You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2012/07/12 18:07:45 UTC
svn commit: r1360744 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/input/
main/java/org/apache/xml/security/stax/impl/securityToken/
main/java/org/apache/x...
Author: coheigea
Date: Thu Jul 12 16:07:45 2012
New Revision: 1360744
URL: http://svn.apache.org/viewvc?rev=1360744&view=rev
Log:
Properly processing Signature KeyInfo for the streaming case + added tests
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyNameTokenSecurityEvent.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/SecurityEventConstants.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Thu Jul 12 16:07:45 2012
@@ -190,6 +190,7 @@ public class XMLSecurityConstants {
public static final QName TAG_dsig_X509Certificate = new QName(NS_DSIG, "X509Certificate", PREFIX_DSIG);
public static final QName TAG_dsig_X509SubjectName = new QName(NS_DSIG, "X509SubjectName", PREFIX_DSIG);
+ public static final QName TAG_dsig_KeyName = new QName(NS_DSIG, "KeyName", PREFIX_DSIG);
public static final QName TAG_dsig_KeyValue = new QName(NS_DSIG, "KeyValue", PREFIX_DSIG);
public static final QName TAG_dsig_RSAKeyValue = new QName(NS_DSIG, "RSAKeyValue", PREFIX_DSIG);
public static final QName TAG_dsig_Modulus = new QName(NS_DSIG, "Modulus", PREFIX_DSIG);
@@ -243,6 +244,7 @@ public class XMLSecurityConstants {
public enum XMLKeyIdentifierType implements KeyIdentifierType {
KEY_VALUE,
+ KEY_NAME,
X509_ISSUER_SERIAL,
X509_SKI,
X509_CERTIFICATE,
@@ -333,6 +335,7 @@ public class XMLSecurityConstants {
public static final TokenType X509Pkcs7Token = new TokenType("X509Pkcs7Token");
public static final TokenType X509PkiPathV1Token = new TokenType("X509PkiPathV1Token");
public static final TokenType KeyValueToken = new TokenType("KeyValueToken");
+ public static final TokenType KeyNameToken = new TokenType("KeyNameToken");
public static final TokenType DefaultToken = new TokenType("DefaultToken");
public static class TokenType implements Comparable<TokenType> {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSignatureInputHandler.java Thu Jul 12 16:07:45 2012
@@ -29,6 +29,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.KeyNameTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
@@ -72,6 +73,8 @@ public class XMLSignatureInputHandler ex
tokenSecurityEvent = new X509TokenSecurityEvent();
} else if (tokenType == XMLSecurityConstants.KeyValueToken) {
tokenSecurityEvent = new KeyValueTokenSecurityEvent();
+ } else if (tokenType == XMLSecurityConstants.KeyNameToken) {
+ tokenSecurityEvent = new KeyNameTokenSecurityEvent();
} else if (tokenType == XMLSecurityConstants.DefaultToken) {
tokenSecurityEvent = new DefaultTokenSecurityEvent();
} else {
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java?rev=1360744&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java Thu Jul 12 16:07:45 2012
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import java.security.Key;
+import java.security.PublicKey;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class KeyNameSecurityToken extends AbstractSecurityToken {
+
+ private Key key;
+ private String keyName;
+
+ public KeyNameSecurityToken(String keyName, SecurityContext securityContext, CallbackHandler callbackHandler,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ super(securityContext, callbackHandler, null, keyIdentifierType);
+ this.keyName = keyName;
+ }
+
+ @Override
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return key;
+ }
+
+ @Override
+ protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ if (key instanceof PublicKey) {
+ return (PublicKey)key;
+ }
+ return null;
+ }
+
+ public void setKey(Key key) {
+ this.key = key;
+ }
+
+ @Override
+ public boolean isAsymmetric() {
+ if (key instanceof PublicKey) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return XMLSecurityConstants.KeyNameToken;
+ }
+
+ //todo move to super class?
