You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@abdera.apache.org by jm...@apache.org on 2007/05/25 20:14:21 UTC
svn commit: r541743 - in /incubator/abdera/java/trunk:
core/src/main/java/org/apache/abdera/model/
parser/src/main/java/org/apache/abdera/parser/stax/
parser/src/main/java/org/apache/abdera/parser/stax/util/
security/src/main/java/org/apache/abdera/sec...
Author: jmsnell
Date: Fri May 25 11:14:20 2007
New Revision: 541743
URL: http://svn.apache.org/viewvc?view=rev&rev=541743
Log:
Allow signing without a X509 cert.
Add a method for associating a public key with the signature
Allow for verification of signatures without embedded keyinfo
Provide signing options for signing atom:link/@href and atom:content/@src targets
Allow filtering of signed atom:link/@href's by rel attribute value
Add helper method for retrieving lists of links for a list of rel attributes values
Example:
public static void main(String... args) throws Exception {
FileWriter fw = new FileWriter("/media/store/www/test.dat");
fw.write("testing");
fw.close();
KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("DSA", "IBMJCE");
SecureRandom random =
SecureRandom.getInstance("SHA1PRNG", "IBMJCE");
keyGen.initialize(1024, random);
random.setSeed(System.currentTimeMillis());
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();
Abdera abdera = new Abdera();
Entry entry = abdera.newEntry();
entry.addLink("http://localhost/test.dat", "license");
AbderaSecurity absec = new AbderaSecurity(abdera);
Signature sig = absec.getSignature();
SignatureOptions options = sig.getDefaultSignatureOptions();
options.setSigningKey(priv);
options.setSignLinks(true); // sign atom:link targets the atom:content/src target
options.setSignedLinkRels("license"); // filter links so that only license links are signed
entry = sig.sign(entry, options); // the signature will not contain any key info
// set the public key used to verify the signature
options.setPublicKey(pub);
// signature will be valid
System.out.println(sig.verify(entry, options));
fw = new FileWriter("/media/store/www/test.dat");
fw.write("foo");
fw.close();
// signature will be invalid because the linked reference changed
System.out.println(sig.verify(entry, options));
}
Modified:
incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Entry.java
incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Source.java
incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMEntry.java
incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMSource.java
incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/util/FOMHelper.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/SignatureOptions.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignature.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignatureOptions.java
Modified: incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Entry.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Entry.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Entry.java (original)
+++ incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Entry.java Fri May 25 11:14:20 2007
@@ -401,6 +401,13 @@
List<Link> getLinks(String rel);
/**
+ * Lists the complete set of links using the specified rel attributes values
+ * @param rels A listing of link relations
+ * @return A listof atom:link elements
+ */
+ List<Link> getLinks(String... rel);
+
+ /**
* Adds an individual link to the entry
* @param link the atom:link to add
*/
Modified: incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Source.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Source.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Source.java (original)
+++ incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/model/Source.java Fri May 25 11:14:20 2007
@@ -296,6 +296,13 @@
List<Link> getLinks(String rel);
/**
+ * Lists the complete set of links using the specified rel attributes values
+ * @param rels A listing of link relations
+ * @return A listof atom:link elements
+ */
+ List<Link> getLinks(String... rel);
+
+ /**
* Adds an individual link to the entry
* @param link A atom:link element
*/
Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMEntry.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMEntry.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMEntry.java (original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMEntry.java Fri May 25 11:14:20 2007
@@ -384,6 +384,10 @@
public List<Link> getLinks(String rel) {
return FOMHelper.getLinks(this, rel);
}
+
+ public List<Link> getLinks(String... rels) {
+ return FOMHelper.getLinks(this, rels);
+ }
public void addLink(Link link) {
addChild((OMElement)link);
Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMSource.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMSource.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMSource.java (original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMSource.java Fri May 25 11:14:20 2007
@@ -238,6 +238,10 @@
public List<Link> getLinks(String rel) {
return FOMHelper.getLinks(this, rel);
}
+
+ public List<Link> getLinks(String... rels) {
+ return FOMHelper.getLinks(this, rels);
+ }
public void addLink(Link link) {
addChild((OMElement)link);
Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/util/FOMHelper.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/util/FOMHelper.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/util/FOMHelper.java (original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/util/FOMHelper.java Fri May 25 11:14:20 2007
@@ -17,6 +17,7 @@
*/
package org.apache.abdera.parser.stax.util;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -38,6 +39,15 @@
public static List<Link> getLinks(Element element, String rel) {
Iterator i = new FOMLinkIterator(element, Link.class, REL, rel, Link.REL_ALTERNATE);
return new FOMList<Link>(i);
+ }
+
+ public static List<Link> getLinks(Element element, String... rels) {
+ List<Link> links = new ArrayList<Link>();
+ for (String rel : rels) {
+ List<Link> l = getLinks(element, rel);
+ links.addAll(l);
+ }
+ return links;
}
public static String generateUuid() {
