You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/22 21:48:05 UTC
svn commit: r1364413 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/
main/java/org/apache/xml/security/stax/impl/processor/output/
main/java/org/apache/xml/security/s...
Author: giger
Date: Sun Jul 22 19:48:04 2012
New Revision: 1364413
URL: http://svn.apache.org/viewvc?rev=1364413&view=rev
Log:
support enveloped signature SANTUARIO-320
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java (with props)
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java Sun Jul 22 19:48:04 2012
@@ -64,15 +64,15 @@ public class SecurePart {
private String idToSign;
private String idToReference;
private String externalReference;
- private String c14nMethod = XMLSecurityConstants.NS_C14N_EXCL;
+ private String[] transforms = new String[]{XMLSecurityConstants.NS_C14N_EXCL};
private String digestMethod = XMLSecurityConstants.NS_XMLDSIG_SHA1;
public SecurePart(QName name, Modifier modifier) {
this(name, false, modifier);
}
- public SecurePart(QName name, Modifier modifier, String c14nMethod, String digestMethod) {
- this(name, false, modifier, c14nMethod, digestMethod);
+ public SecurePart(QName name, Modifier modifier, String[] transforms, String digestMethod) {
+ this(name, false, modifier, transforms, digestMethod);
}
public SecurePart(QName name, boolean generateXPointer, Modifier modifier) {
@@ -81,11 +81,11 @@ public class SecurePart {
this.modifier = modifier;
}
- public SecurePart(QName name, boolean generateXPointer, Modifier modifier, String c14nMethod, String digestMethod) {
+ public SecurePart(QName name, boolean generateXPointer, Modifier modifier, String[] transforms, String digestMethod) {
this.name = name;
this.generateXPointer = generateXPointer;
this.modifier = modifier;
- this.c14nMethod = c14nMethod;
+ this.transforms = transforms;
this.digestMethod = digestMethod;
}
@@ -100,9 +100,9 @@ public class SecurePart {
this.externalReference = externalReference;
}
- public SecurePart(String externalReference, String c14nMethod, String digestMethod) {
+ public SecurePart(String externalReference, String[] transforms, String digestMethod) {
this.externalReference = externalReference;
- this.c14nMethod = c14nMethod;
+ this.transforms = transforms;
this.digestMethod = digestMethod;
}
@@ -164,12 +164,12 @@ public class SecurePart {
this.externalReference = externalReference;
}
- public String getC14nMethod() {
- return c14nMethod;
+ public String[] getTransforms() {
+ return transforms;
}
- public void setC14nMethod(String c14nMethod) {
- this.c14nMethod = c14nMethod;
+ public void setTransforms(String[] transforms) {
+ this.transforms = transforms;
}
public String getDigestMethod() {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/SignaturePartDef.java Sun Jul 22 19:48:04 2012
@@ -28,8 +28,7 @@ public class SignaturePartDef {
private String sigRefId;
private String digestValue;
- private String transformAlgo;
- private String c14nAlgo;
+ private String[] transforms;
private String digestAlgo;
private String inclusiveNamespaces;
private boolean externalResource;
@@ -51,20 +50,12 @@ public class SignaturePartDef {
this.digestValue = digestValue;
}
- public String getTransformAlgo() {
- return transformAlgo;
+ public String[] getTransforms() {
+ return transforms;
}
- public void setTransformAlgo(String transformAlgo) {
- this.transformAlgo = transformAlgo;
- }
-
- public String getC14nAlgo() {
- return c14nAlgo;
- }
-
- public void setC14nAlgo(String c14nAlgo) {
- this.c14nAlgo = c14nAlgo;
+ public void setTransforms(String[] transforms) {
+ this.transforms = transforms;
}
public String getDigestAlgo() {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java Sun Jul 22 19:48:04 2012
@@ -27,6 +27,7 @@ import org.apache.xml.security.stax.conf
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.SignaturePartDef;
+import org.apache.xml.security.stax.impl.transformer.TransformIdentity;