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return null;
+ }
+
+ public String getKeyName() {
+ return keyName;
+ }
+}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Thu Jul 12 16:07:45 2012
@@ -18,8 +18,13 @@
*/
package org.apache.xml.security.stax.impl.securityToken;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
import java.security.Key;
import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import javax.security.auth.callback.CallbackHandler;
@@ -28,7 +33,9 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig.KeyValueType;
import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.X509DataType;
+import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
@@ -38,6 +45,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
+import org.apache.xml.security.utils.RFC2253Parser;
/**
* Factory to create SecurityToken Objects from keys in XML
@@ -56,20 +64,33 @@ public class SecurityTokenFactoryImpl ex
XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException {
if (keyInfoType != null) {
+ // KeyValue
final KeyValueType keyValueType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
if (keyValueType != null) {
return getSecurityToken(keyValueType, securityProperties.getCallbackHandler(), securityContext);
}
- // TODO revisit
+
+ // KeyName
+ final String keyName =
+ XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyName);
+ if (keyName != null) {
+ KeyNameSecurityToken token =
+ new KeyNameSecurityToken(keyName, securityContext, securityProperties.getCallbackHandler(),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME);
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+ }
+
+ // X509Data
final X509DataType x509DataType =
XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
if (x509DataType != null) {
- X509SecurityToken token =
- new X509SecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
- token.setKey(securityProperties.getSignatureVerificationKey());
- return token;
+ try {
+ return getSecurityToken(x509DataType, securityProperties, securityContext);
+ } catch (Base64DecodingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo", e);
+ }
}
}
@@ -110,6 +131,86 @@ public class SecurityTokenFactoryImpl ex
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
}
+ private static SecurityToken getSecurityToken(X509DataType x509DataType,
+ XMLSecurityProperties securityProperties,
+ SecurityContext securityContext)
+ throws XMLSecurityException, Base64DecodingException {
+ // Issuer Serial
+ final X509IssuerSerialType issuerSerialType =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509IssuerSerial
+ );
+ if (issuerSerialType != null) {
+ if (issuerSerialType.getX509IssuerName() == null
+ || issuerSerialType.getX509SerialNumber() == null) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
+ }
+ X509IssuerSerialSecurityToken token =
+ new X509IssuerSerialSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
+ token.setIssuerName(issuerSerialType.getX509IssuerName());
+ token.setSerialNumber(issuerSerialType.getX509SerialNumber());
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+ }
+
+ // Subject Key Identifier
+ byte[] skiBytes =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509SKI
+ );
+ if (skiBytes != null) {
+ X509SKISecurityToken token =
+ new X509SKISecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
+ token.setSkiBytes(skiBytes);
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+ }
+
+ // X509Certificate
+ byte[] certBytes =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509Certificate
+ );
+ if (certBytes != null) {
+ X509Certificate cert = getCertificateFromBytes(certBytes);
+ TokenType tokenType = XMLSecurityConstants.X509V3Token;
+ if (cert.getVersion() == 1) {
+ tokenType = XMLSecurityConstants.X509V1Token;
+ }
+ X509SecurityToken token =
+ new X509SecurityToken(tokenType, securityContext,
+ securityProperties.getCallbackHandler(), "",
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
+ token.setX509Certificates(new X509Certificate[]{cert});
+ return token;
+ }
+
+ // Subject Name
+ String subjectName =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509SubjectName
+ );
+ if (subjectName != null) {
+ String normalizedSubjectName =
+ RFC2253Parser.normalize(subjectName);
+ X509SubjectNameSecurityToken token =
+ new X509SubjectNameSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "",
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
+ token.setSubjectName(normalizedSubjectName);
+ token.setKey(securityProperties.getSignatureVerificationKey());
+ return token;
+ }
+
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
+ }
+
private static class DefaultSecurityToken extends AbstractSecurityToken {
private Key key;
@@ -158,4 +259,26 @@ public class SecurityTokenFactoryImpl ex
}
}
+
+ /**
+ * Construct an X509Certificate'from the byte array.
+ * <p/>
+ *
+ * @param data The <code>byte</code> array containing the X509 data
+ * @return An X509 certificate
+ * @throws XMLSecurityException
+ */
+ private static X509Certificate getCertificateFromBytes(byte[] data)
+ throws XMLSecurityException {
+ InputStream in = new ByteArrayInputStream(data);
+ try {
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return (X509Certificate) factory.generateCertificate(in);
+ } catch (CertificateException e) {
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError",
+ null, e
+ );
+ }
+ }
}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java?rev=1360744&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java Thu Jul 12 16:07:45 2012
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import java.math.BigInteger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class X509IssuerSerialSecurityToken extends X509SecurityToken {
+ private String issuerName;
+ private BigInteger serialNumber;
+
+ protected X509IssuerSerialSecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
+ CallbackHandler callbackHandler, String id,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ }
+
+ public String getIssuerName() {
+ return issuerName;
+ }
+
+ public void setIssuerName(String issuerName) {
+ this.issuerName = issuerName;
+ }
+
+ public BigInteger getSerialNumber() {
+ return serialNumber;
+ }
+
+ public void setSerialNumber(BigInteger serialNumber) {
+ this.serialNumber = serialNumber;
+ }
+
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java?rev=1360744&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java Thu Jul 12 16:07:45 2012
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class X509SKISecurityToken extends X509SecurityToken {
+
+ private byte[] skiBytes;
+
+ protected X509SKISecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
+ CallbackHandler callbackHandler, String id,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ }
+
+ public byte[] getSkiBytes() {
+ return skiBytes;
+ }
+
+ public void setSkiBytes(byte[] skiBytes) {
+ this.skiBytes = skiBytes;
+ }
+
+
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java?rev=1360744&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java Thu Jul 12 16:07:45 2012
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.xml.security.stax.ext.SecurityContext;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class X509SubjectNameSecurityToken extends X509SecurityToken {
+
+ private String subjectName;
+
+ protected X509SubjectNameSecurityToken(XMLSecurityConstants.TokenType tokenType, SecurityContext securityContext,
+ CallbackHandler callbackHandler, String id,
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ super(tokenType, securityContext, callbackHandler, id, keyIdentifierType);
+ }
+
+ public String getSubjectName() {
+ return subjectName;
+ }
+
+ public void setSubjectName(String subjectName) {
+ this.subjectName = subjectName;
+ }
+
+}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyNameTokenSecurityEvent.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyNameTokenSecurityEvent.java?rev=1360744&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyNameTokenSecurityEvent.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyNameTokenSecurityEvent.java Thu Jul 12 16:07:45 2012
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.securityEvent;
+
+
+/**
+ * @author $Author: coheigea $
+ * @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
+ */
+public class KeyNameTokenSecurityEvent extends TokenSecurityEvent {
+
+ public KeyNameTokenSecurityEvent() {
+ super(SecurityEventConstants.KeyNameToken);
+ }
+
+}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/SecurityEventConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/SecurityEventConstants.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/SecurityEventConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/SecurityEventConstants.java Thu Jul 12 16:07:45 2012
@@ -26,6 +26,7 @@ public class SecurityEventConstants {
public static final Event SignatureValue = new Event("SignatureValue");
public static final Event SignedElement = new Event("SignedElement");
public static final Event KeyValueToken = new Event("KeyValueToken");
+ public static final Event KeyNameToken = new Event("KeyNameToken");
public static final Event X509Token = new Event("X509Token");
public static final Event AlgorithmSuite = new Event("AlgorithmSuite");
public static final Event DefaultToken = new Event("DefaultToken");
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java Thu Jul 12 16:07:45 2012
@@ -47,10 +47,17 @@ import javax.xml.transform.stream.Stream
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.InboundXMLSec;
import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509IssuerSerialSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SubjectNameSecurityToken;
import org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.KeyNameTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
+import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.junit.Before;
@@ -143,12 +150,9 @@ public class BaltimoreTest extends org.j
