Search in sources :

Example 1 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project OpenAM by OpenRock.

the class OfflineResolver method engineResolve.

/**
    * Method engineResolve
    *
    * @param uri
    * @param BaseURI
    * @throws ResourceResolverException
    */
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) throws ResourceResolverException {
    try {
        String URI = uri.getNodeValue();
        String newURI = (String) this._uriMap.get(URI);
        if (newURI != null) {
            InputStream is = new FileInputStream(newURI);
            XMLSignatureInput result = new XMLSignatureInput(is);
            // XMLSignatureInput result = new XMLSignatureInput(inputStream);
            result.setSourceURI(URI);
            result.setMIMEType((String) this._mimeMap.get(URI));
            return result;
        } else {
            Object[] exArgs = { "The URI " + URI + " is not configured for offline work" };
            throw new ResourceResolverException("generic.EmptyMessage", exArgs, uri, BaseURI);
        }
    } catch (IOException ex) {
        throw new ResourceResolverException("generic.EmptyMessage", ex, uri, BaseURI);
    }
}
Also used : XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException)

Example 2 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class DOMReference method copyDerefData.

private static Data copyDerefData(Data dereferencedData) {
    if (dereferencedData instanceof ApacheData) {
        // need to make a copy of the Data
        ApacheData ad = (ApacheData) dereferencedData;
        XMLSignatureInput xsi = ad.getXMLSignatureInput();
        if (xsi.isNodeSet()) {
            try {
                final Set<Node> s = xsi.getNodeSet();
                return new NodeSetData() {

                    @Override
                    public Iterator<Node> iterator() {
                        return s.iterator();
                    }
                };
            } catch (Exception e) {
                // LOG a warning
                LOG.warn("cannot cache dereferenced data: " + e);
                return null;
            }
        } else if (xsi.isElement()) {
            return new DOMSubTreeData(xsi.getSubNode(), xsi.isExcludeComments());
        } else if (xsi.isOctetStream() || xsi.isByteArray()) {
            try {
                return new OctetStreamData(xsi.getOctetStream(), xsi.getSourceURI(), xsi.getMIMEType());
            } catch (IOException ioe) {
                // LOG a warning
                LOG.warn("cannot cache dereferenced data: " + ioe);
                return null;
            }
        }
    }
    return dereferencedData;
}
Also used : Node(org.w3c.dom.Node) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) URISyntaxException(java.net.URISyntaxException)

Example 3 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class ApacheCanonicalizer method canonicalize.

public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException {
    if (apacheCanonicalizer == null) {
        try {
            apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm());
            boolean secVal = Utils.secureValidation(xc);
            apacheCanonicalizer.setSecureValidation(secVal);
            LOG.debug("Created canonicalizer for algorithm: {}", getAlgorithm());
        } catch (InvalidCanonicalizerException ice) {
            throw new TransformException("Couldn't find Canonicalizer for: " + getAlgorithm() + ": " + ice.getMessage(), ice);
        }
    }
    if (os != null) {
        apacheCanonicalizer.setWriter(os);
    } else {
        apacheCanonicalizer.setWriter(new ByteArrayOutputStream());
    }
    try {
        Set<Node> nodeSet = null;
        if (data instanceof ApacheData) {
            XMLSignatureInput in = ((ApacheData) data).getXMLSignatureInput();
            if (in.isElement()) {
                if (inclusiveNamespaces != null) {
                    return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(in.getSubNode(), inclusiveNamespaces)));
                } else {
                    return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(in.getSubNode())));
                }
            } else if (in.isNodeSet()) {
                nodeSet = in.getNodeSet();
            } else {
                return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalize(Utils.readBytesFromStream(in.getOctetStream()))));
            }
        } else if (data instanceof DOMSubTreeData) {
            DOMSubTreeData subTree = (DOMSubTreeData) data;
            if (inclusiveNamespaces != null) {
                return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(subTree.getRoot(), inclusiveNamespaces)));
            } else {
                return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(subTree.getRoot())));
            }
        } else if (data instanceof NodeSetData) {
            NodeSetData nsd = (NodeSetData) data;
            // convert Iterator to Set
            @SuppressWarnings("unchecked") Set<Node> ns = Utils.toNodeSet(nsd.iterator());
            nodeSet = ns;
            LOG.debug("Canonicalizing {} nodes", nodeSet.size());
        } else {
            return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalize(Utils.readBytesFromStream(((OctetStreamData) data).getOctetStream()))));
        }
        if (inclusiveNamespaces != null) {
            return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet, inclusiveNamespaces)));
        } else {
            return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet)));
        }
    } catch (Exception e) {
        throw new TransformException(e);
    }
}
Also used : Node(org.w3c.dom.Node) TransformException(javax.xml.crypto.dsig.TransformException) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) TransformException(javax.xml.crypto.dsig.TransformException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) ByteArrayInputStream(java.io.ByteArrayInputStream) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException)

