Example 16 with X509Data
use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.
the class SignatureVerificationTest method testIssuerSerial.
@Test
public void testIssuerSerial() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key);
// Add KeyInfo
KeyInfo keyInfo = sig.getKeyInfo();
XMLX509IssuerSerial issuerSerial = new XMLX509IssuerSerial(sig.getDocument(), cert);
X509Data x509Data = new X509Data(sig.getDocument());
x509Data.add(issuerSerial);
keyInfo.add(x509Data);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the SecurityEvents
checkSecurityEvents(securityEventListener);
checkSignedElementSecurityEvents(securityEventListener);
checkSignatureToken(securityEventListener, cert, null, SecurityTokenConstants.KeyIdentifier_IssuerSerial);
SignedElementSecurityEvent signedElementSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.SignedElement);
X509TokenSecurityEvent x509TokenSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.X509Token);
String signedElementCorrelationID = signedElementSecurityEvent.getCorrelationID();
String x509TokenCorrelationID = x509TokenSecurityEvent.getCorrelationID();
List<SecurityEvent> signatureSecurityEvents = new ArrayList<>();
List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
List<SecurityEvent> securityEvents = securityEventListener.getSecurityEvents();
for (int i = 0; i < securityEvents.size(); i++) {
SecurityEvent securityEvent = securityEvents.get(i);
if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
signedElementSecurityEvents.add(securityEvent);
} else if (securityEvent.getCorrelationID().equals(x509TokenCorrelationID)) {
signatureSecurityEvents.add(securityEvent);
}
}
Assert.assertEquals(4, signatureSecurityEvents.size());
Assert.assertEquals(3, signedElementSecurityEvents.size());
Assert.assertEquals(securityEventListener.getSecurityEvents().size(), signatureSecurityEvents.size() + signedElementSecurityEvents.size());
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
ArrayList(java.util.ArrayList)
Document(org.w3c.dom.Document)
X509Data(org.apache.xml.security.keys.content.X509Data)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Test(org.junit.Test)
Example 17 with X509Data
use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.
the class DecryptionTest method testSubjectName.
@Test
public void testSubjectName() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(128);
SecretKey key = keygen.generateKey();
// Set the key up
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
PrivateKey priv = (PrivateKey) keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
KeyInfo encryptedKeyKeyInfo = new KeyInfo(document);
encryptedKeyKeyInfo = new KeyInfo(document);
encryptedKeyKeyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
X509Data x509Data = new X509Data(document);
x509Data.addSubjectName(cert);
encryptedKeyKeyInfo.add(x509Data);
encryptUsingDOM(XMLCipher.AES_128, key, XMLCipher.RSA_OAEP, cert.getPublicKey(), encryptedKeyKeyInfo, document, localNames, true);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(priv);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 1);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
PrivateKey(java.security.PrivateKey)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
ArrayList(java.util.ArrayList)
X509Data(org.apache.xml.security.keys.content.X509Data)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
KeyGenerator(javax.crypto.KeyGenerator)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SecretKey(javax.crypto.SecretKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Test(org.junit.Test)
Example 18 with X509Data
use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.
the class KeyResolverTest method testKeyResolvers.
/**
* Test key resolvers through a KeyInfo.
*/
@org.junit.Test
public void testKeyResolvers() throws Exception {
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
char[] pwd = "secret".toCharArray();
KeyStore ks = KeyStore.getInstance("JCEKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
} else {
fis = new FileInputStream("src/test/resources/test.jceks");
}
ks.load(fis, pwd);
X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.newDocument();
KeyInfo ki;
X509Data x509data;
// X509Certificate hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509Certificate(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
assertNull(ki.getPrivateKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// Issuer/Serial hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SubjectName hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SKI hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SKI(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// KeyName hint
String rsaKeyName = "rsakey";
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
assertEquals(publicKey, ki.getPublicKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
assertEquals(privateKey, ki.getPrivateKey());
String des3KeyName = "des3key";
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(secretKeyResolver);
assertEquals(secretKey, ki.getSecretKey());
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
assertEquals(secretKey, ki.getSecretKey());
}
Also used :
SingleKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SingleKeyResolver)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
StorageResolver(org.apache.xml.security.keys.storage.StorageResolver)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
PrivateKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.PrivateKeyResolver)
XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Data(org.apache.xml.security.keys.content.X509Data)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
SecretKey(javax.crypto.SecretKey)
KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI)
SecretKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SecretKeyResolver)
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
Example 19 with X509Data
use of org.apache.xml.security.keys.content.X509Data in project cxf by apache.
the class SimpleBatchSTSClient method writeElementsForRSTPublicKey.
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer, X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("dsig", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String) getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("dsig", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Also used :
RSAKeyValue(org.apache.xml.security.keys.content.keyvalues.RSAKeyValue)
DSAKeyValue(org.apache.xml.security.keys.content.keyvalues.DSAKeyValue)
PublicKey(java.security.PublicKey)
X509Data(org.apache.xml.security.keys.content.X509Data)
Example 20 with X509Data
use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.
the class XMLSignature method addKeyInfo.
/**
* Add an X509 Certificate to the KeyInfo. This will include the whole cert
* inside X509Data/X509Certificate tags.
*
* @param cert Certificate to be included. This should be the certificate of
* the key that was used to sign.
* @throws XMLSecurityException
*/
public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
X509Data x509data = new X509Data(getDocument());
x509data.addCertificate(cert);
this.getKeyInfo().add(x509data);
}
Also used :
X509Data(org.apache.xml.security.keys.content.X509Data)
Aggregations
X509Data (org.apache.xml.security.keys.content.X509Data)24
X509Certificate (java.security.cert.X509Certificate)15
KeyInfo (org.apache.xml.security.keys.KeyInfo)13
SecretKey (javax.crypto.SecretKey)10
Document (org.w3c.dom.Document)10
ByteArrayInputStream (java.io.ByteArrayInputStream)8
KeyStore (java.security.KeyStore)8
PrivateKey (java.security.PrivateKey)8
ArrayList (java.util.ArrayList)8
DocumentBuilder (javax.xml.parsers.DocumentBuilder)8
ByteArrayOutputStream (java.io.ByteArrayOutputStream)7
InputStream (java.io.InputStream)7
XMLStreamReader (javax.xml.stream.XMLStreamReader)7
DOMSource (javax.xml.transform.dom.DOMSource)7
StreamResult (javax.xml.transform.stream.StreamResult)7
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)7
Test (org.junit.Test)7
Key (java.security.Key)5
XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)5
XMLX509IssuerSerial (org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)5