document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- DefaultTokenSecurityEvent tokenEvent =
- (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
- assertNotNull(tokenEvent);
- Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
- assertEquals(processedKey, key);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, key,
+ XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO);
}
@Test
@@ -198,9 +202,6 @@ public class BaltimoreTest extends org.j
DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
Document document = builder.parse(sourceDocument);
- // Set up the Key
- Key publicKey = getPublicKey("DSA", 15);
-
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -212,11 +213,16 @@ public class BaltimoreTest extends org.j
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(publicKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
- XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("DSA", 15),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
// See SANTUARIO-318
@@ -278,13 +284,9 @@ public class BaltimoreTest extends org.j
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("DSA", 15);
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("DSA", 15),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
@Test
@@ -314,13 +316,9 @@ public class BaltimoreTest extends org.j
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("RSA", 15);
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("RSA", 15),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
// See SANTUARIO-318
@@ -420,12 +418,9 @@ public class BaltimoreTest extends org.j
document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- DefaultTokenSecurityEvent tokenEvent =
- (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
- assertNotNull(tokenEvent);
- Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
- assertEquals(processedKey, key);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, key,
+ XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO);
}
@Test
@@ -555,13 +550,9 @@ public class BaltimoreTest extends org.j
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("DSA", 23);
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("DSA", 23),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
@Test
@@ -591,13 +582,9 @@ public class BaltimoreTest extends org.j
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("RSA", 23);
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("RSA", 23),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
// See SANTUARIO-318
@@ -768,5 +755,48 @@ public class BaltimoreTest extends org.j
}
return kf.generatePublic(kspec);
}
+
+ private void checkSignatureToken(
+ TestSecurityEventListener securityEventListener,
+ Key key,
+ XMLSecurityConstants.XMLKeyIdentifierType keyIdentifierType
+ ) throws XMLSecurityException {
+ if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE) {
+
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
+ DefaultTokenSecurityEvent tokenEvent =
+ (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME) {
+ KeyNameTokenSecurityEvent tokenEvent =
+ (KeyNameTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyNameToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((KeyNameSecurityToken)tokenEvent.getSecurityToken()).getKeyName());
+ } else {
+ X509TokenSecurityEvent tokenEvent =
+ (X509TokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.X509Token);
+ assertNotNull(tokenEvent);
+ X509SecurityToken x509SecurityToken =
+ (X509SecurityToken)tokenEvent.getSecurityToken();
+ assertNotNull(x509SecurityToken);
+ if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((X509SubjectNameSecurityToken)x509SecurityToken).getSubjectName());
+ } else if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getIssuerName());
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getSerialNumber());
+ }
+ }
+
+ }
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java Thu Jul 12 16:07:45 2012
@@ -45,10 +45,17 @@ import javax.xml.transform.stream.Stream
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.InboundXMLSec;
import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509IssuerSerialSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SubjectNameSecurityToken;
import org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.KeyNameTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
+import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.junit.Before;
@@ -130,12 +137,9 @@ public class IAIKTest extends org.junit.
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- DefaultTokenSecurityEvent tokenEvent =
- (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
- assertNotNull(tokenEvent);
- Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
- assertEquals(processedKey, key);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, key,
+ XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO);
}
@Test
@@ -201,13 +205,9 @@ public class IAIKTest extends org.junit.
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("DSA");
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("DSA"),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
@Test
@@ -237,13 +237,9 @@ public class IAIKTest extends org.junit.