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/SignatureOptions.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/SignatureOptions.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/SignatureOptions.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/SignatureOptions.java Fri May 25 11:14:20 2007
@@ -18,6 +18,7 @@
package org.apache.abdera.security;
import java.security.PrivateKey;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
/**
@@ -49,9 +50,40 @@
* Set the X.509 cert to associate with the signature
*/
void setCertificate(X509Certificate cert);
+
+ /**
+ * Get the public key associated with the signature
+ */
+ PublicKey getPublicKey();
+
+ /**
+ * Set the public key to associate with the signature
+ */
+ void setPublicKey(PublicKey publickey);
void addReference(String href);
String[] getReferences();
+ /**
+ * True if atom:link/@href and atom:content/@src targets should be
+ * included in the signature
+ */
+ void setSignLinks(boolean signlinks);
+
+ /**
+ * True if atom:link/@href and atom:content/@src targets should be
+ * included in the signature
+ */
+ boolean isSignLinks();
+
+ /**
+ * Only sign links whose link rels match those provided in the list
+ */
+ void setSignedLinkRels(String... rel);
+
+ /**
+ * Get the list of link relations to sign
+ */
+ String[] getSignLinkRels();
}
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignature.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignature.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignature.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignature.java Fri May 25 11:14:20 2007
@@ -24,7 +24,11 @@
import java.util.List;
import org.apache.abdera.Abdera;
+import org.apache.abdera.model.Content;
import org.apache.abdera.model.Element;
+import org.apache.abdera.model.Entry;
+import org.apache.abdera.model.Link;
+import org.apache.abdera.model.Source;
import org.apache.abdera.security.SecurityException;
import org.apache.abdera.security.SignatureOptions;
import org.apache.abdera.security.util.Constants;
@@ -65,6 +69,7 @@
org.w3c.dom.Document domdoc = dom.getOwnerDocument();
PrivateKey signingKey = options.getSigningKey();
X509Certificate cert = options.getCertificate();
+ PublicKey pkey = options.getPublicKey();
IRI baseUri = element.getResolvedBaseUri();
XMLSignature sig = new XMLSignature(
domdoc,
@@ -77,7 +82,28 @@
sig.addDocument("", transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
String[] refs = options.getReferences();
for (String ref : refs) sig.addDocument(ref);
- sig.addKeyInfo(cert);
+
+ if (options.isSignLinks()) {
+ String[] rels = options.getSignLinkRels();
+ List<Link> links = null;
+ Content content = null;
+ if (element instanceof Source) {
+ links = (rels == null) ? ((Source)element).getLinks() : ((Source)element).getLinks(rels);
+ } else if (element instanceof Entry) {
+ links = (rels == null) ? ((Entry)element).getLinks() : ((Entry)element).getLinks(rels);
+ content = ((Entry)element).getContentElement();
+ }
+ if (links != null) {
+ for (Link link :links) {
+ sig.addDocument(link.getResolvedHref().toASCIIString());
+ }
+ }
+ if (content != null && content.getResolvedSrc() != null)
+ sig.addDocument(content.getResolvedSrc().toASCIIString());
+ }
+
+ if (cert != null) sig.addKeyInfo(cert);
+ if (pkey != null) sig.addKeyInfo(pkey);
sig.sign(signingKey);
return (T)domToFom(dom, options);
}
@@ -94,23 +120,29 @@
}
private boolean is_valid_signature(
- XMLSignature sig)
+ XMLSignature sig, SignatureOptions options)
throws XMLSignatureException,
XMLSecurityException {
- boolean answer = false;
KeyInfo ki = sig.getKeyInfo();
if (ki != null) {
X509Certificate cert = ki.getX509Certificate();
if (cert != null) {
- answer = sig.checkSignatureValue(cert);
+ return sig.checkSignatureValue(cert);
} else {
PublicKey key = ki.getPublicKey();
if (key != null) {
- answer = sig.checkSignatureValue(key);
+ return sig.checkSignatureValue(key);
}
}
+ } else if (options != null) {
+ PublicKey key = options.getPublicKey();
+ X509Certificate cert = options.getCertificate();
+ if (key != null)
+ return sig.checkSignatureValue(key);
+ if (cert != null)
+ return sig.checkSignatureValue(cert);
}
- return answer;
+ return false;
}
private <T extends Element>X509Certificate[] _getcerts(
@@ -132,7 +164,7 @@
XMLSignature sig =
new XMLSignature(
el, (baseUri != null) ? baseUri.toString() : "");
- if (is_valid_signature(sig)) {
+ if (is_valid_signature(sig,options)) {
KeyInfo ki = sig.getKeyInfo();
if (ki != null) {
X509Certificate cert = ki.getX509Certificate();
@@ -174,7 +206,7 @@
XMLSignature sig =
new XMLSignature(
el, (baseUri != null) ? baseUri.toString() : "");
- answer = is_valid_signature(sig);
+ answer = is_valid_signature(sig, options);
}
}
}
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignatureOptions.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignatureOptions.java?view=diff&rev=541743&r1=541742&r2=541743
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignatureOptions.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/xmlsec/XmlSignatureOptions.java Fri May 25 11:14:20 2007
@@ -18,6 +18,7 @@
package org.apache.abdera.security.xmlsec;
import java.security.PrivateKey;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
@@ -30,7 +31,10 @@
implements SignatureOptions {
private PrivateKey signingKey = null;
+ private PublicKey publickey = null;
private X509Certificate cert = null;
+ private String[] linkrels = null;
+ private boolean signlinks = false;
private List<String> references = null;
private String algo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
@@ -69,6 +73,30 @@
public String[] getReferences() {
return references.toArray(new String[references.size()]);
+ }
+
+ public PublicKey getPublicKey() {
+ return publickey;
+ }
+
+ public void setPublicKey(PublicKey publickey) {
+ this.publickey = publickey;
+ }
+
+ public boolean isSignLinks() {
+ return signlinks;
+ }
+
+ public void setSignLinks(boolean signlinks) {
+ this.signlinks = signlinks;
+ }
+
+ public String[] getSignLinkRels() {
+ return this.linkrels;
+ }
+
+ public void setSignedLinkRels(String... rel) {
+ this.linkrels = rel;
}
}