import org.apache.xml.security.stax.impl.util.DigestOutputStream;
import org.xmlsecurity.ns.configuration.AlgorithmType;
@@ -107,7 +108,7 @@ public abstract class AbstractSignatureO
signaturePartDef.setSigRefId(externalReference);
signaturePartDef.setDigestValue(calculatedDigest);
signaturePartDef.setExternalResource(true);
- signaturePartDef.setC14nAlgo(securePart.getC14nMethod());
+ signaturePartDef.setTransforms(securePart.getTransforms());
String digestMethod = securePart.getDigestMethod();
if (digestMethod == null) {
digestMethod = getSecurityProperties().getSignatureDigestAlgorithm();
@@ -166,16 +167,7 @@ public abstract class AbstractSignatureO
try {
this.digestOutputStream = createMessageDigestOutputStream(signaturePartDef.getDigestAlgo());
this.bufferedDigestOutputStream = new BufferedOutputStream(digestOutputStream);
-
- if (signaturePartDef.getTransformAlgo() != null) {
- List<String> inclusiveNamespaces = new ArrayList<String>(1);
- inclusiveNamespaces.add("#default");
- Transformer transformer = XMLSecurityUtils.getTransformer(inclusiveNamespaces,
- this.bufferedDigestOutputStream, signaturePartDef.getC14nAlgo(), XMLSecurityConstants.DIRECTION.OUT);
- this.transformer = XMLSecurityUtils.getTransformer(transformer, null, signaturePartDef.getTransformAlgo(), XMLSecurityConstants.DIRECTION.OUT);
- } else {
- transformer = XMLSecurityUtils.getTransformer(null, this.bufferedDigestOutputStream, signaturePartDef.getC14nAlgo(), XMLSecurityConstants.DIRECTION.OUT);
- }
+ this.transformer = buildTransformerChain(this.bufferedDigestOutputStream, signaturePartDef.getTransforms());
} catch (NoSuchMethodException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
} catch (InstantiationException e) {
@@ -193,6 +185,31 @@ public abstract class AbstractSignatureO
super.init(outputProcessorChain);
}
+ protected Transformer buildTransformerChain(OutputStream outputStream, String[] transforms)
+ throws XMLSecurityException, NoSuchMethodException, InstantiationException,
+ IllegalAccessException, InvocationTargetException {
+
+ if (transforms == null || transforms.length == 0) {
+ Transformer transformer = new TransformIdentity();
+ transformer.setOutputStream(outputStream);
+ return transformer;
+ }
+
+ Transformer parentTransformer = null;
+ for (int i = transforms.length - 1; i >= 0; i--) {
+ String transform = transforms[i];
+
+ if (parentTransformer != null) {
+ parentTransformer = XMLSecurityUtils.getTransformer(
+ parentTransformer, null, transform, XMLSecurityConstants.DIRECTION.OUT);
+ } else {
+ parentTransformer = XMLSecurityUtils.getTransformer(
+ null, outputStream, transform, XMLSecurityConstants.DIRECTION.OUT);
+ }
+ }
+ return parentTransformer;
+ }
+
@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Sun Jul 22 19:48:04 2012
@@ -110,19 +110,18 @@ public class XMLSignatureEndingOutputPro
@Override
protected void createTransformsStructureForSignature(OutputProcessorChain subOutputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
- if (signaturePartDef.getTransformAlgo() != null) {
+ if (signaturePartDef.getTransforms() != null) {
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, null);
- List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getTransformAlgo()));
- createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
- createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
- createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
- } else if (signaturePartDef.getC14nAlgo() != null) {
- createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, null);
- List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getC14nAlgo()));
- createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
- createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
+
+ String[] transforms = signaturePartDef.getTransforms();
+ for (int i = 0; i < transforms.length; i++) {
+ String transform = transforms[i];
+
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, transform));
+ createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, attributes);
+ createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
+ }
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java Sun Jul 22 19:48:04 2012
@@ -73,7 +73,7 @@ public class XMLSignatureOutputProcessor
InternalSignatureOutputProcessor internalSignatureOutputProcessor = null;
try {
SignaturePartDef signaturePartDef = new SignaturePartDef();
- signaturePartDef.setC14nAlgo(securePart.getC14nMethod());
+ signaturePartDef.setTransforms(securePart.getTransforms());
String digestMethod = securePart.getDigestMethod();
if (digestMethod == null) {
digestMethod = getSecurityProperties().getSignatureDigestAlgorithm();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/resourceResolvers/ResolverSameDocument.java Sun Jul 22 19:48:04 2012
@@ -33,6 +33,7 @@ import java.io.InputStream;
public class ResolverSameDocument implements ResourceResolver, ResourceResolverLookup {
private String id;
+ private boolean firstElementOccured = false;
public ResolverSameDocument() {
}
@@ -47,7 +48,7 @@ public class ResolverSameDocument implem
@Override
public ResourceResolverLookup canResolve(String uri) {
- if (uri != null && uri.charAt(0) == '#') {
+ if (uri != null && (uri.isEmpty() || uri.charAt(0) == '#')) {
if (uri.startsWith("#xpointer")) {
return null;
}
@@ -68,9 +69,17 @@ public class ResolverSameDocument implem
@Override
public boolean matches(XMLSecStartElement xmlSecStartElement) {
- Attribute attribute = xmlSecStartElement.getAttributeByName(XMLSecurityConstants.ATT_NULL_Id);
- if (attribute != null && attribute.getValue().equals(id)) {
+ if (id.isEmpty()) {
+ if (firstElementOccured) {
+ return false;
+ }
+ firstElementOccured = true;
return true;
+ } else {
+ Attribute attribute = xmlSecStartElement.getAttributeByName(XMLSecurityConstants.ATT_NULL_Id);
+ if (attribute != null && attribute.getValue().equals(id)) {
+ return true;
+ }
}
return false;
}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java?rev=1364413&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java Sun Jul 22 19:48:04 2012
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.transformer;
+
+import org.apache.xml.security.stax.ext.Transformer;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+
+import javax.xml.stream.XMLEventWriter;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamConstants;
+import javax.xml.stream.XMLStreamException;
+import java.io.OutputStream;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class TransformEnvelopedSignature implements Transformer {
+
+ private static final XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance();
+ private XMLEventWriter xmlEventWriter;
+ private Transformer transformer;
+ private int curLevel = 0;
+ private int sigElementLevel = -1;
+
+ @Override
+ public void setOutputStream(OutputStream outputStream) throws XMLSecurityException {
+ try {
+ xmlEventWriter = xmlOutputFactory.createXMLEventWriter(outputStream);
+ } catch (XMLStreamException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+
+ @Override
+ public void setList(List list) throws XMLSecurityException {
+ }
+
+ @Override
+ public void setTransformer(Transformer transformer) throws XMLSecurityException {
+ this.transformer = transformer;
+ }
+
+ @Override
+ public void transform(XMLSecEvent xmlSecEvent) throws XMLStreamException {
+ switch (xmlSecEvent.getEventType()) {
+ case XMLStreamConstants.START_ELEMENT:
+ curLevel++;
+ XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
+ if (XMLSecurityConstants.TAG_dsig_Signature.equals(xmlSecStartElement.getName())) {
+ sigElementLevel = curLevel;
+ return;
+ }
+ break;
+ case XMLStreamConstants.END_ELEMENT:
+ XMLSecEndElement xmlSecEndElement = xmlSecEvent.asEndElement();
+ if (sigElementLevel == curLevel && XMLSecurityConstants.TAG_dsig_Signature.equals(xmlSecEndElement.getName())) {
+ sigElementLevel = -1;
+ return;
+ }
+ curLevel--;
+ }
+ if (sigElementLevel == -1) {
+ if (xmlEventWriter != null) {