Example 4 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class ApacheTransform method transformIt.

private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException {
    if (ownerDoc == null) {
        throw new TransformException("transform must be marshalled");
    }
    if (apacheTransform == null) {
        try {
            apacheTransform = new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
            apacheTransform.setElement(transformElem, xc.getBaseURI());
            boolean secVal = Utils.secureValidation(xc);
            apacheTransform.setSecureValidation(secVal);
            LOG.debug("Created transform for algorithm: {}", getAlgorithm());
        } catch (Exception ex) {
            throw new TransformException("Couldn't find Transform for: " + getAlgorithm(), ex);
        }
    }
    if (Utils.secureValidation(xc)) {
        String algorithm = getAlgorithm();
        if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
            throw new TransformException("Transform " + algorithm + " is forbidden when secure validation is enabled");
        }
    }
    XMLSignatureInput in;
    if (data instanceof ApacheData) {
        LOG.debug("ApacheData = true");
        in = ((ApacheData) data).getXMLSignatureInput();
    } else if (data instanceof NodeSetData) {
        LOG.debug("isNodeSet() = true");
        if (data instanceof DOMSubTreeData) {
            LOG.debug("DOMSubTreeData = true");
            DOMSubTreeData subTree = (DOMSubTreeData) data;
            in = new XMLSignatureInput(subTree.getRoot());
            in.setExcludeComments(subTree.excludeComments());
        } else {
            @SuppressWarnings("unchecked") Set<Node> nodeSet = Utils.toNodeSet(((NodeSetData) data).iterator());
            in = new XMLSignatureInput(nodeSet);
        }
    } else {
        LOG.debug("isNodeSet() = false");
        try {
            in = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
        } catch (Exception ex) {
            throw new TransformException(ex);
        }
    }
    boolean secVal = Utils.secureValidation(xc);
    in.setSecureValidation(secVal);
    try {
        if (os != null) {
            in = apacheTransform.performTransform(in, os);
            if (!in.isNodeSet() && !in.isElement()) {
                return null;
            }
        } else {
            in = apacheTransform.performTransform(in);
        }
        if (in.isOctetStream()) {
            return new ApacheOctetStreamData(in);
        } else {
            return new ApacheNodeSetData(in);
        }
    } catch (Exception ex) {
        throw new TransformException(ex);
    }
}
Also used : Set(java.util.Set) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Transform(org.apache.xml.security.transforms.Transform) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)

Example 5 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class KeyInfoReferenceResolver method resolveReferentKeyInfo.

/**
 * Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
 *
 * @param element
 * @param baseURI
 * @param storage
 * @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
 * @throws XMLSecurityException
 */
private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
    KeyInfoReference reference = new KeyInfoReference(element, baseURI);
    Attr uriAttr = reference.getURIAttr();
    XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
    Element referentElement = null;
    try {
        referentElement = obtainReferenceElement(resource);
    } catch (Exception e) {
        LOG.debug("XMLSecurityException", e);
        return null;
    }
    if (referentElement == null) {
        LOG.debug("De-reference of KeyInfoReference URI returned null: {}", uriAttr.getValue());
        return null;
    }
    validateReference(referentElement);
    KeyInfo referent = new KeyInfo(referentElement, baseURI);
    referent.addStorageResolver(storage);
    return referent;
}
Also used : KeyInfo(org.apache.xml.security.keys.KeyInfo) Element(org.w3c.dom.Element) KeyInfoReference(org.apache.xml.security.keys.content.KeyInfoReference) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Attr(org.w3c.dom.Attr) IOException(java.io.IOException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) CanonicalizationException(org.apache.xml.security.c14n.CanonicalizationException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SAXException(org.xml.sax.SAXException)

Aggregations

XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)12 InputStream (java.io.InputStream)11 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Node (org.w3c.dom.Node)9 ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8 IOException (java.io.IOException)7 Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6 StringReader (java.io.StringReader)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 Transforms (org.apache.xml.security.transforms.Transforms)4 InputSource (org.xml.sax.InputSource)4 SAXException (org.xml.sax.SAXException)4 URISyntaxException (java.net.URISyntaxException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 Set (java.util.Set)3