You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by hu...@apache.org on 2022/09/01 14:12:52 UTC
[santuario-xml-security-java] 01/01: SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit eee3340d310c0c69f79334b7ab2382ecf0264cae
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Thu Sep 1 14:42:02 2022 +0100
SANTUARIO-593 - Remove here() function support from Apache Santuario (#71)
* SANTUARIO-593 - Remove here() function support from Apache Santuario
* Adding Baltimore23XalanTest
---
pom.xml | 3 +-
.../transforms/implementations/TransformXPath.java | 7 +-
.../implementations/TransformXPath2Filter.java | 7 +-
.../apache/xml/security/utils/XPathFactory.java | 32 +-
.../xml/crypto/test/dsig/Baltimore23Test.java | 27 -
.../xml/crypto/test/dsig/Baltimore23XalanTest.java | 99 +++
.../xml/crypto/test/dsig/PhaosXMLDSig3Test.java | 8 -
.../crypto/test/dsig/PhaosXMLDSig3XalanTest.java | 78 +++
.../security/test/dom/interop/BaltimoreTest.java | 56 --
.../test/dom/interop/BaltimoreXalanTest.java | 132 ++++
.../test/dom/signature/CreateSignatureTest.java | 60 --
.../dom/signature/CreateSignatureXalanTest.java | 209 +++++++
.../xml/security/test/dom/xalan}/FuncHere.java | 8 +-
.../security/test/dom/xalan/TransformXPath.java} | 16 +-
.../test/dom/xalan/TransformXPath2Filter.java} | 17 +-
.../security/test/dom/xalan}/XalanXPathAPI.java | 19 +-
.../test/dom/xalan}/XalanXPathFactory.java | 5 +-
src/test/resources/config-xalan.xml | 682 +++++++++++++++++++++
18 files changed, 1242 insertions(+), 223 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0789aaf0..5635cfed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -627,8 +627,7 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
- <scope>provided</scope>
- <optional>true</optional>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
index c70a4a57..8b1c140f 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
@@ -29,10 +29,7 @@ import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.TransformSpi;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.XPathAPI;
-import org.apache.xml.security.utils.XPathFactory;
+import org.apache.xml.security.utils.*;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -108,7 +105,7 @@ public class TransformXPath extends TransformSpi {
}
protected XPathFactory getXPathFactory() {
- return XPathFactory.newInstance();
+ return new JDKXPathFactory();
}
/**
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
index f6669441..8ea2c784 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
@@ -34,6 +34,7 @@ import org.apache.xml.security.transforms.TransformSpi;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.JDKXPathFactory;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.XPathAPI;
import org.apache.xml.security.utils.XPathFactory;
@@ -90,7 +91,7 @@ public class TransformXPath2Filter extends TransformSpi {
inputDoc = XMLUtils.getOwnerDocument(input.getNodeSet());
}
- XPathFactory xpathFactory = XPathFactory.newInstance();
+ XPathFactory xpathFactory = getXPathFactory();
for (int i = 0; i < xpathElements.length; i++) {
Element xpathElement = xpathElements[i];
@@ -126,6 +127,10 @@ public class TransformXPath2Filter extends TransformSpi {
throw new TransformationException(ex);
}
}
+
+ protected XPathFactory getXPathFactory() {
+ return new JDKXPathFactory();
+ }
}
class XPath2NodeFilter implements NodeFilter {
diff --git a/src/main/java/org/apache/xml/security/utils/XPathFactory.java b/src/main/java/org/apache/xml/security/utils/XPathFactory.java
index ebd1504a..dc765e31 100644
--- a/src/main/java/org/apache/xml/security/utils/XPathFactory.java
+++ b/src/main/java/org/apache/xml/security/utils/XPathFactory.java
@@ -20,40 +20,10 @@ package org.apache.xml.security.utils;
/**
- * A Factory to return an XPathAPI instance. If Xalan is available it returns XalanXPathAPI. If not, then
- * it returns JDKXPathAPI.
+ * A Factory to return an XPathAPI instance.
