Search in sources :

Example 11 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformBase64Decode method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws IOException, CanonicalizationException, TransformationException {
    if (input.isElement()) {
        Node el = input.getSubNode();
        if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
            el = el.getParentNode();
        }
        StringBuilder sb = new StringBuilder();
        traverseElement((Element) el, sb);
        if (os == null) {
            byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
            XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
            output.setSecureValidation(secureValidation);
            return output;
        }
        byte[] bytes = Base64.getMimeDecoder().decode(sb.toString());
        os.write(bytes);
        XMLSignatureInput output = new XMLSignatureInput((byte[]) null);
        output.setSecureValidation(secureValidation);
        output.setOutputStream(os);
        return output;
    }
    if (input.isOctetStream() || input.isNodeSet()) {
        if (os == null) {
            byte[] base64Bytes = input.getBytes();
            byte[] decodedBytes = Base64.getMimeDecoder().decode(base64Bytes);
            XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
            output.setSecureValidation(secureValidation);
            return output;
        }
        if (input.isByteArray() || input.isNodeSet()) {
            byte[] bytes = Base64.getMimeDecoder().decode(input.getBytes());
            os.write(bytes);
        } else {
            byte[] inputBytes = JavaUtils.getBytesFromStream(input.getOctetStreamReal());
            byte[] bytes = Base64.getMimeDecoder().decode(inputBytes);
            os.write(bytes);
        }
        XMLSignatureInput output = new XMLSignatureInput((byte[]) null);
        output.setSecureValidation(secureValidation);
        output.setOutputStream(os);
        return output;
    }
    try {
        // Exceptional case there is current not text case testing this(Before it was a
        // a common case).
        Document doc = XMLUtils.createDocumentBuilder(false, secureValidation).parse(input.getOctetStream());
        Element rootNode = doc.getDocumentElement();
        StringBuilder sb = new StringBuilder();
        traverseElement(rootNode, sb);
        byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
        XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
        output.setSecureValidation(secureValidation);
        return output;
    } catch (ParserConfigurationException e) {
        throw new TransformationException(e, "c14n.Canonicalizer.Exception");
    } catch (SAXException e) {
        throw new TransformationException(e, "SAX exception");
    }
}
Also used : TransformationException(org.apache.xml.security.transforms.TransformationException) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException)

Example 12 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14N11 method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transform) throws CanonicalizationException {
    Canonicalizer11_OmitComments c14n = new Canonicalizer11_OmitComments();
    c14n.setSecureValidation(secureValidation);
    if (os != null) {
        c14n.setWriter(os);
    }
    byte[] result = null;
    result = c14n.engineCanonicalize(input);
    XMLSignatureInput output = new XMLSignatureInput(result);
    output.setSecureValidation(secureValidation);
    if (os != null) {
        output.setOutputStream(os);
    }
    return output;
}
Also used : Canonicalizer11_OmitComments(org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)

Example 13 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14NExclusive method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
    try {
        String inclusiveNamespaces = null;
        if (transformObject.length(InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1) {
            Element inclusiveElement = XMLUtils.selectNode(transformObject.getElement().getFirstChild(), InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES, 0);
            inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, transformObject.getBaseURI()).getInclusiveNamespaces();
        }
        Canonicalizer20010315ExclOmitComments c14n = new Canonicalizer20010315ExclOmitComments();
        c14n.setSecureValidation(secureValidation);
        if (os != null) {
            c14n.setWriter(os);
        }
        byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
        XMLSignatureInput output = new XMLSignatureInput(result);
        output.setSecureValidation(secureValidation);
        if (os != null) {
            output.setOutputStream(os);
        }
        return output;
    } catch (XMLSecurityException ex) {
        throw new CanonicalizationException(ex);
    }
}
Also used : CanonicalizationException(org.apache.xml.security.c14n.CanonicalizationException) Element(org.w3c.dom.Element) InclusiveNamespaces(org.apache.xml.security.transforms.params.InclusiveNamespaces) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Canonicalizer20010315ExclOmitComments(org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 14 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14NWithComments method enginePerformTransform.

