use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class AbstractPerformanceTest method doDOMSignatureOutbound.
protected void doDOMSignatureOutbound(File file, int tagCount) throws Exception {
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(file);
XMLSignature sig = new XMLSignature(document, "", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
Element root = document.getDocumentElement();
root.insertBefore(sig.getElement(), root.getFirstChild());
Transforms transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
sig.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
sig.sign(key);
sig.addKeyInfo(cert);
XMLUtils.outputDOM(document, new BufferedOutputStream(new FileOutputStream(new File(getTmpFilePath(), "signature-dom-" + tagCount + ".xml"))));
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class AbstractSignatureCreationTest method verifyUsingDOMWihtoutId.
protected void verifyUsingDOMWihtoutId(Document document, Key key, List<SecurePart> secureParts) throws Exception {
XPath xpath = getxPath();
String expression = "//dsig:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(sigElement);
Assert.assertEquals("", sigElement.getAttribute("Id"));
assertEquals("Without Id there can only be one secure part", 1, secureParts.size());
expression = "//*[local-name()='" + secureParts.get(0).getName().getLocalPart() + "']";
Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(signedElement);
Assert.assertEquals("", signedElement.getAttribute("Id"));
XMLSignature signature = new XMLSignature(sigElement, "");
// We need a special resolver for the empty URI
signature.addResourceResolver(new EmptyURIResourceResolverSpi(signedElement));
Assert.assertTrue(signature.checkSignatureValue(key));
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class AbstractSignatureCreationTest method verifyUsingDOM.
/**
* Verify the document using DOM
*/
protected void verifyUsingDOM(Document document, Key key, List<SecurePart> secureParts) throws Exception {
XPath xpath = getxPath();
String expression = "//dsig:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(sigElement);
for (SecurePart securePart : secureParts) {
expression = "//*[local-name()='" + securePart.getName().getLocalPart() + "']";
Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(signedElement);
signedElement.setIdAttributeNS(null, "Id", true);
}
XMLSignature signature = new XMLSignature(sigElement, "");
Assert.assertTrue(signature.checkSignatureValue(key));
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureCreationTest method testMultipleSignatures.
@Test
public void testMultipleSignatures() throws Exception {
// Set up the Configuration
XMLSecurityProperties properties = new XMLSecurityProperties();
List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
actions.add(XMLSecurityConstants.SIGNATURE);
properties.setActions(actions);
// Set the key up
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
properties.setSignatureKey(key);
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
properties.setSignatureCerts(new X509Certificate[] { cert });
SecurePart securePart = new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Content);
properties.addSignaturePart(securePart);
OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, StandardCharsets.UTF_8.name());
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
// Now do second signature
sourceDocument = new ByteArrayInputStream(baos.toByteArray());
outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
baos = new ByteArrayOutputStream();
xmlStreamWriter = outboundXMLSec.processOutMessage(baos, StandardCharsets.UTF_8.name());
xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), StandardCharsets.UTF_8.name()));
Document document = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
document = XMLUtils.createDocumentBuilder(false).parse(is);
}
// Verify using DOM
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//dsig:Signature";
NodeList sigElements = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
Assert.assertTrue(sigElements.getLength() == 2);
for (SecurePart secPart : properties.getSignatureSecureParts()) {
if (secPart.getName() == null) {
continue;
}
expression = "//*[local-name()='" + secPart.getName().getLocalPart() + "']";
Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(signedElement);
signedElement.setIdAttributeNS(null, "Id", true);
}
for (int i = 0; i < sigElements.getLength(); i++) {
XMLSignature signature = new XMLSignature((Element) sigElements.item(i), "");
Assert.assertTrue(signature.checkSignatureValue(cert));
}
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureDigestVerificationTest method testSHA224.
@Test
public void testSHA224() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String digestAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#sha224";
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", digestAlgorithm);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Aggregations