use of org.apache.xml.security.signature.XMLSignatureInput in project OpenAM by OpenRock.
the class OfflineResolver method engineResolve.
/**
* Method engineResolve
*
* @param uri
* @param BaseURI
* @throws ResourceResolverException
*/
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) throws ResourceResolverException {
try {
String URI = uri.getNodeValue();
String newURI = (String) this._uriMap.get(URI);
if (newURI != null) {
InputStream is = new FileInputStream(newURI);
XMLSignatureInput result = new XMLSignatureInput(is);
// XMLSignatureInput result = new XMLSignatureInput(inputStream);
result.setSourceURI(URI);
result.setMIMEType((String) this._mimeMap.get(URI));
return result;
} else {
Object[] exArgs = { "The URI " + URI + " is not configured for offline work" };
throw new ResourceResolverException("generic.EmptyMessage", exArgs, uri, BaseURI);
}
} catch (IOException ex) {
throw new ResourceResolverException("generic.EmptyMessage", ex, uri, BaseURI);
}
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class DOMReference method copyDerefData.
private static Data copyDerefData(Data dereferencedData) {
if (dereferencedData instanceof ApacheData) {
// need to make a copy of the Data
ApacheData ad = (ApacheData) dereferencedData;
XMLSignatureInput xsi = ad.getXMLSignatureInput();
if (xsi.isNodeSet()) {
try {
final Set<Node> s = xsi.getNodeSet();
return new NodeSetData() {
@Override
public Iterator<Node> iterator() {
return s.iterator();
}
};
} catch (Exception e) {
// LOG a warning
LOG.warn("cannot cache dereferenced data: " + e);
return null;
}
} else if (xsi.isElement()) {
return new DOMSubTreeData(xsi.getSubNode(), xsi.isExcludeComments());
} else if (xsi.isOctetStream() || xsi.isByteArray()) {
try {
return new OctetStreamData(xsi.getOctetStream(), xsi.getSourceURI(), xsi.getMIMEType());
} catch (IOException ioe) {
// LOG a warning
LOG.warn("cannot cache dereferenced data: " + ioe);
return null;
}
}
}
return dereferencedData;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class ApacheCanonicalizer method canonicalize.
public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException {
if (apacheCanonicalizer == null) {
try {
apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm());
boolean secVal = Utils.secureValidation(xc);
apacheCanonicalizer.setSecureValidation(secVal);
LOG.debug("Created canonicalizer for algorithm: {}", getAlgorithm());
} catch (InvalidCanonicalizerException ice) {
throw new TransformException("Couldn't find Canonicalizer for: " + getAlgorithm() + ": " + ice.getMessage(), ice);
}
}
if (os != null) {
apacheCanonicalizer.setWriter(os);
} else {
apacheCanonicalizer.setWriter(new ByteArrayOutputStream());
}
try {
Set<Node> nodeSet = null;
if (data instanceof ApacheData) {
XMLSignatureInput in = ((ApacheData) data).getXMLSignatureInput();
if (in.isElement()) {
if (inclusiveNamespaces != null) {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(in.getSubNode(), inclusiveNamespaces)));
} else {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(in.getSubNode())));
}
} else if (in.isNodeSet()) {
nodeSet = in.getNodeSet();
} else {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalize(Utils.readBytesFromStream(in.getOctetStream()))));
}
} else if (data instanceof DOMSubTreeData) {
DOMSubTreeData subTree = (DOMSubTreeData) data;
if (inclusiveNamespaces != null) {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(subTree.getRoot(), inclusiveNamespaces)));
} else {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeSubtree(subTree.getRoot())));
}
} else if (data instanceof NodeSetData) {
NodeSetData nsd = (NodeSetData) data;
// convert Iterator to Set
@SuppressWarnings("unchecked") Set<Node> ns = Utils.toNodeSet(nsd.iterator());
nodeSet = ns;
LOG.debug("Canonicalizing {} nodes", nodeSet.size());
} else {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalize(Utils.readBytesFromStream(((OctetStreamData) data).getOctetStream()))));
}
if (inclusiveNamespaces != null) {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet, inclusiveNamespaces)));
} else {
return new OctetStreamData(new ByteArrayInputStream(apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet)));
}
} catch (Exception e) {
throw new TransformException(e);
}
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class ApacheTransform method transformIt.
private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException {
if (ownerDoc == null) {
throw new TransformException("transform must be marshalled");
}
if (apacheTransform == null) {
try {
apacheTransform = new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI());
boolean secVal = Utils.secureValidation(xc);
apacheTransform.setSecureValidation(secVal);
LOG.debug("Created transform for algorithm: {}", getAlgorithm());
} catch (Exception ex) {
throw new TransformException("Couldn't find Transform for: " + getAlgorithm(), ex);
}
}
if (Utils.secureValidation(xc)) {
String algorithm = getAlgorithm();
if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
throw new TransformException("Transform " + algorithm + " is forbidden when secure validation is enabled");
}
}
XMLSignatureInput in;
if (data instanceof ApacheData) {
LOG.debug("ApacheData = true");
in = ((ApacheData) data).getXMLSignatureInput();
} else if (data instanceof NodeSetData) {
LOG.debug("isNodeSet() = true");
if (data instanceof DOMSubTreeData) {
LOG.debug("DOMSubTreeData = true");
DOMSubTreeData subTree = (DOMSubTreeData) data;
in = new XMLSignatureInput(subTree.getRoot());
in.setExcludeComments(subTree.excludeComments());
} else {
@SuppressWarnings("unchecked") Set<Node> nodeSet = Utils.toNodeSet(((NodeSetData) data).iterator());
in = new XMLSignatureInput(nodeSet);
}
} else {
LOG.debug("isNodeSet() = false");
try {
in = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} catch (Exception ex) {
throw new TransformException(ex);
}
}
boolean secVal = Utils.secureValidation(xc);
in.setSecureValidation(secVal);
try {
if (os != null) {
in = apacheTransform.performTransform(in, os);
if (!in.isNodeSet() && !in.isElement()) {
return null;
}
} else {
in = apacheTransform.performTransform(in);
}
if (in.isOctetStream()) {
return new ApacheOctetStreamData(in);
} else {
return new ApacheNodeSetData(in);
}
} catch (Exception ex) {
throw new TransformException(ex);
}
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class KeyInfoReferenceResolver method resolveReferentKeyInfo.
/**
* Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
*
* @param element
* @param baseURI
* @param storage
* @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
* @throws XMLSecurityException
*/
private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
KeyInfoReference reference = new KeyInfoReference(element, baseURI);
Attr uriAttr = reference.getURIAttr();
XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
Element referentElement = null;
try {
referentElement = obtainReferenceElement(resource);
} catch (Exception e) {
LOG.debug("XMLSecurityException", e);
return null;
}
if (referentElement == null) {
LOG.debug("De-reference of KeyInfoReference URI returned null: {}", uriAttr.getValue());
return null;
}
validateReference(referentElement);
KeyInfo referent = new KeyInfo(referentElement, baseURI);
referent.addStorageResolver(storage);
return referent;
}
Aggregations