*/
public abstract class XPathFactory {
- private static final boolean xalanInstalled;
-
- static {
- boolean installed = false;
- try {
- Class<?> funcTableClass =
- ClassLoaderUtils.loadClass("org.apache.xpath.compiler.FunctionTable", XPathFactory.class);
- if (funcTableClass != null) {
- installed = true;
- }
- } catch (Exception e) { //NOPMD
- //ignore
- }
- xalanInstalled = installed;
- }
-
- /**
- * Get a new XPathFactory instance
- */
- public static XPathFactory newInstance() {
- // Xalan is available
- if (xalanInstalled && XalanXPathAPI.isInstalled()) {
- return new XalanXPathFactory();
- }
- // Some problem was encountered in fixing up the Xalan FunctionTable so fall back to the
- // JDK implementation
- return new JDKXPathFactory();
- }
-
/**
* Get a new XPathAPI instance
*/
diff --git a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
index a792a67b..8432a2cc 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23Test.java
@@ -23,9 +23,7 @@ package javax.xml.crypto.test.dsig;
import java.io.File;
-import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
-import java.security.KeyStore;
import java.security.Security;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.URIDereferencer;
@@ -219,29 +217,4 @@ public class Baltimore23Test {
assertTrue(coreValidity, "Signature failed core validation");
}
- @org.junit.jupiter.api.Test
- public void test_signature() throws Exception {
-
- //
- // This test fails with the IBM JDK
- //
- if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
- return;
- }
-
- String file = "signature.xml";
- String fs = System.getProperty("file.separator");
- String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
-
- String keystore = base + fs + "src/test/resources" + fs +
- "ie" + fs + "baltimore" + fs + "merlin-examples" + fs +
- "merlin-xmldsig-twenty-three" + fs + "certs" + fs + "xmldsig.jks";
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(new FileInputStream(keystore), "changeit".toCharArray());
-
- SignatureValidator validator = new SignatureValidator(dir);
- boolean cv = validator.validate(file, new X509KeySelector(ks, false), ud);
- assertTrue(cv, "Signature failed core validation");
- }
-
}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java
new file mode 100644
index 00000000..2bd744c0
--- /dev/null
+++ b/src/test/java/javax/xml/crypto/test/dsig/Baltimore23XalanTest.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ */
+package javax.xml.crypto.test.dsig;
+
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import javax.xml.crypto.URIDereferencer;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+
+/**
+ * This is a testcase to validate all "merlin-xmldsig-twenty-three"
+ * testcases from Baltimore. These tests require Xalan for the here() function.
+ *
+ */
+public class Baltimore23XalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ private File dir;
+ private final URIDereferencer ud;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public Baltimore23XalanTest() {
+ String fs = System.getProperty("file.separator");
+ String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+
+ dir = new File(base + fs + "src/test/resources" + fs
+ + "ie" + fs + "baltimore" + fs + "merlin-examples",
+ "merlin-xmldsig-twenty-three");
+ ud = new LocalHttpCacheURIDereferencer();
+ }
+
+ @org.junit.jupiter.api.Test
+ public void test_signature() throws Exception {
+
+ //
+ // This test fails with the IBM JDK
+ //
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+
+ String file = "signature.xml";
+ String fs = System.getProperty("file.separator");
+ String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+
+ String keystore = base + fs + "src/test/resources" + fs +
+ "ie" + fs + "baltimore" + fs + "merlin-examples" + fs +
+ "merlin-xmldsig-twenty-three" + fs + "certs" + fs + "xmldsig.jks";
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(keystore), "changeit".toCharArray());
+
+ SignatureValidator validator = new SignatureValidator(dir);
+ boolean cv = validator.validate(file, new X509KeySelector(ks, false), ud);
+ assertTrue(cv, "Signature failed core validation");
+ }
+
+}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
index d621133f..0345d769 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3Test.java
@@ -307,12 +307,4 @@ public class PhaosXMLDSig3Test {
assertTrue(coreValidity, "Signature failed core validation");
}
- @org.junit.jupiter.api.Test
- public void test_signature_rsa_xpath_transform_enveloped() throws Exception {
- String file = "signature-rsa-xpath-transform-enveloped.xml";
-
- boolean coreValidity =
- validator.validate(file, new KeySelectors.RawX509KeySelector());
