Examples with X509Data org.apache.xml.security.keys.content.X509Data used on opensource projects

Search in sources :

Example 6 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class DecryptionTest method testX509Certificate.

@Test
public void testX509Certificate() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128);
    SecretKey key = keygen.generateKey();
    // Set the key up
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    PrivateKey priv = (PrivateKey) keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    KeyInfo encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
    X509Data x509Data = new X509Data(document);
    x509Data.addCertificate(cert);
    encryptedKeyKeyInfo.add(x509Data);
    encryptUsingDOM(XMLCipher.AES_128, key, XMLCipher.RSA_OAEP, cert.getPublicKey(), encryptedKeyKeyInfo, document, localNames, true);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(priv);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) PrivateKey(java.security.PrivateKey) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 7 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class DecryptionTest method testIssuerSerial.

@Test
public void testIssuerSerial() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128);
    SecretKey key = keygen.generateKey();
    // Set the key up
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    PrivateKey priv = (PrivateKey) keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    KeyInfo encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
    X509Data x509Data = new X509Data(document);
    x509Data.addIssuerSerial(cert.getIssuerX500Principal().getName(), cert.getSerialNumber());
    encryptedKeyKeyInfo.add(x509Data);
    encryptUsingDOM(XMLCipher.AES_128, key, XMLCipher.RSA_OAEP, cert.getPublicKey(), encryptedKeyKeyInfo, document, localNames, true);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(priv);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) PrivateKey(java.security.PrivateKey) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 8 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class DecryptionTest method testSKI.

@Test
public void testSKI() throws Exception {
    // 
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
        return;
    }
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128);
    SecretKey key = keygen.generateKey();
    // Set the key up
    KeyStore keyStore = KeyStore.getInstance("JCEKS");
    keyStore.load(this.getClass().getClassLoader().getResource("test.jceks").openStream(), "secret".toCharArray());
    PrivateKey priv = (PrivateKey) keyStore.getKey("rsakey", "secret".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("rsakey");
    // Encrypt using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    KeyInfo encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo = new KeyInfo(document);
    encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
    X509Data x509Data = new X509Data(document);
    x509Data.addSKI(cert);
    encryptedKeyKeyInfo.add(x509Data);
    encryptUsingDOM(XMLCipher.AES_128, key, XMLCipher.RSA_OAEP, cert.getPublicKey(), encryptedKeyKeyInfo, document, localNames, true);
    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Decrypt
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setDecryptionKey(priv);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) PrivateKey(java.security.PrivateKey) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener) KeyGenerator(javax.crypto.KeyGenerator) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 9 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class SignatureVerificationTest method testSubjectName.

@Test
public void testSubjectName() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    Key key = keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key);
    // Add KeyInfo
    KeyInfo keyInfo = sig.getKeyInfo();
    X509Data x509Data = new X509Data(sig.getDocument());
    x509Data.addSubjectName(cert);
    keyInfo.add(x509Data);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(cert.getPublicKey());
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the SecurityEvents
    checkSecurityEvents(securityEventListener);
    checkSignedElementSecurityEvents(securityEventListener);
    checkSignatureToken(securityEventListener, cert, null, SecurityTokenConstants.KeyIdentifier_X509SubjectName);
    SignedElementSecurityEvent signedElementSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.SignedElement);
    X509TokenSecurityEvent x509TokenSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.X509Token);
    String signedElementCorrelationID = signedElementSecurityEvent.getCorrelationID();
    String x509TokenCorrelationID = x509TokenSecurityEvent.getCorrelationID();
    List<SecurityEvent> signatureSecurityEvents = new ArrayList<>();
    List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
    List<SecurityEvent> securityEvents = securityEventListener.getSecurityEvents();
    for (int i = 0; i < securityEvents.size(); i++) {
        SecurityEvent securityEvent = securityEvents.get(i);
        if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
            signedElementSecurityEvents.add(securityEvent);
        } else if (securityEvent.getCorrelationID().equals(x509TokenCorrelationID)) {
            signatureSecurityEvents.add(securityEvent);
        }
    }
    Assert.assertEquals(4, signatureSecurityEvents.size());
    Assert.assertEquals(3, signedElementSecurityEvents.size());
    Assert.assertEquals(securityEventListener.getSecurityEvents().size(), signatureSecurityEvents.size() + signedElementSecurityEvents.size());
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) XMLSignature(org.apache.xml.security.signature.XMLSignature) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) Test(org.junit.Test)

Example 10 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project cxf by apache.

the class AbstractSTSClient method writeElementsForRSTPublicKey.

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer, X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String) getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }
    writer.writeEndElement();
    writer.writeEndElement();
}
Also used : RSAKeyValue(org.apache.xml.security.keys.content.keyvalues.RSAKeyValue) DSAKeyValue(org.apache.xml.security.keys.content.keyvalues.DSAKeyValue) PublicKey(java.security.PublicKey) X509Data(org.apache.xml.security.keys.content.X509Data)

Aggregations

X509Data (org.apache.xml.security.keys.content.X509Data)24 X509Certificate (java.security.cert.X509Certificate)15 KeyInfo (org.apache.xml.security.keys.KeyInfo)13 SecretKey (javax.crypto.SecretKey)10 Document (org.w3c.dom.Document)10 ByteArrayInputStream (java.io.ByteArrayInputStream)8 KeyStore (java.security.KeyStore)8 PrivateKey (java.security.PrivateKey)8 ArrayList (java.util.ArrayList)8 DocumentBuilder (javax.xml.parsers.DocumentBuilder)8 ByteArrayOutputStream (java.io.ByteArrayOutputStream)7 InputStream (java.io.InputStream)7 XMLStreamReader (javax.xml.stream.XMLStreamReader)7 DOMSource (javax.xml.transform.dom.DOMSource)7 StreamResult (javax.xml.transform.stream.StreamResult)7 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)7 Test (org.junit.Test)7 Key (java.security.Key)5 XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)5 XMLX509IssuerSerial (org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial