You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2017/01/19 14:53:46 UTC
svn commit: r1779472 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/resource/
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/output/
test/java/org/apache/xml/security/te...
Author: coheigea
Date: Thu Jan 19 14:53:45 2017
New Revision: 1779472
URL: http://svn.apache.org/viewvc?rev=1779472&view=rev
Log:
SANTUARIO-458 - Add signature configuration options to control generating Id attributes and adding default transformations
- Thanks to Hugo Trippaers for the patch.
- This closes #9
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] Thu Jan 19 14:53:45 2017
@@ -188,4 +188,6 @@ stax.signature.securePartNotFound = Part
stax.multipleSignaturesNotSupported = Mehrere Signaturen werden nicht unterstützt.
stax.signature.keyNameMissing = KeyName nicht konfiguriert.
stax.keyNotFoundForName = Kein Schl\u00fcssel für Schl\u00fcsselname konfiguriert: {0}
-stax.keyTypeNotSupported = Key vom Typ {0} nicht f\u00fcr einen Key-Namenssuche unterst\u00fctzt
\ No newline at end of file
+stax.keyTypeNotSupported = Key vom Typ {0} nicht f\u00fcr einen Key-Namenssuche unterst\u00fctzt
+stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled
+stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] Thu Jan 19 14:53:45 2017
@@ -188,4 +188,6 @@ stax.signature.securePartNotFound = Part
stax.multipleSignaturesNotSupported = Multiple signatures are not supported.
stax.signature.keyNameMissing = KeyName not configured.
stax.keyNotFoundForName = No key configured for KeyName: {0}
-stax.keyTypeNotSupported = Key of type {0} not supported for a KeyName lookup
\ No newline at end of file
+stax.keyTypeNotSupported = Key of type {0} not supported for a KeyName lookup
+stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled
+stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Thu Jan 19 14:53:45 2017
@@ -139,6 +139,14 @@ public class XMLSec {
throw new XMLSecurityConfigurationException("stax.duplicateActions");
}
+ if (!securityProperties.isSignatureGenerateIds() && !securityProperties.getIdAttributeNS().equals(XMLSecurityConstants.ATT_NULL_Id)) {
+ throw new XMLSecurityConfigurationException("stax.idsetbutnotgenerated");
+ }
+
+ if (securityProperties.getSignatureSecureParts() != null && securityProperties.getSignatureSecureParts().size() > 1 && !securityProperties.isSignatureGenerateIds()) {
+ throw new XMLSecurityConfigurationException("stax.idgenerationdisablewithmultipleparts");
+ }
+
for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
if (XMLSecurityConstants.SIGNATURE.equals(action)) {
if (securityProperties.getSignatureAlgorithm() == null) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java Thu Jan 19 14:53:45 2017
@@ -74,6 +74,9 @@ public class XMLSecurityProperties {
private QName idAttributeNS = XMLSecurityConstants.ATT_NULL_Id;
private final Map<String, Key> keyNameMap = new HashMap<String, Key>();
+
+ private boolean signatureGenerateIds = true;
+ private boolean signatureIncludeDigestTransform = true;
public XMLSecurityProperties() {
}
@@ -109,6 +112,8 @@ public class XMLSecurityProperties {
this.signatureKeyName = xmlSecurityProperties.signatureKeyName;
this.encryptionKeyName = xmlSecurityProperties.encryptionKeyName;
this.keyNameMap.putAll(xmlSecurityProperties.keyNameMap);
+ this.signatureGenerateIds = xmlSecurityProperties.signatureGenerateIds;
+ this.signatureIncludeDigestTransform = xmlSecurityProperties.signatureIncludeDigestTransform;
}
public SecurityTokenConstants.KeyIdentifier getSignatureKeyIdentifier() {
@@ -465,4 +470,29 @@ public class XMLSecurityProperties {
keyNameMap.put(keyname, key);
}
+ public boolean isSignatureGenerateIds() {
+ return signatureGenerateIds;
+ }
+
+ /**
+ * specifies if Id attributes should be generated for the document element, the Signature element and KeyInfo structures
+ *
+ * @param signatureGenerateIds set to true (default) to generate Id attributes
+ */
+ public void setSignatureGenerateIds(boolean signatureGenerateIds) {
+ this.signatureGenerateIds = signatureGenerateIds;
+ }
+
+ public boolean isSignatureIncludeDigestTransform() {
+ return signatureIncludeDigestTransform;
+ }
+
+ /**
+ * specifies if the transform set with signatureDigestAlgorithm should be included in the Reference/Transforms
+ * list
+ * @param signatureIncludeDigestTransform set to true (default) to include the transform in the list