- assertTrue(coreValidity, "Signature failed core validation");
- }
}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java
new file mode 100644
index 00000000..52d4888f
--- /dev/null
+++ b/src/test/java/javax/xml/crypto/test/dsig/PhaosXMLDSig3XalanTest.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ */
+package javax.xml.crypto.test.dsig;
+
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import javax.xml.crypto.test.KeySelectors;
+import java.io.File;
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+
+/**
+ * This is a testcase to validate all "phaos-xmldsig-three"
+ * testcases from Phaos, that require Xalan for the here() function
+ *
+ */
+public class PhaosXMLDSig3XalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ private SignatureValidator validator;
+ private File base;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public PhaosXMLDSig3XalanTest() {
+ String fs = System.getProperty("file.separator");
+ String basedir = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+ base = new File(basedir + fs + "src/test/resources" + fs +
+ "com" + fs + "phaos", "phaos-xmldsig-three");
+ validator = new SignatureValidator(base);
+ }
+
+ @org.junit.jupiter.api.Test
+ public void test_signature_rsa_xpath_transform_enveloped() throws Exception {
+ String file = "signature-rsa-xpath-transform-enveloped.xml";
+
+ boolean coreValidity =
+ validator.validate(file, new KeySelectors.RawX509KeySelector());
+ assertTrue(coreValidity, "Signature failed core validation");
+ }
+}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
index 555f041d..54362eb4 100644
--- a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreTest.java
@@ -277,34 +277,6 @@ public class BaltimoreTest extends InteropTestBase {
assertTrue(verify, filename);
}
- /**
- * Method test_sixteen_external_dsa
- *
- * @throws Exception
- */
- @org.junit.jupiter.api.Test
- public void test_sixteen_external_dsa() throws Exception {
-
- String filename =
- merlinsDir16 + "/signature.xml";
- ResourceResolverSpi resolver = new OfflineResolver();
- boolean followManifests = false;
- boolean verify = false;
-
- try {
- verify = this.verify(filename, resolver, followManifests);
- } catch (RuntimeException ex) {
- LOG.error("Verification crashed for " + filename);
- throw ex;
- }
-
- if (!verify) {
- LOG.error("Verification failed for " + filename);
- }
-
- assertTrue(verify, filename);
- }
-
/**
* Method test_sixteen_bad_signature. This tests make sure that an
* invalid signature is not valid. This is validating merlin's 16
@@ -543,32 +515,4 @@ public class BaltimoreTest extends InteropTestBase {
assertTrue(verify, filename);
}
- /**
- * Method test_twenty_three_external_dsa_2
- *
- * @throws Exception
- */
- @org.junit.jupiter.api.Test
- public void test_twenty_three_external_dsa_2() throws Exception {
-
- String filename =
- merlinsDir23 + "signature.xml";
- ResourceResolverSpi resolver = new OfflineResolver();
- boolean followManifests = false;
- boolean verify = false;
-
- try {
- verify = this.verify(filename, resolver, followManifests);
- } catch (RuntimeException ex) {
- LOG.error("Verification crashed for " + filename);
- throw ex;
- }
-
- if (!verify) {
- LOG.error("Verification failed for " + filename);
- }
-
- assertTrue(verify, filename);
- }
-
}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java
new file mode 100644
index 00000000..9853b472
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.interop;
+
+import org.apache.xml.security.test.dom.utils.resolver.OfflineResolver;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+
+/**
+ * This test is to ensure interoperability with the examples provided by Merlin Huges
+ * from Baltimore using KeyTools XML. These test vectors are located in the directory
+ * <CODE>data/ie/baltimore/merlin-examples/</CODE>. These tests require Xalan for the here() function
+ *
+ * @see <A HREF="http://www.baltimore.com/keytools/xml/index.html">The KeyTools XML Website</A>
+ */
+public class BaltimoreXalanTest extends InteropTestBase {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ static org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(BaltimoreXalanTest.class);
+
+ static String merlinsDir16 =
+ "src/test/resources/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen";
+ static String merlinsDir23 =
+ "src/test/resources/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/";
+
+ static {
+ System.setProperty("org.apache.xml.security.allowUnsafeResourceResolving", "true");
+
+ String basedir = System.getProperty("basedir");
+ if(basedir != null && basedir.length() != 0) {
+ merlinsDir16 = basedir + "/" + merlinsDir16;
+ merlinsDir23 = basedir + "/" + merlinsDir23;
