use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class RetrievalMethodResolver method resolveInput.
/**
* Resolves the input from the given retrieval method
* @return the input from the given retrieval method
* @throws XMLSecurityException
*/
private static XMLSignatureInput resolveInput(RetrievalMethod rm, String baseURI, boolean secureValidation) throws XMLSecurityException {
Attr uri = rm.getURIAttr();
// Apply the transforms
Transforms transforms = rm.getTransforms();
ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
XMLSignatureInput resource = resRes.resolve(uri, baseURI, secureValidation);
if (transforms != null) {
LOG.debug("We have Transforms");
resource = transforms.performTransforms(resource);
}
return resource;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class RetrievalMethodResolver method engineLookupAndResolvePublicKey.
/**
* Method engineResolvePublicKey
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
*/
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) {
if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
return null;
}
try {
// Create a retrieval method over the given element
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
// a raw certificate, direct parsing is done!
X509Certificate cert = getRawCertificate(resource);
if (cert != null) {
return cert.getPublicKey();
}
return null;
}
Element e = obtainReferenceElement(resource, secureValidation);
// which points to this element
if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
if (secureValidation) {
if (LOG.isDebugEnabled()) {
String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
LOG.debug(error);
}
return null;
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
return null;
}
}
return resolveKey(e, baseURI, storage);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
LOG.debug("CertificateException", ex);
} catch (IOException ex) {
LOG.debug("IOException", ex);
} catch (ParserConfigurationException e) {
LOG.debug("ParserConfigurationException", e);
} catch (SAXException e) {
LOG.debug("SAXException", e);
}
return null;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class XMLCipherInput method getDecryptBytes.
/**
* Internal method to get bytes in decryption mode
* @return the decrypted bytes
* @throws XMLEncryptionException
*/
private byte[] getDecryptBytes() throws XMLEncryptionException {
String base64EncodedEncryptedOctets = null;
if (cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
// Fun time!
LOG.debug("Found a reference type CipherData");
CipherReference cr = cipherData.getCipherReference();
// Need to wrap the uri in an Attribute node so that we can
// Pass to the resource resolvers
Attr uriAttr = cr.getURIAsAttr();
XMLSignatureInput input = null;
try {
ResourceResolver resolver = ResourceResolver.getInstance(uriAttr, null, secureValidation);
input = resolver.resolve(uriAttr, null, secureValidation);
} catch (ResourceResolverException ex) {
throw new XMLEncryptionException(ex);
}
if (input != null) {
LOG.debug("Managed to resolve URI \"{}\"", cr.getURI());
} else {
LOG.debug("Failed to resolve URI \"{}\"", cr.getURI());
}
// Lets see if there are any transforms
Transforms transforms = cr.getTransforms();
if (transforms != null) {
LOG.debug("Have transforms in cipher reference");
try {
org.apache.xml.security.transforms.Transforms dsTransforms = transforms.getDSTransforms();
dsTransforms.setSecureValidation(secureValidation);
input = dsTransforms.performTransforms(input);
} catch (TransformationException ex) {
throw new XMLEncryptionException(ex);
}
}
try {
return input.getBytes();
} catch (IOException ex) {
throw new XMLEncryptionException(ex);
} catch (CanonicalizationException ex) {
throw new XMLEncryptionException(ex);
}
// retrieve the cipher text
} else if (cipherData.getDataType() == CipherData.VALUE_TYPE) {
base64EncodedEncryptedOctets = cipherData.getCipherValue().getValue();
} else {
throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
}
LOG.debug("Encrypted octets:\n{}", base64EncodedEncryptedOctets);
return Base64.getMimeDecoder().decode(base64EncodedEncryptedOctets);
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class TransformC14N method enginePerformTransform.
protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
Canonicalizer20010315OmitComments c14n = new Canonicalizer20010315OmitComments();
c14n.setSecureValidation(secureValidation);
if (os != null) {
c14n.setWriter(os);
}
byte[] result = null;
result = c14n.engineCanonicalize(input);
XMLSignatureInput output = new XMLSignatureInput(result);
output.setSecureValidation(secureValidation);
if (os != null) {
output.setOutputStream(os);
}
return output;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class TransformC14N11_WithComments method enginePerformTransform.
protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transform) throws CanonicalizationException {
Canonicalizer11_WithComments c14n = new Canonicalizer11_WithComments();
c14n.setSecureValidation(secureValidation);
if (os != null) {
c14n.setWriter(os);
}
byte[] result = null;
result = c14n.engineCanonicalize(input);
XMLSignatureInput output = new XMLSignatureInput(result);
output.setSecureValidation(secureValidation);
if (os != null) {
output.setOutputStream(os);
}
return output;
}
Aggregations