You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2016/10/11 15:16:49 UTC
svn commit: r1764267 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/resource/
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/output/
test/java/org/apache/xml/security/te...
Author: coheigea
Date: Tue Oct 11 15:16:49 2016
New Revision: 1764267
URL: http://svn.apache.org/viewvc?rev=1764267&view=rev
Log:
SANTUARIO-452 Set KeyName value from XMLSecurityProperties
- Thanks to Hugo Trippaers for the patch.
- This closes #7
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties [iso-8859-1] Tue Oct 11 15:16:49 2016
@@ -186,3 +186,4 @@ stax.namedCurveMissing = NamedCurve fehl
stax.encryption.securePartNotFound = Part zum Verschl\u00fcsseln nicht gefunden: {0}
stax.signature.securePartNotFound = Part zum Signieren nicht gefunden: {0}
stax.multipleSignaturesNotSupported = Mehrere Signaturen werden nicht unterstützt.
+stax.signature.keyNameMissing = KeyName nicht konfiguriert.
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] Tue Oct 11 15:16:49 2016
@@ -186,3 +186,4 @@ stax.namedCurveMissing = NamedCurve is m
stax.encryption.securePartNotFound = Part to encrypt not found: {0}
stax.signature.securePartNotFound = Part to sign not found: {0}
stax.multipleSignaturesNotSupported = Multiple signatures are not supported.
+stax.signature.keyNameMissing = KeyName not configured.
\ No newline at end of file
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityProperties.java Tue Oct 11 15:16:49 2016
@@ -54,6 +54,7 @@ public class XMLSecurityProperties {
private Key encryptionKey;
private Key encryptionTransportKey;
private SecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier;
+ private String encryptionKeyName;
private Key decryptionKey;
@@ -65,6 +66,7 @@ public class XMLSecurityProperties {
private X509Certificate[] signatureCerts;
private boolean addExcC14NInclusivePrefixes = false;
private SecurityTokenConstants.KeyIdentifier signatureKeyIdentifier;
+ private String signatureKeyName;
private boolean useSingleCert = true;
private Key signatureVerificationKey;
@@ -104,6 +106,8 @@ public class XMLSecurityProperties {
this.signatureVerificationKey = xmlSecurityProperties.signatureVerificationKey;
this.signaturePosition = xmlSecurityProperties.signaturePosition;
this.idAttributeNS = xmlSecurityProperties.idAttributeNS;
+ this.signatureKeyName = xmlSecurityProperties.signatureKeyName;
+ this.encryptionKeyName = xmlSecurityProperties.encryptionKeyName;
}
public SecurityTokenConstants.KeyIdentifier getSignatureKeyIdentifier() {
@@ -420,4 +424,30 @@ public class XMLSecurityProperties {
public void setDisableSchemaValidation(boolean disableSchemaValidation) {
this.disableSchemaValidation = disableSchemaValidation;
}
+
+ public String getSignatureKeyName() {
+ return signatureKeyName;
+ }
+
+ /**
+ * specifies the contents of the KeyInfo/KeyName element for signing
+ *
+ * @param signatureKeyName set to a String that will be passed as contents of the KeyName element
+ */
+ public void setSignatureKeyName(String signatureKeyName) {
+ this.signatureKeyName = signatureKeyName;
+ }
+
+ public String getEncryptionKeyName() {
+ return encryptionKeyName;
+ }
+
+ /**
+ * specifies the contents of the KeyInfo/KeyName element for encryption
+ *
+ * @param encryptionKeyName set to a String that will be passed as contents of the KeyName element
+ */
+ public void setEncryptionKeyName(String encryptionKeyName) {
+ this.encryptionKeyName = encryptionKeyName;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java Tue Oct 11 15:16:49 2016
@@ -497,4 +497,15 @@ public class XMLSecurityUtils {
return schema;
}
+ public static void createKeyNameTokenStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String keyName)
+ throws XMLStreamException, XMLSecurityException {
+
+ if (keyName == null || keyName.isEmpty()) {
+ throw new XMLSecurityException("stax.signature.keyNameMissing");
+ }
+
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyName, true, null);
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, keyName);
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyName);
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java Tue Oct 11 15:16:49 2016