+ */
+ public void setSignatureIncludeDigestTransform(boolean signatureIncludeDigestTransform) {
+ this.signatureIncludeDigestTransform = signatureIncludeDigestTransform;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Thu Jan 19 14:53:45 2017
@@ -104,7 +104,13 @@ public abstract class AbstractSignatureE
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
+ if (securityProperties.isSignatureGenerateIds()) {
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
+ } else {
+ attributes = Collections.emptyList();
+ }
+
XMLSecStartElement signatureElement = createStartElementAndOutputAsEvent(subOutputProcessorChain,
XMLSecurityConstants.TAG_dsig_Signature, true, attributes);
@@ -168,10 +174,14 @@ public abstract class AbstractSignatureE
String uriString;
if (signaturePartDef.isExternalResource()) {
uriString = signaturePartDef.getSigRefId();
- } else if (signaturePartDef.isGenerateXPointer()) {
- uriString = "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))";
+ } else if (signaturePartDef.getSigRefId() != null) {
+ if (signaturePartDef.isGenerateXPointer()) {
+ uriString = "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))";
+ } else {
+ uriString = "#" + signaturePartDef.getSigRefId();
+ }
} else {
- uriString = "#" + signaturePartDef.getSigRefId();
+ uriString = "";
}
attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, uriString));
@@ -196,8 +206,13 @@ public abstract class AbstractSignatureE
createCharactersAndOutputAsEvent(subOutputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(signatureValue));
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue);
- attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
+ if (securityProperties.isSignatureGenerateIds()) {
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
+ } else {
+ attributes = Collections.emptyList();
+ }
+
if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(
getSecurityProperties().getSignatureKeyIdentifier())) {
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, attributes);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Thu Jan 19 14:53:45 2017
@@ -38,6 +38,8 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
+import static org.apache.xml.security.stax.ext.XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE;
+
/**
* An EndingOutputProcessor for XML Signature.
*/
@@ -163,6 +165,10 @@ public class XMLSignatureEndingOutputPro
for (int i = 0; i < transforms.length; i++) {
String transform = transforms[i];
+ if (!shouldIncludeTransform(transform)) {
+ continue;
+ }
+
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, transform));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
@@ -179,4 +185,14 @@ public class XMLSignatureEndingOutputPro
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
}
}
+
+ private boolean shouldIncludeTransform(String transform) {
+ boolean include = true;
+
+ if (!securityProperties.isSignatureIncludeDigestTransform() &&
+ !transform.equals(NS_XMLDSIG_ENVELOPED_SIGNATURE)) {
+ include = false;
+ }
+ return include;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java Thu Jan 19 14:53:45 2017
@@ -82,20 +82,22 @@ public class XMLSignatureOutputProcessor
signaturePartDef.setDigestAlgo(getSecurityProperties().getSignatureDigestAlgorithm());
}
- if (securePart.getIdToSign() == null) {
- signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
- signaturePartDef.setSigRefId(IDGenerator.generateID(null));
+ if (securityProperties.isSignatureGenerateIds()) {
+ if (securePart.getIdToSign() == null) {
+ signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
+ signaturePartDef.setSigRefId(IDGenerator.generateID(null));
- Attribute attribute = xmlSecStartElement.getAttributeByName(securityProperties.getIdAttributeNS());
- if (attribute != null) {
- signaturePartDef.setSigRefId(attribute.getValue());
+ Attribute attribute = xmlSecStartElement.getAttributeByName(securityProperties.getIdAttributeNS());
+ if (attribute != null) {
+ signaturePartDef.setSigRefId(attribute.getValue());
+ } else {
+ List<XMLSecAttribute> attributeList = new ArrayList<XMLSecAttribute>(1);
+ attributeList.add(createAttribute(securityProperties.getIdAttributeNS(), signaturePartDef.getSigRefId()));
+ xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
+ }
} else {
- List<XMLSecAttribute> attributeList = new ArrayList<XMLSecAttribute>(1);
- attributeList.add(createAttribute(securityProperties.getIdAttributeNS(), signaturePartDef.getSigRefId()));
- xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
+ signaturePartDef.setSigRefId(securePart.getIdToSign());
}
- } else {
- signaturePartDef.setSigRefId(securePart.getIdToSign());
}
getSignaturePartDefList().add(signaturePartDef);
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java Thu Jan 19 14:53:45 2017
@@ -30,9 +30,12 @@ import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.test.dom.DSNamespaceContext;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
+import org.apache.xml.security.utils.resolver.ResourceResolverContext;
+import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.junit.Assert;
import org.junit.Before;
@@ -97,9 +100,7 @@ public class AbstractSignatureCreationTe
boolean keyInfoRequired,
String idAttributeNS
) throws Exception {
- XPathFactory xpf = XPathFactory.newInstance();
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DSNamespaceContext());
+ XPath xpath = getxPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -137,9 +138,7 @@ public class AbstractSignatureCreationTe
Key key,
List<SecurePart> secureParts
) throws Exception {
- XPathFactory xpf = XPathFactory.newInstance();
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DSNamespaceContext());
+ XPath xpath = getxPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -157,4 +156,86 @@ public class AbstractSignatureCreationTe
XMLSignature signature = new XMLSignature(sigElement, "");
Assert.assertTrue(signature.checkSignatureValue(key));
}
+
+ protected void verifyUsingDOMWihtoutId(
+ Document document,
+ Key key,
+ List<SecurePart> secureParts
+ ) throws Exception {
+ XPath xpath = getxPath();
+
+ String expression = "//dsig:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+ Assert.assertEquals("", sigElement.getAttribute("Id"));
+
+ assertEquals("Without Id there can only be one secure part", 1, secureParts.size());
+ expression = "//*[local-name()='" + secureParts.get(0).getName().getLocalPart() + "']";
+ Element signedElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(signedElement);
+ Assert.assertEquals("", signedElement.getAttribute("Id"));
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+
+ // We need a special resolver for the empty URI
+ signature.addResourceResolver(new EmptyURIResourceResolverSpi(signedElement));
+
+ Assert.assertTrue(signature.checkSignatureValue(key));
+ }
+
+ protected void verifyUsingDOMWihtoutIdAndDefaultTransform (
+ Document document,
+ Key key,
+ List<SecurePart> secureParts
+ ) throws Exception {
+ XPath xpath = getxPath();
+
+ String expression = "//dsig:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+ Assert.assertEquals("", sigElement.getAttribute("Id"));
+
+ assertEquals("Without Id there can only be one secure part", 1, secureParts.size());
+ //assertNull(secureParts.get(0).getName());
+
+ Element signedElement = document.getDocumentElement();
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+
+ // We need a special resolver for the empty URI
+ signature.addResourceResolver(new EmptyURIResourceResolverSpi(signedElement));
+
+ Assert.assertTrue(signature.checkSignatureValue(key));
+ }
+
+ private XPath getxPath() {
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+ return xpath;
+ }
+
+ private static class EmptyURIResourceResolverSpi extends ResourceResolverSpi {
+ private final Element signedElement;
+
+ public EmptyURIResourceResolverSpi(Element signedElement) {
+ this.signedElement = signedElement;
+ }
+
+ @Override
+ public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
+ if (!context.uriToResolve.isEmpty()) {
+ throw new ResourceResolverException("This resolved can only handle empty URIs", context.uriToResolve, context.baseUri);
+ }
+ return new XMLSignatureInput(signedElement);
+ }
+
+ @Override
+ public boolean engineCanResolveURI(ResourceResolverContext context) {
+ return context.uriToResolve.isEmpty();
+ }
+ }
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1779472&r1=1779471&r2=1779472&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Thu Jan 19 14:53:45 2017
@@ -52,6 +52,9 @@ import java.security.cert.X509Certificat
import java.util.ArrayList;
import java.util.List;
+import static org.apache.xml.security.stax.ext.XMLSecurityConstants.NS_C14N_EXCL;
+import static org.apache.xml.security.stax.ext.XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE;
+
/**
* A set of test-cases for Signature creation.
