Example 81 with XMLSignature
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class AbstractSignatureCreationTest method verifyUsingDOM.
/**
* Verify the document using DOM
*/
protected void verifyUsingDOM(Document document, X509Certificate cert, List<SecurePart> secureParts, ResourceResolverSpi resourceResolverSpi, boolean keyInfoRequired, String idAttributeNS) throws Exception {
XPath xpath = getxPath();
String expression = "//dsig:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(sigElement);
for (SecurePart securePart : secureParts) {
if (securePart.getName() == null) {
continue;
}
expression = "//*[local-name()='" + securePart.getName().getLocalPart() + "']";
Element signedElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(signedElement);
signedElement.setIdAttributeNS(null, idAttributeNS, true);
}
XMLSignature signature = new XMLSignature(sigElement, "");
if (resourceResolverSpi != null) {
signature.addResourceResolver(resourceResolverSpi);
}
if (keyInfoRequired) {
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
}
Assert.assertTrue(signature.checkSignatureValue(cert));
}
Also used :
XPath(javax.xml.xpath.XPath)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Example 82 with XMLSignature
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class AbstractSignatureVerificationTest method signUsingDOM.
/**
* Sign the document using DOM
*/
protected XMLSignature signUsingDOM(String algorithm, Document document, List<String> localNames, Key signingKey, String c14nMethod, String digestMethod, List<ReferenceInfo> additionalReferences, String referenceC14NMethod, ResourceResolverSpi resourceResolverSpi) throws Exception {
XMLSignature sig = new XMLSignature(document, "", algorithm, c14nMethod);
if (resourceResolverSpi != null) {
sig.addResourceResolver(resourceResolverSpi);
}
Element root = document.getDocumentElement();
root.appendChild(sig.getElement());
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
NodeList elementsToSign = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
for (int i = 0; i < elementsToSign.getLength(); i++) {
Element elementToSign = (Element) elementsToSign.item(i);
Assert.assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
Transforms transforms = new Transforms(document);
transforms.addTransform(referenceC14NMethod);
sig.addDocument("#" + id, transforms, digestMethod);
}
}
if (additionalReferences != null) {
for (int i = 0; i < additionalReferences.size(); i++) {
ReferenceInfo referenceInfo = additionalReferences.get(i);
if (referenceInfo.isBinary()) {
sig.addDocument(referenceInfo.getResource(), null, referenceInfo.getDigestMethod());
} else {
Transforms transforms = new Transforms(document);
for (int j = 0; j < referenceInfo.getC14NMethod().length; j++) {
String transform = referenceInfo.getC14NMethod()[j];
transforms.addTransform(transform);
}
sig.addDocument(referenceInfo.getResource(), transforms, referenceInfo.getDigestMethod());
}
}
}
sig.sign(signingKey);
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(sigElement);
return sig;
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathFactory(javax.xml.xpath.XPathFactory)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
Transforms(org.apache.xml.security.transforms.Transforms)
Example 83 with XMLSignature
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureDigestVerificationTest method testSHA384.
@Test
public void testSHA384() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String digestAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#sha384";
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", digestAlgorithm);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Key(java.security.Key)
Test(org.junit.Test)
Example 84 with XMLSignature
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureDigestVerificationTest method testSHA3_256.
@Test
public void testSHA3_256() throws Exception {
org.junit.Assume.assumeTrue(bcInstalled);
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String digestAlgorithm = "http://www.w3.org/2007/05/xmldsig-more#sha3-256";
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", digestAlgorithm);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Key(java.security.Key)
Test(org.junit.Test)
Example 85 with XMLSignature
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureDigestVerificationTest method testSHA512.
@Test
public void testSHA512() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha512";
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", digestAlgorithm);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Key(java.security.Key)
Test(org.junit.Test)
Aggregations
XMLSignature (org.apache.xml.security.signature.XMLSignature)132
Document (org.w3c.dom.Document)91
Element (org.w3c.dom.Element)69
X509Certificate (java.security.cert.X509Certificate)60
Test (org.junit.Test)55
DocumentBuilder (javax.xml.parsers.DocumentBuilder)52
InputStream (java.io.InputStream)51
ByteArrayInputStream (java.io.ByteArrayInputStream)50
ByteArrayOutputStream (java.io.ByteArrayOutputStream)49
KeyStore (java.security.KeyStore)48
ArrayList (java.util.ArrayList)48
XMLStreamReader (javax.xml.stream.XMLStreamReader)43
Key (java.security.Key)42
DOMSource (javax.xml.transform.dom.DOMSource)42
StreamResult (javax.xml.transform.stream.StreamResult)42
Transforms (org.apache.xml.security.transforms.Transforms)29
SecretKey (javax.crypto.SecretKey)28
XPath (javax.xml.xpath.XPath)23
KeyInfo (org.apache.xml.security.keys.KeyInfo)22
XPathFactory (javax.xml.xpath.XPathFactory)19