+ }
+ }
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ /**
+ * Constructor BaltimoreTest
+ */
+ public BaltimoreXalanTest() {
+ super();
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method test_sixteen_external_dsa
+ *
+ * @throws Exception
+ */
+ @org.junit.jupiter.api.Test
+ public void test_sixteen_external_dsa() throws Exception {
+
+ String filename =
+ merlinsDir16 + "/signature.xml";
+ ResourceResolverSpi resolver = new OfflineResolver();
+ boolean followManifests = false;
+ boolean verify = false;
+
+ try {
+ verify = this.verify(filename, resolver, followManifests);
+ } catch (RuntimeException ex) {
+ LOG.error("Verification crashed for " + filename);
+ throw ex;
+ }
+
+ if (!verify) {
+ LOG.error("Verification failed for " + filename);
+ }
+
+ assertTrue(verify, filename);
+ }
+
+ /**
+ * Method test_twenty_three_external_dsa_2
+ *
+ * @throws Exception
+ */
+ @org.junit.jupiter.api.Test
+ public void test_twenty_three_external_dsa_2() throws Exception {
+
+ String filename =
+ merlinsDir23 + "signature.xml";
+ ResourceResolverSpi resolver = new OfflineResolver();
+ boolean followManifests = false;
+ boolean verify = false;
+
+ try {
+ verify = this.verify(filename, resolver, followManifests);
+ } catch (RuntimeException ex) {
+ LOG.error("Verification crashed for " + filename);
+ throw ex;
+ }
+
+ if (!verify) {
+ LOG.error("Verification failed for " + filename);
+ }
+
+ assertTrue(verify, filename);
+ }
+
+}
\ No newline at end of file
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
index 2cb9a799..e9e46e57 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
@@ -158,66 +158,6 @@ public class CreateSignatureTest {
}
}
- @org.junit.jupiter.api.Test
- public void testXFilter2Signature() throws Exception {
- Document doc = TestUtils.newDocument();
- doc.appendChild(doc.createComment(" Comment before "));
- Element root = doc.createElementNS("", "RootElement");
-
- doc.appendChild(root);
- root.appendChild(doc.createTextNode("Some simple text\n"));
-
- // Sign
- XMLSignature sig =
- new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
- root.appendChild(sig.getElement());
-
- Transforms transforms = new Transforms(doc);
- String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
- XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
- xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
-
- Element node = xpathC.getElement();
- transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
- sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
-
- KeyStore ks = KeyStore.getInstance("JKS");
- FileInputStream fis = null;
- if (BASEDIR != null && BASEDIR.length() != 0) {
- fis =
- new FileInputStream(BASEDIR + SEP
- + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks"
- );
- } else {
- fis =
- new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
- }
- ks.load(fis, "xmlsecurity".toCharArray());
- PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
-
- sig.sign(privateKey);
-
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- XMLUtils.outputDOMc14nWithComments(doc, bos);
- String signedDoc = new String(bos.toByteArray());
-
- // Now Verify
- try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
- doc = XMLUtils.read(is, false);
- }
-
- XPathFactory xpf = XPathFactory.newInstance();
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DSNamespaceContext());
-
- String expression = "//ds:Signature[1]";
- Element sigElement =
- (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
-
- XMLSignature signature = new XMLSignature(sigElement, "");
- assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
- }
-
@org.junit.jupiter.api.Test
public void testXPathSignature() throws Exception {
Document doc = TestUtils.newDocument();
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java
new file mode 100644
index 00000000..254e6aa2
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureXalanTest.java
@@ -0,0 +1,209 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.signature;
+
+
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.*;
+import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.test.dom.TestUtils;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.*;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Tests that create signatures that require Xalan for the here() function
+ */
+public class CreateSignatureXalanTest {
+
+ private static final String CONFIG_FILE = "config-xalan.xml";
+
+ static org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(CreateSignatureXalanTest.class);
+
+ private static final String BASEDIR = System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ private KeyPair kp;
+
