Search in sources :

Example 1 with TransformType

use of org.apache.xml.security.binding.xmldsig.TransformType in project santuario-java by apache.

the class AbstractSignatureReferenceVerifyInputProcessor method buildTransformerChain.

protected Transformer buildTransformerChain(ReferenceType referenceType, OutputStream outputStream, InputProcessorChain inputProcessorChain, InternalSignatureReferenceVerifier internalSignatureReferenceVerifier) throws XMLSecurityException {
    // If no Transforms then just default to an Inclusive without comments transform
    if (referenceType.getTransforms() == null || referenceType.getTransforms().getTransform().isEmpty()) {
        AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
        algorithmSuiteSecurityEvent.setAlgorithmURI(XMLSecurityConstants.NS_C14N_OMIT_COMMENTS);
        algorithmSuiteSecurityEvent.setAlgorithmUsage(XMLSecurityConstants.SigTransform);
        algorithmSuiteSecurityEvent.setCorrelationID(referenceType.getId());
        inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
        Transformer transformer = new Canonicalizer20010315_OmitCommentsTransformer();
        transformer.setOutputStream(outputStream);
        return transformer;
    }
    List<TransformType> transformTypeList = referenceType.getTransforms().getTransform();
    if (transformTypeList.size() == 1 && XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE.equals(transformTypeList.get(0).getAlgorithm())) {
        TransformType transformType = new TransformType();
        transformType.setAlgorithm(XMLSecurityConstants.NS_C14N_OMIT_COMMENTS);
        transformTypeList.add(transformType);
    }
    if (transformTypeList.size() > maximumAllowedTransformsPerReference) {
        throw new XMLSecurityException("secureProcessing.MaximumAllowedTransformsPerReference", new Object[] { transformTypeList.size(), maximumAllowedTransformsPerReference });
    }
    Transformer parentTransformer = null;
    for (int i = transformTypeList.size() - 1; i >= 0; i--) {
        TransformType transformType = transformTypeList.get(i);
        String algorithm = transformType.getAlgorithm();
        AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
        algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
        algorithmSuiteSecurityEvent.setAlgorithmUsage(XMLSecurityConstants.SigTransform);
        algorithmSuiteSecurityEvent.setCorrelationID(referenceType.getId());
        inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
        InclusiveNamespaces inclusiveNamespacesType = XMLSecurityUtils.getQNameType(transformType.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
        Map<String, Object> transformerProperties = null;
        if (inclusiveNamespacesType != null) {
            transformerProperties = new HashMap<>();
            transformerProperties.put(Canonicalizer20010315_Excl.INCLUSIVE_NAMESPACES_PREFIX_LIST, inclusiveNamespacesType.getPrefixList());
        }
        if (parentTransformer != null) {
            parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, null, transformerProperties, algorithm, XMLSecurityConstants.DIRECTION.IN);
        } else {
            parentTransformer = XMLSecurityUtils.getTransformer(null, outputStream, transformerProperties, algorithm, XMLSecurityConstants.DIRECTION.IN);
        }
    }
    return parentTransformer;
}
Also used : AlgorithmSuiteSecurityEvent(org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent) Canonicalizer20010315_OmitCommentsTransformer(org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_OmitCommentsTransformer) InclusiveNamespaces(org.apache.xml.security.binding.excc14n.InclusiveNamespaces) Canonicalizer20010315_OmitCommentsTransformer(org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_OmitCommentsTransformer) TransformType(org.apache.xml.security.binding.xmldsig.TransformType) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Aggregations

InclusiveNamespaces (org.apache.xml.security.binding.excc14n.InclusiveNamespaces)1 TransformType (org.apache.xml.security.binding.xmldsig.TransformType)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 Canonicalizer20010315_OmitCommentsTransformer (org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_OmitCommentsTransformer)1 AlgorithmSuiteSecurityEvent (org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent)1