Search in sources :

Example 36 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class ResolverAnonymous method engineResolveURI.

/**
 * {@inheritDoc}
 */
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) {
    XMLSignatureInput input = new XMLSignatureInput(inStream);
    input.setSecureValidation(context.secureValidation);
    return input;
}
Also used : XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)

Example 37 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class TransformC14NExclusiveWithComments method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
    try {
        String inclusiveNamespaces = null;
        if (transformObject.length(InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1) {
            Element inclusiveElement = XMLUtils.selectNode(transformObject.getElement().getFirstChild(), InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES, 0);
            inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, transformObject.getBaseURI()).getInclusiveNamespaces();
        }
        Canonicalizer20010315ExclWithComments c14n = new Canonicalizer20010315ExclWithComments();
        c14n.setSecureValidation(secureValidation);
        if (os != null) {
            c14n.setWriter(os);
        }
        byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
        XMLSignatureInput output = new XMLSignatureInput(result);
        output.setSecureValidation(secureValidation);
        return output;
    } catch (XMLSecurityException ex) {
        throw new CanonicalizationException(ex);
    }
}
Also used : Canonicalizer20010315ExclWithComments(org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments) CanonicalizationException(org.apache.xml.security.c14n.CanonicalizationException) Element(org.w3c.dom.Element) InclusiveNamespaces(org.apache.xml.security.transforms.params.InclusiveNamespaces) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 38 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class DOMURIDereferencer method dereference.

@Override
public Data dereference(URIReference uriRef, XMLCryptoContext context) throws URIReferenceException {
    if (uriRef == null) {
        throw new NullPointerException("uriRef cannot be null");
    }
    if (context == null) {
        throw new NullPointerException("context cannot be null");
    }
    DOMURIReference domRef = (DOMURIReference) uriRef;
    Attr uriAttr = (Attr) domRef.getHere();
    String uri = uriRef.getURI();
    DOMCryptoContext dcc = (DOMCryptoContext) context;
    String baseURI = context.getBaseURI();
    boolean secVal = Utils.secureValidation(context);
    // Check if same-document URI and already registered on the context
    if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
        String id = uri.substring(1);
        if (id.startsWith("xpointer(id(")) {
            int i1 = id.indexOf('\'');
            int i2 = id.indexOf('\'', i1 + 1);
            id = id.substring(i1 + 1, i2);
        }
        Node referencedElem = dcc.getElementById(id);
        if (referencedElem != null) {
            if (secVal) {
                Element start = referencedElem.getOwnerDocument().getDocumentElement();
                if (!XMLUtils.protectAgainstWrappingAttack(start, (Element) referencedElem, id)) {
                    String error = "Multiple Elements with the same ID " + id + " were detected";
                    throw new URIReferenceException(error);
                }
            }
            XMLSignatureInput result = new XMLSignatureInput(referencedElem);
            result.setSecureValidation(secVal);
            if (!uri.substring(1).startsWith("xpointer(id(")) {
                result.setExcludeComments(true);
            }
            result.setMIMEType("text/xml");
            if (baseURI != null && baseURI.length() > 0) {
                result.setSourceURI(baseURI.concat(uriAttr.getNodeValue()));
            } else {
                result.setSourceURI(uriAttr.getNodeValue());
            }
            return new ApacheNodeSetData(result);
        }
    }
    try {
        ResourceResolver apacheResolver = ResourceResolver.getInstance(uriAttr, baseURI, secVal);
        XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, secVal);
        if (in.isOctetStream()) {
            return new ApacheOctetStreamData(in);
        } else {
            return new ApacheNodeSetData(in);
        }
    } catch (Exception e) {
        throw new URIReferenceException(e);
    }
}
Also used : Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Attr(org.w3c.dom.Attr) ResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolver)

Example 39 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class RetrievalMethodResolver method engineLookupResolveX509Certificate.

