use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class ResolverAnonymous method engineResolveURI.
/**
* {@inheritDoc}
*/
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) {
XMLSignatureInput input = new XMLSignatureInput(inStream);
input.setSecureValidation(context.secureValidation);
return input;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class TransformC14NExclusiveWithComments method enginePerformTransform.
protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws CanonicalizationException {
try {
String inclusiveNamespaces = null;
if (transformObject.length(InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1) {
Element inclusiveElement = XMLUtils.selectNode(transformObject.getElement().getFirstChild(), InclusiveNamespaces.ExclusiveCanonicalizationNamespace, InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES, 0);
inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, transformObject.getBaseURI()).getInclusiveNamespaces();
}
Canonicalizer20010315ExclWithComments c14n = new Canonicalizer20010315ExclWithComments();
c14n.setSecureValidation(secureValidation);
if (os != null) {
c14n.setWriter(os);
}
byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
XMLSignatureInput output = new XMLSignatureInput(result);
output.setSecureValidation(secureValidation);
return output;
} catch (XMLSecurityException ex) {
throw new CanonicalizationException(ex);
}
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class DOMURIDereferencer method dereference.
@Override
public Data dereference(URIReference uriRef, XMLCryptoContext context) throws URIReferenceException {
if (uriRef == null) {
throw new NullPointerException("uriRef cannot be null");
}
if (context == null) {
throw new NullPointerException("context cannot be null");
}
DOMURIReference domRef = (DOMURIReference) uriRef;
Attr uriAttr = (Attr) domRef.getHere();
String uri = uriRef.getURI();
DOMCryptoContext dcc = (DOMCryptoContext) context;
String baseURI = context.getBaseURI();
boolean secVal = Utils.secureValidation(context);
// Check if same-document URI and already registered on the context
if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
String id = uri.substring(1);
if (id.startsWith("xpointer(id(")) {
int i1 = id.indexOf('\'');
int i2 = id.indexOf('\'', i1 + 1);
id = id.substring(i1 + 1, i2);
}
Node referencedElem = dcc.getElementById(id);
if (referencedElem != null) {
if (secVal) {
Element start = referencedElem.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, (Element) referencedElem, id)) {
String error = "Multiple Elements with the same ID " + id + " were detected";
throw new URIReferenceException(error);
}
}
XMLSignatureInput result = new XMLSignatureInput(referencedElem);
result.setSecureValidation(secVal);
if (!uri.substring(1).startsWith("xpointer(id(")) {
result.setExcludeComments(true);
}
result.setMIMEType("text/xml");
if (baseURI != null && baseURI.length() > 0) {
result.setSourceURI(baseURI.concat(uriAttr.getNodeValue()));
} else {
result.setSourceURI(uriAttr.getNodeValue());
}
return new ApacheNodeSetData(result);
}
}
try {
ResourceResolver apacheResolver = ResourceResolver.getInstance(uriAttr, baseURI, secVal);
XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, secVal);
if (in.isOctetStream()) {
return new ApacheOctetStreamData(in);
} else {
return new ApacheNodeSetData(in);
}
} catch (Exception e) {
throw new URIReferenceException(e);
}
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class RetrievalMethodResolver method engineLookupResolveX509Certificate.
/**
* Method engineResolveX509Certificate
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) {
if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
return null;
}
try {
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
return getRawCertificate(resource);
}
Element e = obtainReferenceElement(resource, secureValidation);
// which points to this element
if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
if (secureValidation) {
if (LOG.isDebugEnabled()) {
String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
LOG.debug(error);
}
return null;
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
return null;
}
}
return resolveCertificate(e, baseURI, storage);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
LOG.debug("CertificateException", ex);
} catch (IOException ex) {
LOG.debug("IOException", ex);
} catch (ParserConfigurationException e) {
LOG.debug("ParserConfigurationException", e);
} catch (SAXException e) {
LOG.debug("SAXException", e);
}
return null;
}
use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.
the class Canonicalizer20010315ExclusiveTest method testDefaultNSInInclusiveNamespacePrefixList2.
/**
* Test default namespace behavior if its in the InclusiveNamespace prefix list.
*
* @throws Exception
*/
@org.junit.Test
public void testDefaultNSInInclusiveNamespacePrefixList2() throws Exception {
final String XML = "<env:Envelope" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns=\"http://example.com\"" + " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " xmlns:ns0=\"http://xmlsoap.org/Ping\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<env:Body wsu:Id=\"body\">" + "<ns0:Ping xsi:type=\"ns0:ping\">" + "<ns0:text xmlns=\"\" xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>" + "</env:Envelope>";
final String c14nXML1 = "<env:Body" + " xmlns=\"http://example.com\"" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " wsu:Id=\"body\">" + "<ns0:Ping xmlns:ns0=\"http://xmlsoap.org/Ping\" xsi:type=\"ns0:ping\">" + "<ns0:text xmlns=\"\" xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>";
final String c14nXML2 = "<env:Body" + " xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\"" + " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"" + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " wsu:Id=\"body\">" + "<ns0:Ping xmlns:ns0=\"http://xmlsoap.org/Ping\" xsi:type=\"ns0:ping\">" + "<ns0:text xsi:type=\"xsd:string\">hello</ns0:text>" + "</ns0:Ping>" + "</env:Body>";
Document doc = this.db.parse(new InputSource(new StringReader(XML)));
{
Canonicalizer20010315ExclOmitComments c14n = new Canonicalizer20010315ExclOmitComments();
XMLSignatureInput input = new XMLSignatureInput(doc.getDocumentElement().getFirstChild());
byte[] bytes = c14n.engineCanonicalize(input, "#default xsi");
assertEquals(c14nXML1, new String(bytes));
}
{
Canonicalizer20010315ExclOmitComments c14n = new Canonicalizer20010315ExclOmitComments();
XMLSignatureInput input = new XMLSignatureInput(doc.getDocumentElement().getFirstChild());
byte[] bytes = c14n.engineCanonicalize(input, "xsi");
assertEquals(c14nXML2, new String(bytes));
}
}
Aggregations