+ xmlEventWriter.add(xmlSecEvent);
+ } else if (transformer != null) {
+ transformer.transform(xmlSecEvent);
+ }
+ }
+ }
+
+ @Override
+ public void doFinal() throws XMLStreamException {
+ if (xmlEventWriter != null) {
+ xmlEventWriter.close();
+ }
+ if (transformer != null) {
+ transformer.doFinal();
+ }
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformEnvelopedSignature.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java?rev=1364413&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java Sun Jul 22 19:48:04 2012
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.transformer;
+
+import org.apache.xml.security.stax.ext.Transformer;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+
+import javax.xml.stream.XMLEventWriter;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import java.io.OutputStream;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class TransformIdentity implements Transformer {
+
+ private static final XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance();
+ private XMLEventWriter xmlEventWriter;
+ private Transformer transformer;
+
+ @Override
+ public void setOutputStream(OutputStream outputStream) throws XMLSecurityException {
+ try {
+ xmlEventWriter = xmlOutputFactory.createXMLEventWriter(outputStream);
+ } catch (XMLStreamException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+
+ @Override
+ public void setList(List list) throws XMLSecurityException {
+ }
+
+ @Override
+ public void setTransformer(Transformer transformer) throws XMLSecurityException {
+ this.transformer = transformer;
+ }
+
+ @Override
+ public void transform(XMLSecEvent xmlSecEvent) throws XMLStreamException {
+ if (xmlEventWriter != null) {
+ xmlEventWriter.add(xmlSecEvent);
+ } else if (transformer != null) {
+ transformer.transform(xmlSecEvent);
+ }
+ }
+
+ @Override
+ public void doFinal() throws XMLStreamException {
+ if (xmlEventWriter != null) {
+ xmlEventWriter.close();
+ }
+ if (transformer != null) {
+ transformer.doFinal();
+ }
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java Sun Jul 22 19:48:04 2012
@@ -604,7 +604,7 @@ public abstract class CanonicalizerBase
if (list.isEmpty()) {
continue;
}
- final int idx = list.indexOf(o);
+ final int idx = list.lastIndexOf(o);
if (idx != -1) {
return list.get(idx);
}
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Sun Jul 22 19:48:04 2012
@@ -33,8 +33,10 @@
<TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"
JAVACLASS="org.apache.xml.security.stax.impl.transformer.TransformBase64Decode" />
- <!-- XPath transform -->
- <!-- enveloped signature -->
+ <!-- enveloped signature -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+ JAVACLASS="org.apache.xml.security.stax.impl.transformer.TransformEnvelopedSignature" />
+ <!-- XPath transform -->
<!-- XSLT -->
<!-- XPath version 2 -->
<!-- XPath version 2b -->
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java Sun Jul 22 19:48:04 2012
@@ -195,24 +195,27 @@ public class AbstractSignatureVerificati
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
- if (additionalReferences != null) {
- for (int i = 0; i < additionalReferences.size(); i++) {
- ReferenceInfo referenceInfo = additionalReferences.get(i);
- if (referenceInfo.isBinary()) {
- sig.addDocument(referenceInfo.getResource(), null, referenceInfo.getDigestMethod());
- } else {
- Transforms transforms = new Transforms(document);
- transforms.addTransform(referenceInfo.getC14NMethod());
- sig.addDocument(referenceInfo.getResource(), transforms, referenceInfo.getDigestMethod());
- }
- }
- }
-
Transforms transforms = new Transforms(document);
transforms.addTransform(referenceC14NMethod);
sig.addDocument("#" + id, transforms, digestMethod);
}
+ if (additionalReferences != null) {
+ for (int i = 0; i < additionalReferences.size(); i++) {
+ ReferenceInfo referenceInfo = additionalReferences.get(i);
+ if (referenceInfo.isBinary()) {
+ sig.addDocument(referenceInfo.getResource(), null, referenceInfo.getDigestMethod());
