Example 31 with XMLSignatureInput
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class ApacheCanonicalizer method transform.
public Data transform(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException {
if (data == null) {
throw new NullPointerException("data must not be null");
}
if (os == null) {
throw new NullPointerException("output stream must not be null");
}
if (ownerDoc == null) {
throw new TransformException("transform must be marshalled");
}
if (apacheTransform == null) {
try {
apacheTransform = new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI());
boolean secVal = Utils.secureValidation(xc);
apacheTransform.setSecureValidation(secVal);
LOG.debug("Created transform for algorithm: {}", getAlgorithm());
} catch (Exception ex) {
throw new TransformException("Couldn't find Transform for: " + getAlgorithm(), ex);
}
}
XMLSignatureInput in;
if (data instanceof ApacheData) {
LOG.debug("ApacheData = true");
in = ((ApacheData) data).getXMLSignatureInput();
} else if (data instanceof NodeSetData) {
LOG.debug("isNodeSet() = true");
if (data instanceof DOMSubTreeData) {
DOMSubTreeData subTree = (DOMSubTreeData) data;
in = new XMLSignatureInput(subTree.getRoot());
in.setExcludeComments(subTree.excludeComments());
} else {
@SuppressWarnings("unchecked") Set<Node> nodeSet = Utils.toNodeSet(((NodeSetData) data).iterator());
in = new XMLSignatureInput(nodeSet);
}
} else {
LOG.debug("isNodeSet() = false");
try {
in = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} catch (Exception ex) {
throw new TransformException(ex);
}
}
boolean secVal = Utils.secureValidation(xc);
in.setSecureValidation(secVal);
try {
in = apacheTransform.performTransform(in, os);
if (!in.isNodeSet() && !in.isElement()) {
return null;
}
if (in.isOctetStream()) {
return new ApacheOctetStreamData(in);
} else {
return new ApacheNodeSetData(in);
}
} catch (Exception ex) {
throw new TransformException(ex);
}
}
Also used :
Set(java.util.Set)
TransformException(javax.xml.crypto.dsig.TransformException)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
Transform(org.apache.xml.security.transforms.Transform)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
TransformException(javax.xml.crypto.dsig.TransformException)
InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException)
Example 32 with XMLSignatureInput
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class DOMReference method transform.
private byte[] transform(Data dereferencedData, XMLCryptoContext context) throws XMLSignatureException {
if (md == null) {
try {
md = MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
md.reset();
DigesterOutputStream dos;
Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference");
if (cache != null && cache) {
this.derefData = copyDerefData(dereferencedData);
dos = new DigesterOutputStream(md, true);
} else {
dos = new DigesterOutputStream(md);
}
Data data = dereferencedData;
try (OutputStream os = new UnsyncBufferedOutputStream(dos)) {
for (int i = 0, size = transforms.size(); i < size; i++) {
DOMTransform transform = (DOMTransform) transforms.get(i);
if (i < size - 1) {
data = transform.transform(data, context);
} else {
data = transform.transform(data, context, os);
}
}
if (data != null) {
XMLSignatureInput xi;
// explicitly use C14N 1.1 when generating signature
// first check system property, then context property
boolean c14n11 = useC14N11;
String c14nalg = CanonicalizationMethod.INCLUSIVE;
if (context instanceof XMLSignContext) {
if (!c14n11) {
Boolean prop = (Boolean) context.getProperty("org.apache.xml.security.useC14N11");
c14n11 = prop != null && prop;
if (c14n11) {
c14nalg = "http://www.w3.org/2006/12/xml-c14n11";
}
} else {
c14nalg = "http://www.w3.org/2006/12/xml-c14n11";
}
}