*/
@@ -852,7 +855,7 @@ public class SignatureCreationTest exten
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
Element element = (Element)nodeList.item(0);
- Assert.assertEquals(XMLSecurityConstants.NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
+ Assert.assertEquals(NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_Transform.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_Transform.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -920,12 +923,12 @@ public class SignatureCreationTest exten
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
Element element = (Element)nodeList.item(0);
- Assert.assertEquals(XMLSecurityConstants.NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
+ Assert.assertEquals(NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_Transform.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_Transform.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
element = (Element)nodeList.item(0);
- Assert.assertEquals(XMLSecurityConstants.NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
+ Assert.assertEquals(NS_C14N_EXCL, element.getAttribute(XMLSecurityConstants.ATT_NULL_Algorithm.getLocalPart()));
nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_SignatureMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_SignatureMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -1007,7 +1010,7 @@ public class SignatureCreationTest exten
X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
properties.setSignatureCerts(new X509Certificate[]{cert});
- properties.setSignatureCanonicalizationAlgorithm(XMLSecurityConstants.NS_C14N_EXCL);
+ properties.setSignatureCanonicalizationAlgorithm(NS_C14N_EXCL);
properties.setAddExcC14NInclusivePrefixes(true);
SecurePart securePart =
@@ -1381,4 +1384,109 @@ public class SignatureCreationTest exten
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
}
+
+ @Test
+ public void testSignatureCreationWithoutId() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+ properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_KeyName);
+ properties.setSignatureGenerateIds(false);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ properties.setSignatureKey(key);
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setSignatureCerts(new X509Certificate[]{cert});
+ properties.setSignatureKeyName(cert.getIssuerDN().getName());
+
+ SecurePart securePart =
+ new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Content);
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ //System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_KeyName.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_KeyName.getLocalPart());
+ assertEquals(1, nodeList.getLength());
+ assertEquals(cert.getIssuerDN().getName(), nodeList.item(0).getFirstChild().getTextContent());
+
+ // Verify using DOM
+ verifyUsingDOMWihtoutId(document, cert.getPublicKey(), properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testSignatureCreationWithoutOmittedDefaultTransform() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+ properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_KeyName);
+ properties.setSignatureGenerateIds(false);
+ properties.setSignatureIncludeDigestTransform(false);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ properties.setSignatureKey(key);
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setSignatureCerts(new X509Certificate[]{cert});
+ properties.setSignatureKeyName(cert.getIssuerDN().getName());
+
+ SecurePart securePart =
+ new SecurePart(null, SecurePart.Modifier.Element, new String[]{
+ NS_XMLDSIG_ENVELOPED_SIGNATURE,
+ NS_C14N_EXCL
+ }, "http://www.w3.org/2000/09/xmldsig#sha1");
+ securePart.setSecureEntireRequest(true);
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ //System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_KeyName.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_KeyName.getLocalPart());
+ assertEquals(1, nodeList.getLength());
+ assertEquals(cert.getIssuerDN().getName(), nodeList.item(0).getFirstChild().getTextContent());
+
+ // Verify using DOM
+ verifyUsingDOMWihtoutIdAndDefaultTransform(document, cert.getPublicKey(), properties.getSignatureSecureParts());
+ }
}