Search in sources :

Example 51 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.

the class AbstractPerformanceTest method doDOMSignatureOutbound.

protected void doDOMSignatureOutbound(File file, int tagCount) throws Exception {
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(file);
    XMLSignature sig = new XMLSignature(document, "", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    Element root = document.getDocumentElement();
    root.insertBefore(sig.getElement(), root.getFirstChild());
    Transforms transforms = new Transforms(document);
    transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
    transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
    sig.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
    sig.sign(key);
    sig.addKeyInfo(cert);
    XMLUtils.outputDOM(document, new BufferedOutputStream(new FileOutputStream(new File(getTmpFilePath(), "signature-dom-" + tagCount + ".xml"))));
}
Also used : DocumentBuilder(javax.xml.parsers.DocumentBuilder) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) Document(org.w3c.dom.Document)

Example 52 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.

the class AbstractSignatureCreationTest method verifyUsingDOMWihtoutId.

protected void verifyUsingDOMWihtoutId(Document document, Key key, List<SecurePart> secureParts) throws Exception {
    XPath xpath = getxPath();
    String expression = "//dsig:Signature[1]";
    Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
    Assert.assertNotNull(sigElement);
    Assert.assertEquals("", sigElement.getAttribute("Id"));
    assertEquals("Without Id there can only be one secure part", 1, secureParts.size());
    expression = "//*[local-name()='" + secureParts.get(0).getName().getLocalPart() + "']";
    Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
    Assert.assertNotNull(signedElement);
    Assert.assertEquals("", signedElement.getAttribute("Id"));
    XMLSignature signature = new XMLSignature(sigElement, "");
    // We need a special resolver for the empty URI
    signature.addResourceResolver(new EmptyURIResourceResolverSpi(signedElement));
    Assert.assertTrue(signature.checkSignatureValue(key));
}
Also used : XPath(javax.xml.xpath.XPath) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element)

Example 53 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.

the class AbstractSignatureCreationTest method verifyUsingDOM.

/**
 * Verify the document using DOM
 */
protected void verifyUsingDOM(Document document, Key key, List<SecurePart> secureParts) throws Exception {
    XPath xpath = getxPath();
    String expression = "//dsig:Signature[1]";
    Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
    Assert.assertNotNull(sigElement);
    for (SecurePart securePart : secureParts) {
        expression = "//*[local-name()='" + securePart.getName().getLocalPart() + "']";
        Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
        Assert.assertNotNull(signedElement);
        signedElement.setIdAttributeNS(null, "Id", true);
    }
    XMLSignature signature = new XMLSignature(sigElement, "");
    Assert.assertTrue(signature.checkSignatureValue(key));
}
Also used : XPath(javax.xml.xpath.XPath) SecurePart(org.apache.xml.security.stax.ext.SecurePart) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element)

Example 54 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.

the class SignatureCreationTest method testMultipleSignatures.

@Test
public void testMultipleSignatures() throws Exception {
    // Set up the Configuration
    XMLSecurityProperties properties = new XMLSecurityProperties();
    List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
    actions.add(XMLSecurityConstants.SIGNATURE);
    properties.setActions(actions);
    // Set the key up
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    Key key = keyStore.getKey("transmitter", "default".toCharArray());
    properties.setSignatureKey(key);
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    properties.setSignatureCerts(new X509Certificate[] { cert });
    SecurePart securePart = new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Content);
    properties.addSignaturePart(securePart);
    OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, StandardCharsets.UTF_8.name());
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
    XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
    xmlStreamWriter.close();
    // Now do second signature
    sourceDocument = new ByteArrayInputStream(baos.toByteArray());
    outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
    baos = new ByteArrayOutputStream();
    xmlStreamWriter = outboundXMLSec.processOutMessage(baos, StandardCharsets.UTF_8.name());
    xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
    XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
    xmlStreamWriter.close();
    // System.out.println("Got:\n" + new String(baos.toByteArray(), StandardCharsets.UTF_8.name()));
    Document document = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        document = XMLUtils.createDocumentBuilder(false).parse(is);
    }
    // Verify using DOM
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//dsig:Signature";
    NodeList sigElements = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
    Assert.assertTrue(sigElements.getLength() == 2);
    for (SecurePart secPart : properties.getSignatureSecureParts()) {
        if (secPart.getName() == null) {
            continue;
        }
        expression = "//*[local-name()='" + secPart.getName().getLocalPart() + "']";
        Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
        Assert.assertNotNull(signedElement);
        signedElement.setIdAttributeNS(null, "Id", true);
    }
    for (int i = 0; i < sigElements.getLength(); i++) {
        XMLSignature signature = new XMLSignature((Element) sigElements.item(i), "");
        Assert.assertTrue(signature.checkSignatureValue(cert));
    }
}
Also used : XMLStreamReader(javax.xml.stream.XMLStreamReader) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) XPathFactory(javax.xml.xpath.XPathFactory) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) XMLSignature(org.apache.xml.security.signature.XMLSignature) XPath(javax.xml.xpath.XPath) QName(javax.xml.namespace.QName) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NodeList(org.w3c.dom.NodeList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) Test(org.junit.Test)

Example 55 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.

the class SignatureDigestVerificationTest method testSHA224.

@Test
public void testSHA224() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    Key key = keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    String digestAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#sha224";
    XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", digestAlgorithm);
    // Add KeyInfo
    sig.addKeyInfo(cert);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSignature(org.apache.xml.security.signature.XMLSignature) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Key(java.security.Key) Test(org.junit.Test)

Aggregations

XMLSignature (org.apache.xml.security.signature.XMLSignature)132 Document (org.w3c.dom.Document)91 Element (org.w3c.dom.Element)69 X509Certificate (java.security.cert.X509Certificate)60 Test (org.junit.Test)55 DocumentBuilder (javax.xml.parsers.DocumentBuilder)52 InputStream (java.io.InputStream)51 ByteArrayInputStream (java.io.ByteArrayInputStream)50 ByteArrayOutputStream (java.io.ByteArrayOutputStream)49 KeyStore (java.security.KeyStore)48 ArrayList (java.util.ArrayList)48 XMLStreamReader (javax.xml.stream.XMLStreamReader)43 Key (java.security.Key)42 DOMSource (javax.xml.transform.dom.DOMSource)42 StreamResult (javax.xml.transform.stream.StreamResult)42 Transforms (org.apache.xml.security.transforms.Transforms)29 SecretKey (javax.crypto.SecretKey)28 XPath (javax.xml.xpath.XPath)23 KeyInfo (org.apache.xml.security.keys.KeyInfo)22 XPathFactory (javax.xml.xpath.XPathFactory)19