Search in sources :

Example 1 with SignatureType

use of org.apache.camel.component.xmlsecurity.api.SignatureType in project camel by apache.

the class XmlSignerProcessor method sign.

protected Document sign(final Message out) throws Exception {
    try {
        XMLSignatureFactory fac;
        // not work
        try {
            fac = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException ex) {
            fac = XMLSignatureFactory.getInstance("DOM");
        }
        final Node node = getMessageBodyNode(out);
        if (getConfiguration().getKeyAccessor() == null) {
            throw new XmlSignatureNoKeyException("Key accessor is missing for XML signature generation. Specify a key accessor in the configuration.");
        }
        final KeySelector keySelector = getConfiguration().getKeyAccessor().getKeySelector(out);
        if (keySelector == null) {
            throw new XmlSignatureNoKeyException("Key selector is missing for XML signature generation. Specify a key selector in the configuration.");
        }
        SignatureType signatureType = determineSignatureType(out);
        final List<String> contentReferenceUris = getContentReferenceUris(out, signatureType, node);
        Node lastParent = null;
        // only in the detached case there can be several
        for (final String contentReferenceUri : contentReferenceUris) {
            // the method KeyAccessor.getKeyInfo must be called after the method KeyAccessor.getKeySelector, this is part of the interface contract!
            // and this method must be called within the loop over the content reference URIs, because for each signature the key info ID must be different
            final KeyInfo keyInfo = getConfiguration().getKeyAccessor().getKeyInfo(out, node, fac.getKeyInfoFactory());
            String signatureId = getConfiguration().getSignatureId();
            if (signatureId == null) {
                signatureId = "_" + UUID.randomUUID().toString();
            } else if (signatureId.isEmpty()) {
                // indicator that no signature Id attribute shall be generated
                signatureId = null;
            }
            // parent only relevant for enveloped or detached signature
            Node parent = getParentOfSignature(out, node, contentReferenceUri, signatureType);
            if (parent == null) {
                // for enveloping signature, create new document 
                parent = XmlSignatureHelper.newDocumentBuilder(Boolean.TRUE).newDocument();
            }
            lastParent = parent;
            XmlSignatureProperties.Input input = new InputBuilder().contentDigestAlgorithm(getDigestAlgorithmUri()).keyInfo(keyInfo).message(out).messageBodyNode(node).parent(parent).signatureAlgorithm(getConfiguration().getSignatureAlgorithm()).signatureFactory(fac).signatureId(signatureId).contentReferenceUri(contentReferenceUri).signatureType(signatureType).prefixForXmlSignatureNamespace(getConfiguration().getPrefixForXmlSignatureNamespace()).build();
            XmlSignatureProperties.Output properties = getSignatureProperties(input);
            // the signature properties can overwrite the signature Id
            if (properties != null && properties.getSignatureId() != null && !properties.getSignatureId().isEmpty()) {
                signatureId = properties.getSignatureId();
            }
            List<? extends XMLObject> objects = getObjects(input, properties);
            List<? extends Reference> refs = getReferences(input, properties, getKeyInfoId(keyInfo));
            SignedInfo si = createSignedInfo(fac, refs);
            DOMSignContext dsc = createAndConfigureSignContext(parent, keySelector);
            XMLSignature signature = fac.newXMLSignature(si, keyInfo, objects, signatureId, null);
            // generate the signature
            signature.sign(dsc);
        }
        return XmlSignatureHelper.getDocument(lastParent);
    } catch (XMLSignatureException se) {
        if (se.getCause() instanceof InvalidKeyException) {
            throw new XmlSignatureInvalidKeyException(se.getMessage(), se);
        } else {
            throw new XmlSignatureException(se);
        }
    } catch (GeneralSecurityException e) {
        // like NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException
        throw new XmlSignatureException(e);
    }
}
Also used : XmlSignatureInvalidKeyException(org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidKeyException) XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory) XmlSignatureProperties(org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties) Node(org.w3c.dom.Node) GeneralSecurityException(java.security.GeneralSecurityException) SignatureType(org.apache.camel.component.xmlsecurity.api.SignatureType) KeySelector(javax.xml.crypto.KeySelector) InvalidKeyException(java.security.InvalidKeyException) XmlSignatureInvalidKeyException(org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidKeyException) SignedInfo(javax.xml.crypto.dsig.SignedInfo) XmlSignatureException(org.apache.camel.component.xmlsecurity.api.XmlSignatureException) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) XmlSignatureNoKeyException(org.apache.camel.component.xmlsecurity.api.XmlSignatureNoKeyException) DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext) XMLSignature(javax.xml.crypto.dsig.XMLSignature) NoSuchProviderException(java.security.NoSuchProviderException) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)

Example 2 with SignatureType

use of org.apache.camel.component.xmlsecurity.api.SignatureType in project camel by apache.

the class XmlSignerProcessor method determineSignatureType.

private SignatureType determineSignatureType(Message message) throws XmlSignatureException {
    if (getConfiguration().getParentLocalName() != null && getConfiguration().getParentXpath() != null) {
        throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent local name " + getConfiguration().getParentLocalName() + " and the parent XPath " + getConfiguration().getParentXpath().getXPath() + " are specified. You must not specify both parameters.");
    }
    boolean isEnveloped = getConfiguration().getParentLocalName() != null || getConfiguration().getParentXpath() != null;
    boolean isDetached = getXpathToIdAttributes(message).size() > 0;
    if (isEnveloped && isDetached) {
        if (getConfiguration().getParentLocalName() != null) {
            throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent local name " + getConfiguration().getParentLocalName() + " for an enveloped signature and the XPATHs to ID attributes for a detached signature are specified. You must not specify both parameters.");
        } else {
            throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent XPath " + getConfiguration().getParentXpath().getXPath() + " for an enveloped signature and the XPATHs to ID attributes for a detached signature are specified. You must not specify both parameters.");
        }
    }
    SignatureType result;
    if (isEnveloped) {
        result = SignatureType.enveloped;
    } else if (isDetached) {
        if (getSchemaResourceUri(message) == null) {
            throw new XmlSignatureException("The configruation of the XML Signature component is wrong: No XML schema specified in the detached case");
        }
        result = SignatureType.detached;
    } else {
        result = SignatureType.enveloping;
    }
    LOG.debug("Signature type: {}", result);
    return result;
}
Also used : XmlSignatureException(org.apache.camel.component.xmlsecurity.api.XmlSignatureException) SignatureType(org.apache.camel.component.xmlsecurity.api.SignatureType)

Aggregations

SignatureType (org.apache.camel.component.xmlsecurity.api.SignatureType)2 XmlSignatureException (org.apache.camel.component.xmlsecurity.api.XmlSignatureException)2 GeneralSecurityException (java.security.GeneralSecurityException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 KeySelector (javax.xml.crypto.KeySelector)1 SignedInfo (javax.xml.crypto.dsig.SignedInfo)1 XMLSignature (javax.xml.crypto.dsig.XMLSignature)1 XMLSignatureException (javax.xml.crypto.dsig.XMLSignatureException)1 XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)1 DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)1 KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)1 XmlSignatureInvalidKeyException (org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidKeyException)1 XmlSignatureNoKeyException (org.apache.camel.component.xmlsecurity.api.XmlSignatureNoKeyException)1 XmlSignatureProperties (org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties)1 Node (org.w3c.dom.Node)1