implementingClass);
+ if (implementingClass == null) {
+ Object exArgs[] = { algorithmURI };
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithmNoEx", exArgs);
+ }
return implementingClass.newInstance();
- } catch (IllegalAccessException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
- } catch (InstantiationException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
- } catch (NullPointerException ex) {
+ } catch (IllegalAccessException | InstantiationException | NullPointerException ex) {
Object exArgs[] = { algorithmURI, ex.getMessage() };
throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
}
@@ -423,6 +421,18 @@ public class SignatureAlgorithm extends
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1, SignatureBaseRSA.SignatureRSASHA512MGF1.class
);
algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1, SignatureBaseRSA.SignatureRSASHA3_224MGF1.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1, SignatureBaseRSA.SignatureRSASHA3_256MGF1.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1, SignatureBaseRSA.SignatureRSASHA3_384MGF1.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1, SignatureBaseRSA.SignatureRSASHA3_512MGF1.class
+ );
+ algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
);
algorithmHash.put(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java Tue Oct 17 11:35:03 2017
@@ -450,4 +450,84 @@ public abstract class SignatureBaseRSA e
return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1;
}
}
+
+ /**
+ * Class SignatureRSA3_SHA224MGF1
+ */
+ public static class SignatureRSASHA3_224MGF1 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA3_224MGF1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA3_224MGF1() throws XMLSignatureException {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1;
+ }
+ }
+
+ /**
+ * Class SignatureRSA3_SHA256MGF1
+ */
+ public static class SignatureRSASHA3_256MGF1 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA3_256MGF1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA3_256MGF1() throws XMLSignatureException {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1;
+ }
+ }
+
+ /**
+ * Class SignatureRSA3_SHA384MGF1
+ */
+ public static class SignatureRSASHA3_384MGF1 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA3_384MGF1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA3_384MGF1() throws XMLSignatureException {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA3_512MGF1
+ */
+ public static class SignatureRSASHA3_512MGF1 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA3_512MGF1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA3_512MGF1() throws XMLSignatureException {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1;
+ }
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] Tue Oct 17 11:35:03 2017
@@ -28,6 +28,7 @@ algorithms.CannotUseAlgorithmParameterSp
algorithms.CannotUseSecureRandomOnMAC = SecureRandom kann nicht f\u00fcr MAC's angewandt werden.
algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein
algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden
+algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar.
algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1}
algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden
algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] Tue Oct 17 11:35:03 2017
@@ -28,6 +28,7 @@ algorithms.CannotUseAlgorithmParameterSp
algorithms.CannotUseSecureRandomOnMAC = Sorry, but you cannot use a SecureRandom object for creating MACs.
algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
algorithms.HMACOutputLengthOnlyForHMAC = A HMACOutputLength can only be specified for HMAC integrity algorithms
+algorithms.NoSuchAlgorithmNoEx = The requested algorithm {0} does not exist.
algorithms.NoSuchAlgorithm = The requested algorithm {0} does not exist. Original Message was: {1}
algorithms.NoSuchMap = The algorithm URI "{0}" could not be mapped to a JCE algorithm
algorithms.NoSuchProvider = The specified Provider {0} does not exist. Original Message was: {1}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Tue Oct 17 11:35:03 2017
@@ -135,6 +135,22 @@ public final class XMLSignature extends
public static final String ALGO_ID_SIGNATURE_RSA_SHA512_MGF1 =
Constants.XML_DSIG_NS_MORE_07_05 + "sha512-rsa-MGF1";
+ /** Signature - Optional RSAwithSHA3_224andMGF1 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1 =
+ Constants.XML_DSIG_NS_MORE_07_05 + "sha3-224-rsa-MGF1";
+
+ /** Signature - Optional RSAwithSHA3_256andMGF1 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1 =
+ Constants.XML_DSIG_NS_MORE_07_05 + "sha3-256-rsa-MGF1";
+
+ /** Signature - Optional RSAwithSHA3_384andMGF1 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1 =
+ Constants.XML_DSIG_NS_MORE_07_05 + "sha3-384-rsa-MGF1";
+
+ /** Signature - Optional RSAwithSHA3_512andMGF1 */
+ public static final String ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1 =
+ Constants.XML_DSIG_NS_MORE_07_05 + "sha3-512-rsa-MGF1";
+
/** HMAC - NOT Recommended HMAC-MD5 */
public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
Constants.MoreAlgorithmsSpecNS + "hmac-md5";
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java?rev=1812389&r1=1812388&r2=1812389&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java Tue Oct 17 11:35:03 2017
@@ -306,6 +306,82 @@ public class PKSignatureAlgorithmTest ex
}
@org.junit.Test
+ public void testRSA_SHA3_224_MGF1() throws Exception {
+ org.junit.Assume.assumeTrue(bcInstalled);
+
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA3_256_MGF1() throws Exception {
+ org.junit.Assume.assumeTrue(bcInstalled);
+
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA3_384_MGF1() throws Exception {
+ org.junit.Assume.assumeTrue(bcInstalled);
+
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA3_512_MGF1() throws Exception {
+ org.junit.Assume.assumeTrue(bcInstalled);
+
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
public void testECDSA_SHA1() throws Exception {
// Read in plaintext document
InputStream sourceDocument =