+ @BeforeAll
+ public static void setup() {
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
+ }
+
+ @AfterAll
+ public static void cleanup() {
+ System.clearProperty("org.apache.xml.security.resource.config");
+ }
+
+ public CreateSignatureXalanTest() throws Exception {
+ org.apache.xml.security.Init.init();
+ kp = KeyPairGenerator.getInstance("RSA").genKeyPair();
+ }
+
+ @org.junit.jupiter.api.Test
+ public void testXFilter2Signature() throws Exception {
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ // Sign
+ XMLSignature sig =
+ new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+ root.appendChild(sig.getElement());
+
+ Transforms transforms = new Transforms(doc);
+ String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
+ XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
+ xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
+
+ Element node = xpathC.getElement();
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ FileInputStream fis = null;
+ if (BASEDIR != null && BASEDIR.length() != 0) {
+ fis =
+ new FileInputStream(BASEDIR + SEP
+ + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks"
+ );
+ } else {
+ fis =
+ new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
+ }
+ ks.load(fis, "xmlsecurity".toCharArray());
+ PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
+
+ sig.sign(privateKey);
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ String signedDoc = new String(bos.toByteArray());
+
+ // Now Verify
+ try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
+ }
+
+ private String doSign() throws Exception {
+ PrivateKey privateKey = kp.getPrivate();
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ Element canonElem =
+ XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
+ canonElem.setAttributeNS(
+ null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
+ );
+
+ SignatureAlgorithm signatureAlgorithm =
+ new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
+ XMLSignature sig =
+ new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
+
+ root.appendChild(sig.getElement());
+ doc.appendChild(doc.createComment(" Comment after "));
+ Transforms transforms = new Transforms(doc);
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ sig.addKeyInfo(kp.getPublic());
+ sig.sign(privateKey);
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ return new String(bos.toByteArray());
+ }
+
+ private void doVerify(String signedXML, int expectedObjectCount) throws Exception {
+ Document doc = null;
+ try (InputStream is = new ByteArrayInputStream(signedXML.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki == null) {
+ throw new RuntimeException("No keyinfo");
+ }
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk == null) {
+ throw new RuntimeException("No public key");
+ }
+ assertTrue(signature.checkSignatureValue(pk));
+
+ assertEquals(expectedObjectCount, signature.getObjectLength());
+ if (expectedObjectCount > 0) {
+ for (int i = 0; i < expectedObjectCount; i++) {
+ assertNotNull(signature.getObjectItem(i));
+ }
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java b/src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
similarity index 97%
rename from src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
index e7fc9a6e..fee78555 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/FuncHere.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/FuncHere.java
@@ -16,9 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.transforms.implementations;
-
-import javax.xml.transform.TransformerException;
+package org.apache.xml.security.test.dom.xalan;
import org.apache.xml.dtm.DTM;
import org.apache.xml.security.utils.I18n;
@@ -32,6 +30,8 @@ import org.apache.xpath.res.XPATHErrorResources;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
+import javax.xml.transform.TransformerException;
+
/**
* The 'here()' function returns a node-set containing the attribute or
* processing instruction node or the parent element of the text node
@@ -65,7 +65,7 @@ public class FuncHere extends Function {
*
* @param xctxt
* @return the xobject
- * @throws javax.xml.transform.TransformerException
+ * @throws TransformerException
*/
public XObject execute(XPathContext xctxt) throws TransformerException {
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
similarity index 73%
copy from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
copy to src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
index cac23a18..ae08270c 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath.java
@@ -16,18 +16,14 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathFactory;
-/**
- * A Factory to return a XalanXPathAPI instance.