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
- // Compare the keys
- KeyValueTokenSecurityEvent tokenEvent =
- (KeyValueTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyValueToken);
- assertNotNull(tokenEvent);
- PublicKey processedKey = tokenEvent.getSecurityToken().getPublicKey("", null);
- Key publicKey = getPublicKey("RSA");
- assertEquals(processedKey, publicKey);
+ // Check the SecurityEvents
+ checkSignatureToken(securityEventListener, getPublicKey("RSA"),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
// See SANTUARIO-318
@@ -361,4 +357,46 @@ public class IAIKTest extends org.junit.
return kf.generatePublic(kspec);
}
+ private void checkSignatureToken(
+ TestSecurityEventListener securityEventListener,
+ Key key,
+ XMLSecurityConstants.XMLKeyIdentifierType keyIdentifierType
+ ) throws XMLSecurityException {
+ if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE) {
+
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
+ DefaultTokenSecurityEvent tokenEvent =
+ (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME) {
+ KeyNameTokenSecurityEvent tokenEvent =
+ (KeyNameTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyNameToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((KeyNameSecurityToken)tokenEvent.getSecurityToken()).getKeyName());
+ } else {
+ X509TokenSecurityEvent tokenEvent =
+ (X509TokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.X509Token);
+ assertNotNull(tokenEvent);
+ X509SecurityToken x509SecurityToken =
+ (X509SecurityToken)tokenEvent.getSecurityToken();
+ assertNotNull(x509SecurityToken);
+ if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((X509SubjectNameSecurityToken)x509SecurityToken).getSubjectName());
+ } else if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getIssuerName());
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getSerialNumber());
+ }
+ }
+
+ }
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java?rev=1360744&r1=1360743&r2=1360744&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java Thu Jul 12 16:07:45 2012
@@ -44,14 +44,22 @@ import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.InboundXMLSec;
import org.apache.xml.security.stax.ext.XMLSec;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509IssuerSerialSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.X509SubjectNameSecurityToken;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.KeyNameTokenSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
@@ -66,7 +74,6 @@ import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-// import org.apache.xml.security.utils.XMLUtils;
/**
* A set of test-cases for Signature verification.
@@ -114,10 +121,13 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, cert, key
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -129,7 +139,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -140,6 +149,8 @@ public class SignatureVerificationTest e
// Check the SecurityEvents
checkSecurityEvents(securityEventListener);
checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
}
@Test
@@ -164,10 +175,13 @@ public class SignatureVerificationTest e
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
localNames.add("ShippingAddress");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, cert, key
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -179,7 +193,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -190,6 +203,8 @@ public class SignatureVerificationTest e
// Check the SecurityEvents
checkSecurityEvents(securityEventListener);
checkSignedElementMultipleSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
}
@Test
@@ -208,10 +223,15 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#hmac-sha1", document, localNames, null, key
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#hmac-sha1", document, localNames, key
);
+ // Add KeyInfo
+ KeyInfo keyInfo = sig.getKeyInfo();
+ KeyName keyName = new KeyName(document, "SecretKey");
+ keyInfo.add(keyName);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -232,19 +252,13 @@ public class SignatureVerificationTest e
document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
// Check the SecurityEvents
- SignatureValueSecurityEvent sigValueEvent =
- (SignatureValueSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.SignatureValue);
- assertNotNull(sigValueEvent);
- assertNotNull(sigValueEvent.getSignatureValue());
-
+ checkSecurityEvents(securityEventListener,
+ "http://www.w3.org/2001/10/xml-exc-c14n#",
+ "http://www.w3.org/2000/09/xmldsig#sha1",
+ "http://www.w3.org/2000/09/xmldsig#hmac-sha1");
checkSignedElementSecurityEvents(securityEventListener);
-
- // Compare the keys
