Search in sources :

Example 41 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class ResolverDirectHTTP method engineResolveURI.

/**
 * {@inheritDoc}
 */
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
    try {
        // calculate new URI
        URI uriNew = getNewURI(context.uriToResolve, context.baseUri);
        URL url = uriNew.toURL();
        URLConnection urlConnection = openConnection(url);
        // check if Basic authentication is required
        String auth = urlConnection.getHeaderField("WWW-Authenticate");
        if (auth != null && auth.startsWith("Basic")) {
            // do http basic authentication
            String user = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicUser]);
            String pass = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]);
            if (user != null && pass != null) {
                urlConnection = openConnection(url);
                String password = user + ":" + pass;
                String encodedPassword = Base64.getMimeEncoder().encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
                // set authentication property in the http header
                urlConnection.setRequestProperty("Authorization", "Basic " + encodedPassword);
            }
        }
        String mimeType = urlConnection.getHeaderField("Content-Type");
        try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
            InputStream inputStream = urlConnection.getInputStream()) {
            byte[] buf = new byte[4096];
            int read = 0;
            int summarized = 0;
            while ((read = inputStream.read(buf)) >= 0) {
                baos.write(buf, 0, read);
                summarized += read;
            }
            LOG.debug("Fetched {} bytes from URI {}", summarized, uriNew.toString());
            XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
            result.setSecureValidation(context.secureValidation);
            result.setSourceURI(uriNew.toString());
            result.setMIMEType(mimeType);
            return result;
        }
    } catch (URISyntaxException ex) {
        throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
    } catch (MalformedURLException ex) {
        throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
    } catch (IOException ex) {
        throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
    } catch (IllegalArgumentException e) {
        throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) InputStream(java.io.InputStream) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ByteArrayOutputStream(java.io.ByteArrayOutputStream) URISyntaxException(java.net.URISyntaxException) ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException) IOException(java.io.IOException) URI(java.net.URI) URL(java.net.URL) URLConnection(java.net.URLConnection)

Example 42 with XMLSignatureInput

use of org.apache.xml.security.signature.XMLSignatureInput in project santuario-java by apache.

the class ResolverFragment method engineResolveURI.

/**
 * {@inheritDoc}
 */
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
    Document doc = context.attr.getOwnerElement().getOwnerDocument();
    Node selectedElem = null;
    if (context.uriToResolve.equals("")) {
        /*
             * Identifies the node-set (minus any comment nodes) of the XML
             * resource containing the signature
             */
        LOG.debug("ResolverFragment with empty URI (means complete document)");
        selectedElem = doc;
    } else {
        /*
             * URI="#chapter1"
             * Identifies a node-set containing the element with ID attribute
             * value 'chapter1' of the XML resource containing the signature.
             * XML Signature (and its applications) modify this node-set to
             * include the element plus all descendants including namespaces and
             * attributes -- but not comments.
             */
        String id = context.uriToResolve.substring(1);
        selectedElem = doc.getElementById(id);
        if (selectedElem == null) {
            Object[] exArgs = { id };
            throw new ResourceResolverException("signature.Verification.MissingID", exArgs, context.uriToResolve, context.baseUri);
        }
        if (context.secureValidation) {
            Element start = context.attr.getOwnerDocument().getDocumentElement();
            if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
                Object[] exArgs = { id };
                throw new ResourceResolverException("signature.Verification.MultipleIDs", exArgs, context.uriToResolve, context.baseUri);
            }
        }
        LOG.debug("Try to catch an Element with ID {} and Element was {}", id, selectedElem);
    }
    XMLSignatureInput result = new XMLSignatureInput(selectedElem);
    result.setSecureValidation(context.secureValidation);
    result.setExcludeComments(true);
    result.setMIMEType("text/xml");
    if (context.baseUri != null && context.baseUri.length() > 0) {
        result.setSourceURI(context.baseUri.concat(context.uriToResolve));
    } else {
        result.setSourceURI(context.uriToResolve);
    }
    return result;
}
Also used : Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) ResourceResolverException(org.apache.xml.security.utils.resolver.ResourceResolverException) Document(org.w3c.dom.Document)

Aggregations

XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)42 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)12 InputStream (java.io.InputStream)11 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Node (org.w3c.dom.Node)9 ResourceResolverException (org.apache.xml.security.utils.resolver.ResourceResolverException)8 IOException (java.io.IOException)7 Canonicalizer20010315ExclOmitComments (org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)6 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)6 StringReader (java.io.StringReader)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 Transforms (org.apache.xml.security.transforms.Transforms)4 InputSource (org.xml.sax.InputSource)4 SAXException (org.xml.sax.SAXException)4 URISyntaxException (java.net.URISyntaxException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 Set (java.util.Set)3