+ } else {
+ Transforms transforms = new Transforms(document);
+ for (int j = 0; j < referenceInfo.getC14NMethod().length; j++) {
+ String transform = referenceInfo.getC14NMethod()[j];
+ transforms.addTransform(transform);
+ }
+ sig.addDocument(referenceInfo.getResource(), transforms, referenceInfo.getDigestMethod());
+ }
+ }
+ }
+
sig.sign(signingKey);
String expression = "//ds:Signature[1]";
@@ -355,11 +358,11 @@ public class AbstractSignatureVerificati
class ReferenceInfo {
private String resource;
- private String c14NMethod;
+ private String[] c14NMethod;
private String digestMethod;
private boolean binary;
- ReferenceInfo(String resource, String c14NMethod, String digestMethod, boolean binary) {
+ ReferenceInfo(String resource, String[] c14NMethod, String digestMethod, boolean binary) {
this.resource = resource;
this.c14NMethod = c14NMethod;
this.digestMethod = digestMethod;
@@ -374,11 +377,11 @@ public class AbstractSignatureVerificati
this.resource = resource;
}
- public String getC14NMethod() {
+ public String[] getC14NMethod() {
return c14NMethod;
}
- public void setC14NMethod(String c14NMethod) {
+ public void setC14NMethod(String[] c14NMethod) {
this.c14NMethod = c14NMethod;
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java Sun Jul 22 19:48:04 2012
@@ -193,7 +193,6 @@ public class BaltimoreTest extends org.j
// See SANTUARIO-320
@Test
- @Ignore
public void test_fifteen_enveloped_dsa() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
@@ -460,7 +459,6 @@ public class BaltimoreTest extends org.j
// See SANTUARIO-320
@Test
- @Ignore
public void test_twenty_three_enveloped_dsa() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java Sun Jul 22 19:48:04 2012
@@ -308,7 +308,6 @@ public class IAIKTest extends org.junit.
// See SANTUARIO-320
@Test
- @Ignore
public void test_transforms_signatures_envelopedSignatureSignature() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java Sun Jul 22 19:48:04 2012
@@ -116,7 +116,6 @@ public class RSASecurityTest extends Abs
// See SANTUARIO-320
@Test
- @Ignore
public void test_enveloped() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java Sun Jul 22 19:48:04 2012
@@ -229,10 +229,4 @@ public class SignatureCreationReferenceU
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
}
-
- @Test
- @Ignore
- public void testSignatureVerificationWithSameDocumentXPointerSlashReference() throws Exception {
- //todo complete testcase when we support enveloped signatures
- }
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Sun Jul 22 19:48:04 2012
@@ -98,6 +98,68 @@ public class SignatureCreationTest exten
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
}
+
+ @Test
+ public void testEnvelopedSignatureCreation() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ XMLSecurityConstants.Action[] actions =
+ new XMLSecurityConstants.Action[]{XMLSecurityConstants.SIGNATURE};
+ properties.setOutAction(actions);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ properties.setSignatureKey(key);
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setSignatureCerts(new X509Certificate[]{cert});
+
+ SecurePart securePart =
+ new SecurePart(
+ new QName("urn:example:po", "PurchaseOrder"),
+ SecurePart.Modifier.Content,
+ new String[]{
+ "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ },
+ "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ //first child element must be the dsig:Signature @see SANTUARIO-324:
+ NodeList nodeList = document.getDocumentElement().getChildNodes();
+ for (int i = 0; i < nodeList.getLength(); i++) {
+ Node child = nodeList.item(i);
+ if (child.getNodeType() == Node.ELEMENT_NODE) {
+ Element element = (Element)child;
+ Assert.assertEquals(element.getLocalName(), "Signature");
+ break;
+ }
+ }
+
+ // Verify using DOM
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
+ }
@Test
public void testMultipleElements() throws Exception {
@@ -400,7 +462,7 @@ public class SignatureCreationTest exten