@@ -295,6 +295,9 @@ public class XMLEncryptOutputProcessor e
XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
} else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_KeyName.equals(keyIdentifier)) {
+ String keyName = getSecurityProperties().getEncryptionKeyName();
+ XMLSecurityUtils.createKeyNameTokenStructure(this, outputProcessorChain, keyName);
} else {
throw new XMLSecurityException("stax.unsupportedToken",
new Object[] {keyIdentifier});
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Tue Oct 11 15:16:49 2016
@@ -142,6 +142,9 @@ public class XMLSignatureEndingOutputPro
XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
} else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
+ } else if (SecurityTokenConstants.KeyIdentifier_KeyName.equals(keyIdentifier)) {
+ String keyName = getSecurityProperties().getSignatureKeyName();
+ XMLSecurityUtils.createKeyNameTokenStructure(this, outputProcessorChain, keyName);
} else {
throw new XMLSecurityException("stax.unsupportedToken",
new Object[] {keyIdentifier});
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java Tue Oct 11 15:16:49 2016
@@ -588,6 +588,74 @@ public class EncryptionCreationTest exte
}
@Test
+ public void testEncryptedKeyKeyNameReference() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.ENCRYPT);
+ properties.setActions(actions);
+
+ // Set the key up
+ // Generate an RSA key
+ KeyPairGenerator rsaKeygen = KeyPairGenerator.getInstance("RSA");
+ KeyPair kp = rsaKeygen.generateKeyPair();
+ PrivateKey priv = kp.getPrivate();
+ PublicKey pub = kp.getPublic();
+ properties.setEncryptionTransportKey(pub);
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
+
+ KeyGenerator keygen = KeyGenerator.getInstance("AES");
+ keygen.init(256);
+ SecretKey key = keygen.generateKey();
+ properties.setEncryptionKey(key);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+ properties.setEncryptionKeyIdentifier(SecurityTokenConstants.KeyIdentifier_KeyName);
+ properties.setEncryptionKeyName("PublicKey");
+
+ SecurePart securePart =
+ new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element);
+ properties.addEncryptionPart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ // Check the CreditCard encrypted ok
+ nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ nodeList = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ // Decrypt using DOM API
+ Document doc =
+ decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", null, priv, document);
+
+ // Check the CreditCard decrypted ok
+ nodeList = doc.getElementsByTagNameNS("urn:example:po", "CreditCard");
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+
+ @Test
public void testEncryptedKeyMultipleElements() throws Exception {
// Set up the Configuration
XMLSecurityProperties properties = new XMLSecurityProperties();
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1764267&r1=1764266&r2=1764267&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Tue Oct 11 15:16:49 2016
@@ -1286,4 +1286,53 @@ public class SignatureCreationTest exten
verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, false, "Id");
}
+
+ @Test
+ public void testSignatureCreationKeyName() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+ properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_KeyName);
+
+ // Set the key up
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(
+ this.getClass().getClassLoader().getResource("transmitter.jks").openStream(),
+ "default".toCharArray()
+ );
+ Key key = keyStore.getKey("transmitter", "default".toCharArray());
+ properties.setSignatureKey(key);
+ X509Certificate cert = (X509Certificate)keyStore.getCertificate("transmitter");
+ properties.setSignatureCerts(new X509Certificate[]{cert});
+ properties.setSignatureKeyName(cert.getIssuerDN().getName());
+
+ SecurePart securePart =
+ new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Content);
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_KeyName.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_KeyName.getLocalPart());
+ assertEquals(1, nodeList.getLength());
+ assertEquals(cert.getIssuerDN().getName(), nodeList.item(0).getFirstChild().getTextContent());
+
+ // Verify using DOM
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
+ }
}