/**
 * {@inheritDoc}
 */
protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
    Canonicalizer20010315WithComments c14n = new Canonicalizer20010315WithComments();
    c14n.setSecureValidation(secureValidation);
    if (os != null) {
        c14n.setWriter(os);
    }
    byte[] result = null;
    result = c14n.engineCanonicalize(input);
    XMLSignatureInput output = new XMLSignatureInput(result);
    output.setSecureValidation(secureValidation);
    if (os != null) {
        output.setOutputStream(os);
    }
    return output;
}
Also used : XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Canonicalizer20010315WithComments(org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)

Example 15 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformXSLT method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream baos, Transform transformObject) throws IOException, TransformationException {
    try {
        Element transformElement = transformObject.getElement();
        Element xsltElement = XMLUtils.selectNode(transformElement.getFirstChild(), XSLTSpecNS, "stylesheet", 0);
        if (xsltElement == null) {
            Object[] exArgs = { "xslt:stylesheet", "Transform" };
            throw new TransformationException("xml.WrongContent", exArgs);
        }
        TransformerFactory tFactory = TransformerFactory.newInstance();
        // Process XSLT stylesheets in a secure manner
        tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
        /*
             * This transform requires an octet stream as input. If the actual
             * input is an XPath node-set, then the signature application should
             * attempt to convert it to octets (apply Canonical XML]) as described
             * in the Reference Processing Model (section 4.3.3.2).
             */
        Source stylesheet;
        /*
             * This complicated transformation of the stylesheet itself is necessary
             * because of the need to get the pure style sheet. If we simply say
             * Source stylesheet = new DOMSource(this.xsltElement);
             * whereby this.xsltElement is not the rootElement of the Document,
             * this causes problems;
             * so we convert the stylesheet to byte[] and use this as input stream
             */
        {
            try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
                Transformer transformer = tFactory.newTransformer();
                DOMSource source = new DOMSource(xsltElement);
                StreamResult result = new StreamResult(os);
                transformer.transform(source, result);
                stylesheet = new StreamSource(new ByteArrayInputStream(os.toByteArray()));
            }
        }
        Transformer transformer = tFactory.newTransformer(stylesheet);
        // implementations.
        try {
            transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", "\n");
        } catch (Exception e) {
            LOG.warn("Unable to set Xalan line-separator property: " + e.getMessage());
        }
        try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
            Source xmlSource = new StreamSource(is);
            if (baos == null) {
                try (ByteArrayOutputStream baos1 = new ByteArrayOutputStream()) {
                    StreamResult outputTarget = new StreamResult(baos1);
                    transformer.transform(xmlSource, outputTarget);
                    XMLSignatureInput output = new XMLSignatureInput(baos1.toByteArray());
                    output.setSecureValidation(secureValidation);
                    return output;
                }
            }
            StreamResult outputTarget = new StreamResult(baos);
            transformer.transform(xmlSource, outputTarget);
        }
        XMLSignatureInput output = new XMLSignatureInput((byte[]) null);
        output.setSecureValidation(secureValidation);
        output.setOutputStream(baos);
        return output;
    } catch (XMLSecurityException ex) {
        throw new TransformationException(ex);
    } catch (TransformerConfigurationException ex) {
        throw new TransformationException(ex);
    } catch (TransformerException ex) {
        throw new TransformationException(ex);
    }
}
Also used : TransformationException(org.apache.xml.security.transforms.TransformationException) DOMSource(javax.xml.transform.dom.DOMSource) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) StreamResult(javax.xml.transform.stream.StreamResult) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) StreamSource(javax.xml.transform.stream.StreamSource) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DOMSource(javax.xml.transform.dom.DOMSource) StreamSource(javax.xml.transform.stream.StreamSource) Source(javax.xml.transform.Source) TransformerException(javax.xml.transform.TransformerException) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) IOException(java.io.IOException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) TransformationException(org.apache.xml.security.transforms.TransformationException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) TransformerException(javax.xml.transform.TransformerException)

Aggregations

XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)12 InputStream (java.io.InputStream)11 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Node (org.w3c.dom.Node)9 ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8 IOException (java.io.IOException)7 Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6 StringReader (java.io.StringReader)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 Transforms (org.apache.xml.security.transforms.Transforms)4 InputSource (org.xml.sax.InputSource)4 SAXException (org.xml.sax.SAXException)4 URISyntaxException (java.net.URISyntaxException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 Set (java.util.Set)3