- */
-public class XalanXPathFactory extends XPathFactory {
+public class TransformXPath extends org.apache.xml.security.transforms.implementations.TransformXPath {
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new XalanXPathAPI();
+ protected XPathFactory getXPathFactory() {
+ return new XalanXPathFactory();
}
+
}
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
similarity index 64%
copy from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
copy to src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
index cac23a18..768b5081 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/TransformXPath2Filter.java
@@ -16,18 +16,19 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathFactory;
/**
- * A Factory to return a XalanXPathAPI instance.
+ * Implements the <I>XML Signature XPath Filter v2.0</I>
+ *
+ * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
*/
-public class XalanXPathFactory extends XPathFactory {
+public class TransformXPath2Filter extends org.apache.xml.security.transforms.implementations.TransformXPath2Filter {
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new XalanXPathAPI();
+ protected XPathFactory getXPathFactory() {
+ return new XalanXPathFactory();
}
+
}
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
similarity index 98%
rename from src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
index bec20bc8..69b6e0fa 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathAPI.java
@@ -16,17 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-
-import javax.xml.transform.ErrorListener;
-import javax.xml.transform.SourceLocator;
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.transforms.implementations.FuncHere;
+import org.apache.xml.security.utils.XPathAPI;
import org.apache.xml.utils.PrefixResolver;
import org.apache.xml.utils.PrefixResolverDefault;
import org.apache.xpath.Expression;
@@ -38,6 +30,13 @@ import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import javax.xml.transform.ErrorListener;
+import javax.xml.transform.SourceLocator;
+import javax.xml.transform.TransformerException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+
/**
* An implementation of XPathAPI using Xalan. This supports the "here()" function defined in the digital
* signature spec.
diff --git a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
similarity index 87%
rename from src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
rename to src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
index cac23a18..ea0aac6c 100644
--- a/src/main/java/org/apache/xml/security/utils/XalanXPathFactory.java
+++ b/src/test/java/org/apache/xml/security/test/dom/xalan/XalanXPathFactory.java
@@ -16,9 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.test.dom.xalan;
+import org.apache.xml.security.utils.XPathAPI;
+import org.apache.xml.security.utils.XPathFactory;
+
/**
* A Factory to return a XalanXPathAPI instance.
*/
diff --git a/src/test/resources/config-xalan.xml b/src/test/resources/config-xalan.xml
new file mode 100644
index 00000000..06b7320f
--- /dev/null
+++ b/src/test/resources/config-xalan.xml
@@ -0,0 +1,682 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!--
+<!DOCTYPE Configuration SYSTEM "config.dtd">
+-->
+<!-- This configuration file is used for configuration of the org.apache.xml.security package -->
+<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/#configuration">
+ <CanonicalizationMethods>
+ <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments" />
+ <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments" />
+
+ <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments"/>
+ <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments"/>
+ <CanonicalizationMethod URI="http://santuario.apache.org/c14n/physical"
+ JAVACLASS="org.apache.xml.security.c14n.implementations.CanonicalizerPhysical"/>
+ </CanonicalizationMethods>
+ <TransformAlgorithms>
+ <!-- Base64 -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformBase64Decode" />
+ <!-- c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N" />
+ <!-- c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NWithComments" />
+ <!-- c14n 1.1 omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11" />
+ <!-- c14n 1.1 with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments" />
+ <!-- exclusive c14n omitting comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusive" />
+ <!-- exclusive c14n with comments -->
+ <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments" />
+
+ <!-- XPath transform -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xpath-19991116"
+ JAVACLASS="org.apache.xml.security.test.dom.xalan.TransformXPath" />
+ <!-- enveloped signature -->
+ <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" />
+ <!-- XSLT -->
+ <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xslt-19991116"
+ JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXSLT" />
+ <!-- XPath version 2 -->
+ <TransformAlgorithm URI="http://www.w3.org/2002/06/xmldsig-filter2"
+ JAVACLASS="org.apache.xml.security.test.dom.xalan.TransformXPath2Filter" />
+ </TransformAlgorithms>
+ <SignatureAlgorithms>
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureDSA" />
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512MGF1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_224MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_256MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_384MGF1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA3_512MGF1" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA224" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
+ <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSARIPEMD160" />
+
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512" />
+ </SignatureAlgorithms>
+ <JCEAlgorithmMappings>
+ <Algorithms>
+ <!-- MessageDigest Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
