Search in sources :

Example 6 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class RetrievalMethodResolver method resolveInput.

/**
 * Resolves the input from the given retrieval method
 * @return the input from the given retrieval method
 * @throws XMLSecurityException
 */
private static XMLSignatureInput resolveInput(RetrievalMethod rm, String baseURI, boolean secureValidation) throws XMLSecurityException {
    Attr uri = rm.getURIAttr();
    // Apply the transforms
    Transforms transforms = rm.getTransforms();
    ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
    XMLSignatureInput resource = resRes.resolve(uri, baseURI, secureValidation);
    if (transforms != null) {
        LOG.debug("We have Transforms");
        resource = transforms.performTransforms(resource);
    }
    return resource;
}
Also used : Transforms(org.apache.xml.security.transforms.Transforms) ResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolver) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Attr(org.w3c.dom.Attr)

Example 7 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class RetrievalMethodResolver method engineLookupAndResolvePublicKey.

/**
 * Method engineResolvePublicKey
 * {@inheritDoc}
 * @param element
 * @param baseURI
 * @param storage
 */
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) {
    if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
        return null;
    }
    try {
        // Create a retrieval method over the given element
        RetrievalMethod rm = new RetrievalMethod(element, baseURI);
        String type = rm.getType();
        XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
        if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
            // a raw certificate, direct parsing is done!
            X509Certificate cert = getRawCertificate(resource);
            if (cert != null) {
                return cert.getPublicKey();
            }
            return null;
        }
        Element e = obtainReferenceElement(resource, secureValidation);
        // which points to this element
        if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
            if (secureValidation) {
                if (LOG.isDebugEnabled()) {
                    String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
                    LOG.debug(error);
                }
                return null;
            }
            RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
            XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
            Element e2 = obtainReferenceElement(resource2, secureValidation);
            if (e2 == element) {
                LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
                return null;
            }
        }
        return resolveKey(e, baseURI, storage);
    } catch (XMLSecurityException ex) {
        LOG.debug("XMLSecurityException", ex);
    } catch (CertificateException ex) {
        LOG.debug("CertificateException", ex);
    } catch (IOException ex) {
        LOG.debug("IOException", ex);
    } catch (ParserConfigurationException e) {
        LOG.debug("ParserConfigurationException", e);
    } catch (SAXException e) {
        LOG.debug("SAXException", e);
    }
    return null;
}
Also used : RetrievalMethod(org.apache.xml.security.keys.content.RetrievalMethod) Element(org.w3c.dom.Element) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SAXException(org.xml.sax.SAXException)

Example 8 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class XMLCipherInput method getDecryptBytes.

/**
 * Internal method to get bytes in decryption mode
 * @return the decrypted bytes
 * @throws XMLEncryptionException
 */
private byte[] getDecryptBytes() throws XMLEncryptionException {
    String base64EncodedEncryptedOctets = null;
    if (cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
        // Fun time!
        LOG.debug("Found a reference type CipherData");
        CipherReference cr = cipherData.getCipherReference();
        // Need to wrap the uri in an Attribute node so that we can
        // Pass to the resource resolvers
        Attr uriAttr = cr.getURIAsAttr();
        XMLSignatureInput input = null;
        try {
            ResourceResolver resolver = ResourceResolver.getInstance(uriAttr, null, secureValidation);
            input = resolver.resolve(uriAttr, null, secureValidation);
        } catch (ResourceResolverException ex) {
            throw new XMLEncryptionException(ex);
        }
        if (input != null) {
            LOG.debug("Managed to resolve URI \"{}\"", cr.getURI());
        } else {
            LOG.debug("Failed to resolve URI \"{}\"", cr.getURI());
        }
        // Lets see if there are any transforms
        Transforms transforms = cr.getTransforms();
        if (transforms != null) {
            LOG.debug("Have transforms in cipher reference");
            try {
                org.apache.xml.security.transforms.Transforms dsTransforms = transforms.getDSTransforms();
                dsTransforms.setSecureValidation(secureValidation);
                input = dsTransforms.performTransforms(input);
            } catch (TransformationException ex) {
                throw new XMLEncryptionException(ex);
            }
        }
        try {
            return input.getBytes();
        } catch (IOException ex) {
            throw new XMLEncryptionException(ex);
        } catch (CanonicalizationException ex) {
            throw new XMLEncryptionException(ex);
        }
    // retrieve the cipher text
    } else if (cipherData.getDataType() == CipherData.VALUE_TYPE) {
        base64EncodedEncryptedOctets = cipherData.getCipherValue().getValue();
    } else {
        throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
    }
    LOG.debug("Encrypted octets:\n{}", base64EncodedEncryptedOctets);
    return Base64.getMimeDecoder().decode(base64EncodedEncryptedOctets);
}
Also used : TransformationException(org.apache.xml.security.transforms.TransformationException) CanonicalizationException(org.apache.xml.security.c14n.CanonicalizationException) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException) IOException(java.io.IOException) Attr(org.w3c.dom.Attr) ResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolver)

Example 9 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14N method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
    Canonicalizer20010315OmitComments c14n = new Canonicalizer20010315OmitComments();
    c14n.setSecureValidation(secureValidation);
    if (os != null) {
        c14n.setWriter(os);
    }
    byte[] result = null;
    result = c14n.engineCanonicalize(input);
    XMLSignatureInput output = new XMLSignatureInput(result);
    output.setSecureValidation(secureValidation);
    if (os != null) {
        output.setOutputStream(os);
    }
    return output;
}
Also used : Canonicalizer20010315OmitComments(org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)

Example 10 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14N11_WithComments method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transform) throws CanonicalizationException {
    Canonicalizer11_WithComments c14n = new Canonicalizer11_WithComments();
    c14n.setSecureValidation(secureValidation);
    if (os != null) {
        c14n.setWriter(os);
    }
    byte[] result = null;
    result = c14n.engineCanonicalize(input);
    XMLSignatureInput output = new XMLSignatureInput(result);
    output.setSecureValidation(secureValidation);
    if (os != null) {
        output.setOutputStream(os);
    }
    return output;
}
Also used : XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Canonicalizer11_WithComments(org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)

Aggregations

XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)12 InputStream (java.io.InputStream)11 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Node (org.w3c.dom.Node)9 ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8 IOException (java.io.IOException)7 Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6 StringReader (java.io.StringReader)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 Transforms (org.apache.xml.security.transforms.Transforms)4 InputSource (org.xml.sax.InputSource)4 SAXException (org.xml.sax.SAXException)4 URISyntaxException (java.net.URISyntaxException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 Set (java.util.Set)3