- DefaultTokenSecurityEvent tokenEvent =
- (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
- assertNotNull(tokenEvent);
- Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
- assertEquals(processedKey, key);
+ checkSignatureToken(securityEventListener, null, key,
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME);
}
@Test
@@ -263,10 +277,15 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#hmac-sha1", document, localNames, null, key
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#hmac-sha1", document, localNames, key
);
+ // Add KeyInfo
+ KeyInfo keyInfo = sig.getKeyInfo();
+ KeyName keyName = new KeyName(document, "SecretKey");
+ keyInfo.add(keyName);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -315,10 +334,13 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", document, localNames, cert, key
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", document, localNames, key
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -330,7 +352,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -344,6 +365,8 @@ public class SignatureVerificationTest e
"http://www.w3.org/2000/09/xmldsig#sha1",
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1");
checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
}
@Test
@@ -367,11 +390,14 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, cert, key,
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key,
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -383,7 +409,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -397,6 +422,8 @@ public class SignatureVerificationTest e
"http://www.w3.org/2000/09/xmldsig#sha1",
"http://www.w3.org/2000/09/xmldsig#rsa-sha1");
checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
}
@Test
@@ -420,11 +447,14 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, cert, key,
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key,
"http://www.w3.org/2006/12/xml-c14n11"
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -436,7 +466,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -450,6 +479,8 @@ public class SignatureVerificationTest e
"http://www.w3.org/2000/09/xmldsig#sha1",
"http://www.w3.org/2000/09/xmldsig#rsa-sha1");
checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
}
@Test
@@ -473,11 +504,14 @@ public class SignatureVerificationTest e
// Sign using DOM
List<String> localNames = new ArrayList<String>();
localNames.add("PaymentInfo");
- signUsingDOM(
- "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", document, localNames, cert, key,
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", document, localNames, key,
"http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2001/04/xmlenc#sha256"
);
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
@@ -489,7 +523,6 @@ public class SignatureVerificationTest e
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
- properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader =
@@ -503,45 +536,217 @@ public class SignatureVerificationTest e
"http://www.w3.org/2001/04/xmlenc#sha256",
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
+ }
+
+ @Test
+ public void testIssuerSerial() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
+ );
+
+ // Add KeyInfo
+ KeyInfo keyInfo = sig.getKeyInfo();
+ XMLX509IssuerSerial issuerSerial =
+ new XMLX509IssuerSerial(sig.getDocument(), cert);
+ X509Data x509Data = new X509Data(sig.getDocument());
+ x509Data.add(issuerSerial);
+ keyInfo.add(x509Data);
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+
+ // Check the SecurityEvents
+ checkSecurityEvents(securityEventListener);
+ checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
+ }
+
+ @Test
+ public void testSubjectName() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
+ );
+
+ // Add KeyInfo
+ KeyInfo keyInfo = sig.getKeyInfo();
+ X509Data x509Data = new X509Data(sig.getDocument());
+ x509Data.addSubjectName(cert);
+ keyInfo.add(x509Data);
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+
+ // Check the SecurityEvents
+ checkSecurityEvents(securityEventListener);
+ checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
+ }
+
+ @Test
+ public void testSubjectSKI() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
+
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("JCEKS");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("test.jceks").openStream(),
+ "secret".toCharArray()
+ );
+ Key key = keyStore.getKey("rsakey", "secret".toCharArray());
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("rsakey");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key
+ );
+
+ // Add KeyInfo
+ KeyInfo keyInfo = sig.getKeyInfo();
