Example 16 with Transform
use of javax.xml.crypto.dsig.Transform in project santuario-java by apache.
the class DOMRetrievalMethod method marshal.
@Override
public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) throws MarshalException {
xwriter.writeStartElement(dsPrefix, "RetrievalMethod", XMLSignature.XMLNS);
// TODO - see whether it is important to capture the "here" attribute as part of the
// marshalling - do any of the tests fail?
// add URI and Type attributes
here = xwriter.writeAttribute("", "", "URI", uri);
xwriter.writeAttribute("", "", "Type", type);
// add Transforms elements
if (!transforms.isEmpty()) {
xwriter.writeStartElement(dsPrefix, "Transforms", XMLSignature.XMLNS);
for (Transform transform : transforms) {
((DOMTransform) transform).marshal(xwriter, dsPrefix, context);
}
// "Transforms"
xwriter.writeEndElement();
}
// "RetrievalMethod"
xwriter.writeEndElement();
}
Also used :
Transform(javax.xml.crypto.dsig.Transform)
Example 17 with Transform
use of javax.xml.crypto.dsig.Transform in project santuario-java by apache.
the class DOMRetrievalMethod method dereference.
@Override
public Data dereference(XMLCryptoContext context) throws URIReferenceException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
/*
* If URIDereferencer is specified in context; use it, otherwise use
* built-in.
*/
URIDereferencer deref = context.getURIDereferencer();
if (deref == null) {
deref = DOMURIDereferencer.INSTANCE;
}
Data data = deref.dereference(this, context);
// pass dereferenced data through Transforms
try {
for (Transform transform : transforms) {
data = transform.transform(data, context);
}
} catch (Exception e) {
throw new URIReferenceException(e);
}
// guard against RetrievalMethod loops
if (data instanceof NodeSetData && Utils.secureValidation(context)) {
NodeSetData nsd = (NodeSetData) data;
Iterator<?> i = nsd.iterator();
if (i.hasNext()) {
Node root = (Node) i.next();
if ("RetrievalMethod".equals(root.getLocalName())) {
throw new URIReferenceException("It is forbidden to have one RetrievalMethod point " + "to another when secure validation is enabled");
}
}
}
return data;
}
Also used :
NodeSetData(javax.xml.crypto.NodeSetData)
Node(org.w3c.dom.Node)
Data(javax.xml.crypto.Data)
NodeSetData(javax.xml.crypto.NodeSetData)
URIReferenceException(javax.xml.crypto.URIReferenceException)
URIDereferencer(javax.xml.crypto.URIDereferencer)
Transform(javax.xml.crypto.dsig.Transform)
MarshalException(javax.xml.crypto.MarshalException)
URISyntaxException(java.net.URISyntaxException)
URIReferenceException(javax.xml.crypto.URIReferenceException)
Example 18 with Transform
use of javax.xml.crypto.dsig.Transform in project keycloak by keycloak.
the class XMLSignatureUtil method signImpl.
private static void signImpl(DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, String keyName, PublicKey publicKey, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException {
dsc.setDefaultNamespacePrefix("dsig");
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null);
List<Transform> transformList = new ArrayList<>();
transformList.add(transform1);
transformList.add(transform2);
Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
List<Reference> referenceList = Collections.singletonList(ref);
SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
KeyInfo ki;
if (includeKeyInfoInSignature) {
ki = createKeyInfo(keyName, publicKey, x509Certificate);
} else {
ki = createKeyInfo(keyName, null, null);
}
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
}
Also used :
KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo)
Reference(javax.xml.crypto.dsig.Reference)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
ArrayList(java.util.ArrayList)
CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod)
SignatureMethod(javax.xml.crypto.dsig.SignatureMethod)
DigestMethod(javax.xml.crypto.dsig.DigestMethod)
Transform(javax.xml.crypto.dsig.Transform)
SignedInfo(javax.xml.crypto.dsig.SignedInfo)
Aggregations
Transform (javax.xml.crypto.dsig.Transform)18
Reference (javax.xml.crypto.dsig.Reference)14
ArrayList (java.util.ArrayList)11
SignedInfo (javax.xml.crypto.dsig.SignedInfo)8
XMLSignature (javax.xml.crypto.dsig.XMLSignature)8
CanonicalizationMethod (javax.xml.crypto.dsig.CanonicalizationMethod)7
DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)7
KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)7
KeyInfoFactory (javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)7
Document (org.w3c.dom.Document)7
Node (org.w3c.dom.Node)7
XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)6
X509Data (javax.xml.crypto.dsig.keyinfo.X509Data)6
Element (org.w3c.dom.Element)6
DOMStructure (javax.xml.crypto.dom.DOMStructure)4
XMLObject (javax.xml.crypto.dsig.XMLObject)4
URIReference (javax.xml.crypto.URIReference)3
SignatureMethod (javax.xml.crypto.dsig.SignatureMethod)3
InputStream (java.io.InputStream)2
URISyntaxException (java.net.URISyntaxException)2