if (data instanceof ApacheData) {
xi = ((ApacheData) data).getXMLSignatureInput();
} else if (data instanceof OctetStreamData) {
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else if (data instanceof NodeSetData) {
TransformService spi = null;
if (provider == null) {
spi = TransformService.getInstance(c14nalg, "DOM");
} else {
try {
spi = TransformService.getInstance(c14nalg, "DOM", provider);
} catch (NoSuchAlgorithmException nsae) {
spi = TransformService.getInstance(c14nalg, "DOM");
}
}
data = spi.transform(data, context);
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else {
throw new XMLSignatureException("unrecognized Data type");
}
boolean secVal = Utils.secureValidation(context);
xi.setSecureValidation(secVal);
if (context instanceof XMLSignContext && c14n11 && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
TransformService spi = null;
if (provider == null) {
spi = TransformService.getInstance(c14nalg, "DOM");
} else {
try {
spi = TransformService.getInstance(c14nalg, "DOM", provider);
} catch (NoSuchAlgorithmException nsae) {
spi = TransformService.getInstance(c14nalg, "DOM");
}
}
DOMTransform t = new DOMTransform(spi);
Element transformsElem = null;
String dsPrefix = DOMUtils.getSignaturePrefix(context);
if (allTransforms.isEmpty()) {
transformsElem = DOMUtils.createElement(refElem.getOwnerDocument(), "Transforms", XMLSignature.XMLNS, dsPrefix);
refElem.insertBefore(transformsElem, DOMUtils.getFirstChildElement(refElem));
} else {
transformsElem = DOMUtils.getFirstChildElement(refElem);
}
XmlWriter xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), transformsElem);
t.marshal(xwriter, dsPrefix, context);
allTransforms.add(t);
xi.updateOutputStream(os, true);
} else {
xi.updateOutputStream(os);
}
}
os.flush();
if (cache != null && cache) {
this.dis = dos.getInputStream();
}
return dos.getDigestValue();
} catch (NoSuchAlgorithmException e) {
throw new XMLSignatureException(e);
} catch (TransformException e) {
throw new XMLSignatureException(e);
} catch (MarshalException e) {
throw new XMLSignatureException(e);
} catch (IOException e) {
throw new XMLSignatureException(e);
} catch (org.apache.xml.security.c14n.CanonicalizationException e) {
throw new XMLSignatureException(e);
} finally {
if (dos != null) {
try {
dos.close();
} catch (IOException e) {
throw new XMLSignatureException(e);
}
}
}
}
Also used :
DigesterOutputStream(org.apache.jcp.xml.dsig.internal.DigesterOutputStream)
UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream)
Element(org.w3c.dom.Element)
UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
DigesterOutputStream(org.apache.jcp.xml.dsig.internal.DigesterOutputStream)
Example 33 with XMLSignatureInput
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class XMLSignatureInputTest method testSetOctetStreamGetOctetStream.
@org.junit.Test
public void testSetOctetStreamGetOctetStream() throws IOException, CanonicalizationException, InvalidCanonicalizerException {
InputStream inputStream = new ByteArrayInputStream(_octetStreamTextInput.getBytes(java.nio.charset.StandardCharsets.UTF_8));
XMLSignatureInput input = new XMLSignatureInput(inputStream);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
InputStream res = input.getOctetStream();
int off = 0;
while (res.available() > 0) {
byte[] array = new byte[1024];
int len = res.read(array);
baos.write(array, off, len);
off += len;
}
byte[] resBytes = baos.toByteArray();
String resString = new String(resBytes, java.nio.charset.StandardCharsets.UTF_8);
assertTrue(resString.equals(_octetStreamTextInput));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Example 34 with XMLSignatureInput
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class XPointerResourceResolver method engineResolveURI.