+ Description="MD5 message digest from RFC 1321"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="MD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
+ Description="RIPEMD-160 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="RIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
+ Description="SHA-1 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="REQUIRED"
+ JCEName="SHA-1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha224"
+ Description="SHA-224 message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
+ Description="SHA-1 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="RECOMMENDED"
+ JCEName="SHA-256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"
+ Description="SHA message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA-384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
+ Description="SHA-1 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA-512"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#whirlpool"
+ Description="WHIRLPOOL message digest"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="WHIRLPOOL"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224"
+ Description="SHA-3 message digest with 224 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-224"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256"
+ Description="SHA-3 message digest with 256 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-256"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384"
+ Description="SHA-3 message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-384"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512"
+ Description="SHA-3 message digest with 512 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ JCEName="SHA3-512"/>
+
+ <!-- Signature Algorithms -->
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+ Description="Digital Signature Algorithm with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="REQUIRED"
+ RequiredKey="DSA"
+ JCEName="SHA1withDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+ Description="RSA Signature with MD5 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="MD5withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ Description="RSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="RIPEMD160withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+ Description="RSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ Description="RSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+ Description="RSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ Description="RSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ Description="RSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="RECOMMENDED"
+ RequiredKey="RSA"
+ JCEName="SHA1withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA256withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA384withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+ Description="RSASSA-PSS Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+ RequiredKey="RSA"
+ JCEName="SHA512withRSAandMGF1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ Description="ECDSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA1withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+ Description="ECDSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA224withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ Description="ECDSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA256withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ Description="ECDSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA384withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ Description="ECDSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
+ JCEName="SHA512withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+ Description="ECDSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="https://tools.ietf.org/html/rfc6931"
+ RequiredKey="EC"
+ JCEName="RIPEMD160withECDSA"/>
+
+ <!-- MAC Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ Description="Message Authentication code using MD5"
+ AlgorithmClass="Mac"
+ RequirementLevel="NOT RECOMMENDED"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacMD5"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ Description="Message Authentication code using RIPEMD-160"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HMACRIPEMD160"/>
+
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+ Description="Message Authentication code using SHA1"
+ AlgorithmClass="Mac"
+ RequirementLevel="REQUIRED"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA1"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+ Description="Message Authentication code using SHA-224"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA224"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+ Description="Message Authentication code using SHA-256"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA256"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ Description="Message Authentication code using SHA-384"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA384"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ Description="Message Authentication code using SHA-512"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ KeyLength="0"
+ RequiredKey=""
+ JCEName="HmacSHA512"/>
+
+ <!-- Block encryption Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
+ Description="Block encryption using Triple-DES"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ IVLength="64"
+ RequiredKey="DESede"
+ JCEName="DESede/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+ Description="Block encryption using AES with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc"
+ Description="Block encryption using AES with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
+ Description="Block encryption using AES with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="AES"
+ JCEName="AES/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"
