Example 6 with DOMValidateContext
use of javax.xml.crypto.dsig.dom.DOMValidateContext in project oxCore by GluuFederation.
the class Response method isValid.
public boolean isValid() throws Exception {
NodeList nodes = xmlDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nodes == null || nodes.getLength() == 0) {
throw new Exception("Can't find signature in document.");
}
if (setIdAttributeExists()) {
tagIdAttributes(xmlDoc);
}
X509Certificate cert = samlSettings.getCertificate();
DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey(), nodes.item(0));
XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM");
XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx);
return xmlSignature.validate(ctx);
}
Also used :
XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
NodeList(org.w3c.dom.NodeList)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
TransformerException(javax.xml.transform.TransformerException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAXException(org.xml.sax.SAXException)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with DOMValidateContext
use of javax.xml.crypto.dsig.dom.DOMValidateContext in project camel by apache.
the class XmlVerifierProcessor method verify.
@SuppressWarnings("unchecked")
protected void verify(InputStream input, final Message out) throws Exception {
//NOPMD
LOG.debug("Verification of XML signature document started");
final Document doc = parseInput(input, out);
XMLSignatureFactory fac;
// not work
try {
fac = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
} catch (NoSuchProviderException ex) {
fac = XMLSignatureFactory.getInstance("DOM");
}
KeySelector selector = getConfiguration().getKeySelector();
if (selector == null) {
throw new IllegalStateException("Wrong configuration. Key selector is missing.");
}
DOMValidateContext valContext = new DOMValidateContext(selector, doc);
valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
valContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
if (getConfiguration().getSecureValidation() == Boolean.TRUE) {
valContext.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
}
setUriDereferencerAndBaseUri(valContext);
setCryptoContextProperties(valContext);
NodeList signatureNodes = getSignatureNodes(doc);
List<XMLObject> collectedObjects = new ArrayList<XMLObject>(3);
List<Reference> collectedReferences = new ArrayList<Reference>(3);
int totalCount = signatureNodes.getLength();
for (int i = 0; i < totalCount; i++) {
Element signatureNode = (Element) signatureNodes.item(i);
valContext.setNode(signatureNode);
final XMLSignature signature = fac.unmarshalXMLSignature(valContext);
if (getConfiguration().getXmlSignatureChecker() != null) {
XmlSignatureChecker.Input checkerInput = new CheckerInputBuilder().message(out).messageBodyDocument(doc).keyInfo(signature.getKeyInfo()).currentCountOfSignatures(i + 1).currentSignatureElement(signatureNode).objects(signature.getObjects()).signatureValue(signature.getSignatureValue()).signedInfo(signature.getSignedInfo()).totalCountOfSignatures(totalCount).xmlSchemaValidationExecuted(getSchemaResourceUri(out) != null).build();
getConfiguration().getXmlSignatureChecker().checkBeforeCoreValidation(checkerInput);
}
boolean coreValidity;
try {
coreValidity = signature.validate(valContext);
} catch (XMLSignatureException se) {
throw getConfiguration().getValidationFailedHandler().onXMLSignatureException(se);
}
// Check core validation status
boolean goon = coreValidity;
if (!coreValidity) {
goon = handleSignatureValidationFailed(valContext, signature);
}
if (goon) {
LOG.debug("XML signature {} verified", i + 1);
} else {
throw new XmlSignatureInvalidException("XML signature validation failed");
}
collectedObjects.addAll(signature.getObjects());
collectedReferences.addAll(signature.getSignedInfo().getReferences());
}
map2Message(collectedReferences, collectedObjects, out, doc);
}
Also used :
XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory)
XmlSignatureInvalidException(org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidException)
Reference(javax.xml.crypto.dsig.Reference)
NodeList(org.w3c.dom.NodeList)
Element(org.w3c.dom.Element)
XmlSignatureChecker(org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker)
ArrayList(java.util.ArrayList)
XMLObject(javax.xml.crypto.dsig.XMLObject)
Document(org.w3c.dom.Document)
KeySelector(javax.xml.crypto.KeySelector)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
NoSuchProviderException(java.security.NoSuchProviderException)
XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)
Example 8 with DOMValidateContext
use of javax.xml.crypto.dsig.dom.DOMValidateContext in project wildfly by wildfly.
the class TestServlet method validateSignature.
private static boolean validateSignature(final Document document, final PublicKey publicKey) throws Exception {
final KeySelector ks = new KeySelector() {
@Override
public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException {
return new KeySelectorResult() {
public Key getKey() {
return publicKey;
}
};
}
};
final DOMValidateContext context = new DOMValidateContext(ks, document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").item(0));
return XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(context).validate(context);
}
Also used :
KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
XMLCryptoContext(javax.xml.crypto.XMLCryptoContext)
AlgorithmMethod(javax.xml.crypto.AlgorithmMethod)
KeySelectorResult(javax.xml.crypto.KeySelectorResult)
KeySelector(javax.xml.crypto.KeySelector)
Example 9 with DOMValidateContext
use of javax.xml.crypto.dsig.dom.DOMValidateContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_signature_enveloping.
private static void test_create_signature_enveloping(DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks, boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference("#object", dm, Collections.singletonList(fac.newTransform(Transform.BASE64, (TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference("#object", dm);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm, Collections.singletonList(ref));
Document doc = db.newDocument();
// create Objects
String text = b64 ? "c29tZSB0ZXh0" : "some text";
XMLObject obj = fac.newXMLObject(Collections.singletonList(new DOMStructure(doc.createTextNode(text))), "object", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki, Collections.singletonList(obj), null, null);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext(ks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Also used :
URIReference(javax.xml.crypto.URIReference)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
URIReferenceException(javax.xml.crypto.URIReferenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 10 with DOMValidateContext
use of javax.xml.crypto.dsig.dom.DOMValidateContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_signature_reference_dependency.
static void test_create_signature_reference_dependency() throws Exception {
System.out.println("* Generating signature-reference-dependency.xml");
// create references
List<Reference> refs = Collections.singletonList(fac.newReference("#object-1", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create objects
List<XMLStructure> objs = new ArrayList<XMLStructure>();
// Object 1
List<Reference> manRefs = Collections.singletonList(fac.newReference("#object-2", sha1));
objs.add(fac.newXMLObject(Collections.singletonList(fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
// Object 2
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
nc.appendChild(doc.createComment(" Commentandum "));
objs.add(fac.newXMLObject(Collections.singletonList(new DOMStructure(nc)), "object-2", null, null));
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext(kvks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Also used :
URIReference(javax.xml.crypto.URIReference)
XMLStructure(javax.xml.crypto.XMLStructure)
URIReferenceException(javax.xml.crypto.URIReferenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
Aggregations
DOMValidateContext (javax.xml.crypto.dsig.dom.DOMValidateContext)15
DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
URIReferenceException (javax.xml.crypto.URIReferenceException)8
URIReference (javax.xml.crypto.URIReference)7
XMLStructure (javax.xml.crypto.XMLStructure)4
XMLSignature (javax.xml.crypto.dsig.XMLSignature)4
NodeList (org.w3c.dom.NodeList)4
XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)3
Key (java.security.Key)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
X509Certificate (java.security.cert.X509Certificate)2
SecretKey (javax.crypto.SecretKey)2
KeySelector (javax.xml.crypto.KeySelector)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
KeyPair (java.security.KeyPair)1