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
String v = context.uriToResolve;
if (v.charAt(0) != '#') {
return null;
}
String xpURI;
try {
xpURI = URLDecoder.decode(v, "utf-8");
} catch (UnsupportedEncodingException e) {
LOG.warn("utf-8 not a valid encoding ", e);
return null;
}
String[] parts = xpURI.substring(1).split("\\s");
int i = 0;
Map<String, String> namespaces = new HashMap<>();
if (parts.length > 1) {
for (; i < parts.length - 1; ++i) {
if (!parts[i].endsWith(")") || !parts[i].startsWith(XNS_OPEN)) {
return null;
}
String mapping = parts[i].substring(XNS_OPEN.length(), parts[i].length() - 1);
int pos = mapping.indexOf('=');
if (pos <= 0 || pos >= mapping.length() - 1) {
throw new ResourceResolverException("malformed namespace part of XPointer expression", context.uriToResolve, context.baseUri);
}
namespaces.put(mapping.substring(0, pos), mapping.substring(pos + 1));
}
}
try {
Node node = null;
NodeList nodes = null;
// plain ID reference.
if (i == 0 && !parts[i].startsWith(XP_OPEN)) {
node = this.baseNode.getOwnerDocument().getElementById(parts[i]);
} else {
if (!parts[i].endsWith(")") || !parts[i].startsWith(XP_OPEN)) {
return null;
}
String xpathExpr = parts[i].substring(XP_OPEN.length(), parts[i].length() - 1);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
DSNamespaceContext namespaceContext = new DSNamespaceContext(namespaces);
xpath.setNamespaceContext(namespaceContext);
nodes = (NodeList) xpath.evaluate(xpathExpr, this.baseNode, XPathConstants.NODESET);
if (nodes.getLength() == 0) {
return null;
}
if (nodes.getLength() == 1) {
node = nodes.item(0);
}
}
XMLSignatureInput result = null;
if (node != null) {
result = new XMLSignatureInput(node);
} else if (nodes != null) {
Set<Node> nodeSet = new HashSet<>(nodes.getLength());
for (int j = 0; j < nodes.getLength(); ++j) {
nodeSet.add(nodes.item(j));
}
result = new XMLSignatureInput(nodeSet);
} else {
return null;
}
result.setMIMEType("text/xml");
result.setExcludeComments(true);
result.setSourceURI((context.baseUri != null) ? context.baseUri.concat(v) : v);
return result;
} catch (XPathExpressionException e) {
throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "Problem evaluating XPath expression");
}
}
Also used :
XPath(javax.xml.xpath.XPath)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException)
XPathFactory(javax.xml.xpath.XPathFactory)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
Example 35 with XMLSignatureInput
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class TransformBase64DecodeTest method test3.
@org.junit.Test
public void test3() throws Exception {
// J-
String input = "" + "<Object xmlns:signature='http://www.w3.org/2000/09/xmldsig#'>\n" + "<signature:Base64>\n" + "VGhlIFVSSSBvZiB0aGU gdHJhbn<RealText>Nmb 3JtIGlzIG<test/>h0dHA6</RealText>Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=\n" + "</signature:Base64>\n" + "</Object>\n";
// J+
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
Document doc = null;
try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
doc = db.parse(is);
}
// XMLUtils.circumventBug2650(doc);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Base64";
Node base64Node = (Node) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignatureInput xmlinput = new XMLSignatureInput(base64Node);
Document doc2 = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc2);
doc2.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput out = t.performTransforms(xmlinput);
String result = new String(out.getBytes());
assertTrue("\"" + result + "\"", result.equals("The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64"));
}
Also used :
XPath(javax.xml.xpath.XPath)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
Node(org.w3c.dom.Node)
Transforms(org.apache.xml.security.transforms.Transforms)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
Document(org.w3c.dom.Document)
XPathFactory(javax.xml.xpath.XPathFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
Aggregations
XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42
Document (org.w3c.dom.Document)12
Element (org.w3c.dom.Element)12
InputStream (java.io.InputStream)11
ByteArrayInputStream (java.io.ByteArrayInputStream)9
Node (org.w3c.dom.Node)9
ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8
IOException (java.io.IOException)7
Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6
StringReader (java.io.StringReader)5
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5
CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
Transforms (org.apache.xml.security.transforms.Transforms)4
InputSource (org.xml.sax.InputSource)4
SAXException (org.xml.sax.SAXException)4
URISyntaxException (java.net.URISyntaxException)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
Set (java.util.Set)3