+ Description="Block encryption using AES with a key length of 128 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"
+ Description="Block encryption using AES with a key length of 192 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"
+ Description="Block encryption using AES with a key length of 256 bit in GCM"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="96"
+ RequiredKey="AES"
+ JCEName="AES/GCM/NoPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc"
+ Description="Block encryption using SEED with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="SEED"
+ JCEName="SEED/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
+ Description="Block encryption using Camellia with a key length of 128 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc"
+ Description="Block encryption using Camellia with a key length of 192 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc"
+ Description="Block encryption using Camellia with a key length of 256 bit"
+ AlgorithmClass="BlockEncryption"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ IVLength="128"
+ RequiredKey="Camellia"
+ JCEName="Camellia/CBC/ISO10126Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
+ Description="Key Transport RSA-v1.5"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/PKCS1Padding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="REQUIRED"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"
+ Description="Key Transport RSA-OAEP"
+ AlgorithmClass="KeyTransport"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="RSA"
+ JCEName="RSA/ECB/OAEPPadding"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
+ Description="Key Agreement Diffie-Hellman"
+ AlgorithmClass="KeyAgreement"
+ RequirementLevel="OPTIONAL"
+ RequiredKey="DH"
+ JCEName="DH"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
+ Description="Symmetric Key Wrap using Triple DES"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="192"
+ RequiredKey="DESede"
+ JCEName="DESedeWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128"
+ Description="Symmetric Key Wrap using AES with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="128"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192"
+ Description="Symmetric Key Wrap using AES with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256"
+ Description="Symmetric Key Wrap using AES with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="REQUIRED"
+ KeyLength="256"
+ RequiredKey="AES"
+ JCEName="AESWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia192"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 192 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="192"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia256"
+ Description="Symmetric Key Wrap using CAMELLIA with a key length of 256 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ RequiredKey="Camellia"
+ JCEName="CamelliaWrap"/>
+
+ <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
+ Description="Symmetric Key Wrap using SEED with a key length of 128 bit"
+ AlgorithmClass="SymmetricKeyWrap"
+ RequirementLevel="OPTIONAL"
+ KeyLength="128"
+ RequiredKey="SEED"
+ JCEName="SEEDWrap"/>
+
+ </Algorithms>
+ </JCEAlgorithmMappings>
+ <ResourceBundles defaultLanguageCode="en" defaultCountryCode="US"/>
+ <ResourceResolvers>
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP"
+ DESCRIPTION="A simple resolver for requests to HTTP space" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem"
+ DESCRIPTION="A simple resolver for requests to the local file system" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment"
+ DESCRIPTION="A simple resolver for requests of same-document URIs" />
+ <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer"
+ DESCRIPTION="A simple resolver for requests of XPointer fragments" />
+ </ResourceResolvers>
+ <KeyResolver>
+ <!-- This section contains a list of KeyResolvers that are available in
+ every KeyInfo object -->
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver"
+ DESCRIPTION="Can extract RSA public keys" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver"
+ DESCRIPTION="Can extract DSA public keys" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver"
+ DESCRIPTION="Can extract public keys from X509 certificates" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver"
+ DESCRIPTION="Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver"
+ DESCRIPTION="Resolves keys and certificates using ResourceResolvers" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver"
+ DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver"
+ DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" />
+ <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.ECKeyValueResolver"
+ DESCRIPTION="Can extract EC public keys" />
+ </KeyResolver>
+
+ <PrefixMappings>
+ <!-- Many classes create Elements which are in a specific namespace;
+ here, the prefixes for these namespaces are defined. But this
+ can also be overwritten using the ElementProxy#setDefaultPrefix()
+ method. You can even set all prefixes to "" so that the corresponding
+ elements are created using the default namespace -->
+ <PrefixMapping namespace="http://www.w3.org/2000/09/xmldsig#"
+ prefix="ds" />
+ <PrefixMapping namespace="http://www.w3.org/2001/04/xmlenc#"
+ prefix="xenc" />
+ <PrefixMapping namespace="http://www.xmlsecurity.org/experimental#"
+ prefix="experimental" />
+ <PrefixMapping namespace="http://www.w3.org/2002/04/xmldsig-filter2"
+ prefix="dsig-xpath-old" />
+ <PrefixMapping namespace="http://www.w3.org/2002/06/xmldsig-filter2"
+ prefix="dsig-xpath" />
+ <PrefixMapping namespace="http://www.w3.org/2001/10/xml-exc-c14n#"
+ prefix="ec" />
+ <PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"
+ prefix="xx" />
+ <PrefixMapping namespace="http://www.w3.org/2009/xmldsig11#"
+ prefix="dsig11" />
+ </PrefixMappings>
+</Configuration>