SecurePart securePart = new SecurePart(
new QName("urn:example:po", "PaymentInfo"),
SecurePart.Modifier.Content,
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+ new String[]{"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"},
"http://www.w3.org/2000/09/xmldsig#sha1");
properties.addSignaturePart(securePart);
@@ -466,7 +528,7 @@ public class SignatureCreationTest exten
SecurePart securePart = new SecurePart(
new QName("urn:example:po", "PaymentInfo"),
SecurePart.Modifier.Content,
- "http://www.w3.org/2001/10/xml-exc-c14n#",
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
"http://www.w3.org/2001/04/xmlenc#sha256");
properties.addSignaturePart(securePart);
@@ -753,7 +815,9 @@ public class SignatureCreationTest exten
SecurePart securePart =
new SecurePart(new QName("urn:example:po", "PaymentInfo"),
- SecurePart.Modifier.Content, "http://www.w3.org/2000/09/xmldsig#base64", "http://www.w3.org/2000/09/xmldsig#sha1");
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2000/09/xmldsig#base64"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
properties.addSignaturePart(securePart);
OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java?rev=1364413&r1=1364412&r2=1364413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java Sun Jul 22 19:48:04 2012
@@ -81,7 +81,7 @@ public class SignatureVerificationRefere
ReferenceInfo referenceInfo = new ReferenceInfo(
"file://" + BASEDIR + "/src/test/resources/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml",
- "http://www.w3.org/2001/10/xml-exc-c14n#",
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
"http://www.w3.org/2000/09/xmldsig#sha1",
false
);
@@ -281,7 +281,7 @@ public class SignatureVerificationRefere
ReferenceInfo referenceInfo = new ReferenceInfo(
"#xpointer(id('" + id + "'))",
- "http://www.w3.org/2001/10/xml-exc-c14n#",
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
"http://www.w3.org/2000/09/xmldsig#sha1",
false
);
@@ -352,7 +352,7 @@ public class SignatureVerificationRefere
ReferenceInfo referenceInfo = new ReferenceInfo(
"#xpointer(id(\"" + id + "\"))",
- "http://www.w3.org/2001/10/xml-exc-c14n#",
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
"http://www.w3.org/2000/09/xmldsig#sha1",
false
);
@@ -389,16 +389,65 @@ public class SignatureVerificationRefere
@Test
public void testSignatureVerificationWithSameDocumentXPointerSlashReference() throws Exception {
- //todo complete testcase when we support enveloped signatures
- //ATM we just test if the ResolverXPointer matches /
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
+ Document document = builder.parse(sourceDocument);
- ResourceResolver resourceResolver = ResourceResolverMapper.getResourceResolver("#xpointer(/)");
- Assert.assertNotNull(resourceResolver);
- Assert.assertTrue(resourceResolver instanceof ResolverXPointer);
+ // Set up the Key
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
- //only the first call to matches must return true:
- Assert.assertTrue(resourceResolver.matches(null));
- Assert.assertFalse(resourceResolver.matches(null));
- Assert.assertFalse(resourceResolver.matches(null));
+ ReferenceInfo referenceInfo = new ReferenceInfo(
+ "#xpointer(/)",
+ new String[]{
+ "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ },
+ "http://www.w3.org/2000/09/xmldsig#sha1",
+ false
+ );
+
+ List<ReferenceInfo> referenceInfos = new ArrayList<ReferenceInfo>();
+ referenceInfos.add(referenceInfo);
+
+ XMLSignature sig = signUsingDOM(
+ "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
+ document,
+ localNames,
+ key,
+ referenceInfos
+ );
+
+ // Add KeyInfo
+ sig.addKeyInfo(cert);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+
+ //System.out.println(baos.toString());
+
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(cert.getPublicKey());
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
+
+ StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), securityStreamReader);
}
}