+ X509Data x509Data = new X509Data(sig.getDocument());
+ x509Data.addSKI(cert);
+ keyInfo.add(x509Data);
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
+
+ // Check the SecurityEvents
+ checkSecurityEvents(securityEventListener);
+ checkSignedElementSecurityEvents(securityEventListener);
+ checkSignatureToken(securityEventListener, cert, null,
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
}
/**
* Sign the document using DOM
*/
- private void signUsingDOM(
+ private XMLSignature signUsingDOM(
String algorithm,
Document document,
List<String> localNames,
- X509Certificate cert,
Key signingKey
) throws Exception {
String c14nMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
- signUsingDOM(algorithm, document, localNames, cert, signingKey, c14nMethod);
+ return signUsingDOM(algorithm, document, localNames, signingKey, c14nMethod);
}
/**
* Sign the document using DOM
*/
- private void signUsingDOM(
+ private XMLSignature signUsingDOM(
String algorithm,
Document document,
List<String> localNames,
- X509Certificate cert,
Key signingKey,
String c14nMethod
) throws Exception {
String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
- signUsingDOM(algorithm, document, localNames, cert, signingKey, c14nMethod, digestMethod);
+ return signUsingDOM(algorithm, document, localNames, signingKey, c14nMethod, digestMethod);
}
/**
* Sign the document using DOM
*/
- private void signUsingDOM(
+ private XMLSignature signUsingDOM(
String algorithm,
Document document,
List<String> localNames,
- X509Certificate cert,
Key signingKey,
String c14nMethod,
String digestMethod
@@ -567,20 +772,15 @@ public class SignatureVerificationTest e
transforms.addTransform(c14nMethod);
sig.addDocument("#" + id, transforms, digestMethod);
}
-
- if (cert != null) {
- sig.addKeyInfo(cert);
- } else {
- KeyInfo keyInfo = sig.getKeyInfo();
- KeyName keyName = new KeyName(document, "SecretKey");
- keyInfo.add(keyName);
- }
+
sig.sign(signingKey);
String expression = "//ds:Signature[1]";
Element sigElement =
(Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(sigElement);
+
+ return sig;
}
private void checkSecurityEvents(TestSecurityEventListener securityEventListener) {
@@ -596,10 +796,6 @@ public class SignatureVerificationTest e
String digestAlgorithm,
String signatureMethod
) {
- X509TokenSecurityEvent tokenEvent =
- (X509TokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.X509Token);
- assertNotNull(tokenEvent);
-
SignatureValueSecurityEvent sigValueEvent =
(SignatureValueSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.SignatureValue);
assertNotNull(sigValueEvent);
@@ -669,6 +865,52 @@ public class SignatureVerificationTest e
assertTrue(signedElementEvent.isSigned());
}
+ private void checkSignatureToken(
+ TestSecurityEventListener securityEventListener,
+ X509Certificate cert,
+ Key key,
+ XMLSecurityConstants.XMLKeyIdentifierType keyIdentifierType
+ ) throws XMLSecurityException {
+ if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE) {
+
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
+ DefaultTokenSecurityEvent tokenEvent =
+ (DefaultTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.DefaultToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ } else if (keyIdentifierType == XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME) {
+ KeyNameTokenSecurityEvent tokenEvent =
+ (KeyNameTokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.KeyNameToken);
+ assertNotNull(tokenEvent);
+ Key processedKey = tokenEvent.getSecurityToken().getSecretKey("", null);
+ assertEquals(processedKey, key);
+ assertNotNull(((KeyNameSecurityToken)tokenEvent.getSecurityToken()).getKeyName());
+ } else {
+ X509TokenSecurityEvent tokenEvent =
+ (X509TokenSecurityEvent)securityEventListener.getTokenEvent(SecurityEventConstants.X509Token);
+ assertNotNull(tokenEvent);
+ X509SecurityToken x509SecurityToken =
+ (X509SecurityToken)tokenEvent.getSecurityToken();
+ assertNotNull(x509SecurityToken);
+ if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE) {
+ assertEquals(cert, x509SecurityToken.getX509Certificates()[0]);
+ } else if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, cert.getPublicKey());
+ assertNotNull(((X509SubjectNameSecurityToken)x509SecurityToken).getSubjectName());
+ } else if (keyIdentifierType ==
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL) {
+ Key processedKey = x509SecurityToken.getKey("", null);
+ assertEquals(processedKey, cert.getPublicKey());
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getIssuerName());
+ assertNotNull(((X509IssuerSerialSecurityToken)x509SecurityToken).getSerialNumber());
+ }
+ }
+
+ }
}