/**
 * Method engineResolveX509Certificate
 * {@inheritDoc}
 * @param element
 * @param baseURI
 * @param storage
 */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) {
    if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
        return null;
    }
    try {
        RetrievalMethod rm = new RetrievalMethod(element, baseURI);
        String type = rm.getType();
        XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
        if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
            return getRawCertificate(resource);
        }
        Element e = obtainReferenceElement(resource, secureValidation);
        // which points to this element
        if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
            if (secureValidation) {
                if (LOG.isDebugEnabled()) {
                    String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
                    LOG.debug(error);
                }
                return null;
            }
            RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
            XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
            Element e2 = obtainReferenceElement(resource2, secureValidation);
            if (e2 == element) {
                LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
                return null;
            }
        }
        return resolveCertificate(e, baseURI, storage);
    } catch (XMLSecurityException ex) {
        LOG.debug("XMLSecurityException", ex);
    } catch (CertificateException ex) {
        LOG.debug("CertificateException", ex);
    } catch (IOException ex) {
        LOG.debug("IOException", ex);
    } catch (ParserConfigurationException e) {
        LOG.debug("ParserConfigurationException", e);
    } catch (SAXException e) {
        LOG.debug("SAXException", e);
    }
    return null;
}
Also used : RetrievalMethod(org.apache.xml.security.keys.content.RetrievalMethod) Element(org.w3c.dom.Element) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SAXException(org.xml.sax.SAXException)

Example 40 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class Canonicalizer20010315ExclusiveTest method testDefaultNSInInclusiveNamespacePrefixList2.

/**
 * Test default namespace behavior if its in the InclusiveNamespace prefix list.
 *
 * @throws Exception
 */
@org.junit.Test
public void testDefaultNSInInclusiveNamespacePrefixList2() throws Exception {
    final String XML = "<env:Envelope" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns=\"http://example.com\"" + " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " xmlns:ns0=\"http://xmlsoap.org/Ping\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<env:Body wsu:Id=\"body\">" + "<ns0:Ping xsi:type=\"ns0:ping\">" + "<ns0:text xmlns=\"\" xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>" + "</env:Envelope>";
    final String c14nXML1 = "<env:Body" + " xmlns=\"http://example.com\"" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " wsu:Id=\"body\">" + "<ns0:Ping xmlns:ns0=\"http://xmlsoap.org/Ping\" xsi:type=\"ns0:ping\">" + "<ns0:text xmlns=\"\" xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>";
    final String c14nXML2 = "<env:Body" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " wsu:Id=\"body\">" + "<ns0:Ping xmlns:ns0=\"http://xmlsoap.org/Ping\" xsi:type=\"ns0:ping\">" + "<ns0:text xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>";
    Document doc = this.db.parse(new InputSource(new StringReader(XML)));
    {
        Canonicalizer20010315ExclOmitComments c14n = new Canonicalizer20010315ExclOmitComments();
        XMLSignatureInput input = new XMLSignatureInput(doc.getDocumentElement().getFirstChild());
        byte[] bytes = c14n.engineCanonicalize(input, "#default xsi");
        assertEquals(c14nXML1, new String(bytes));
    }
    {
        Canonicalizer20010315ExclOmitComments c14n = new Canonicalizer20010315ExclOmitComments();
        XMLSignatureInput input = new XMLSignatureInput(doc.getDocumentElement().getFirstChild());
        byte[] bytes = c14n.engineCanonicalize(input, "xsi");
        assertEquals(c14nXML2, new String(bytes));
    }
}
Also used : InputSource(org.xml.sax.InputSource) StringReader(java.io.StringReader) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Document(org.w3c.dom.Document) Canonicalizer20010315ExclOmitComments(org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)

Aggregations

XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)12 InputStream (java.io.InputStream)11 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Node (org.w3c.dom.Node)9 ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8 IOException (java.io.IOException)7 Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6 StringReader (java.io.StringReader)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 Transforms (org.apache.xml.security.transforms.Transforms)4 InputSource (org.xml.sax.InputSource)4 SAXException (org.xml.sax.SAXException)4 URISyntaxException (java.net.URISyntaxException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 Set (java.util.Set)3