Examples with InboundXMLSec org.apache.xml.security.stax.ext.InboundXMLSec used on opensource projects

Search in sources :

Example 56 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class SignatureHMACVerificationTest method testHMACSHA1.

@Test
public void testHMACSHA1() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set the key up
    byte[] hmacKey = "secret".getBytes(StandardCharsets.US_ASCII);
    String signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    signUsingDOM(signatureAlgorithm, document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1");
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) SecretKeySpec(javax.crypto.spec.SecretKeySpec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 57 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class SignatureHMACVerificationTest method testRIPEMD160.

@Test
public void testRIPEMD160() throws Exception {
    org.junit.Assume.assumeTrue(bcInstalled);
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set the key up
    byte[] hmacKey = "secret".getBytes(StandardCharsets.US_ASCII);
    String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
    SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    signUsingDOM(signatureAlgorithm, document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1");
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) SecretKeySpec(javax.crypto.spec.SecretKeySpec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 58 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class SignatureHMACVerificationTest method testHMACSHA_256.

@Test
public void testHMACSHA_256() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set the key up
    byte[] hmacKey = "secret".getBytes(StandardCharsets.US_ASCII);
    String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
    SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    signUsingDOM(signatureAlgorithm, document, localNames, key, "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1");
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(key);
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) SecretKey(javax.crypto.SecretKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) SecretKeySpec(javax.crypto.spec.SecretKeySpec) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Example 59 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class SignatureVerificationReferenceURIResolverTest method testSignatureVerificationWithSameDocumentXPointerIdApostropheReference.

@Test
public void testSignatureVerificationWithSameDocumentXPointerIdApostropheReference() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    Key key = keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//*[local-name()='ShippingAddress']";
    Element elementToSign = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
    Assert.assertNotNull(elementToSign);
    String id = UUID.randomUUID().toString();
    elementToSign.setAttributeNS(null, "Id", id);
    elementToSign.setIdAttributeNS(null, "Id", true);
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    ReferenceInfo referenceInfo = new ReferenceInfo("#xpointer(id('" + id + "'))", new String[] { "http://www.w3.org/2001/10/xml-exc-c14n#" }, "http://www.w3.org/2000/09/xmldsig#sha1", false);
    List<ReferenceInfo> referenceInfos = new ArrayList<>();
    referenceInfos.add(referenceInfo);
    XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, referenceInfos);
    // Add KeyInfo
    sig.addKeyInfo(cert);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(cert.getPublicKey());
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) XPathFactory(javax.xml.xpath.XPathFactory) XMLSignature(org.apache.xml.security.signature.XMLSignature) XPath(javax.xml.xpath.XPath) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Key(java.security.Key) Test(org.junit.Test)

Example 60 with InboundXMLSec

use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.

the class IAIKTest method test_signatureAlgorithms_signatures_rSASignature.

@Test
public void test_signatureAlgorithms_signatures_rSASignature() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the SecurityEvents
    checkSignatureToken(securityEventListener, getPublicKey("RSA"), SecurityTokenConstants.KeyIdentifier_KeyValue);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) Document(org.w3c.dom.Document) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Test(org.junit.Test)

Aggregations

XMLStreamReader (javax.xml.stream.XMLStreamReader)155 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)155 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)155 Test (org.junit.Test)151 InputStream (java.io.InputStream)150 DOMSource (javax.xml.transform.dom.DOMSource)150 ByteArrayInputStream (java.io.ByteArrayInputStream)149 ByteArrayOutputStream (java.io.ByteArrayOutputStream)149 DocumentBuilder (javax.xml.parsers.DocumentBuilder)149 StreamResult (javax.xml.transform.stream.StreamResult)149 Document (org.w3c.dom.Document)123 ArrayList (java.util.ArrayList)89 SecretKey (javax.crypto.SecretKey)79 TestSecurityEventListener (org.apache.xml.security.test.stax.signature.TestSecurityEventListener)58 KeyGenerator (javax.crypto.KeyGenerator)34 Key (java.security.Key)31 KeyStore (java.security.KeyStore)27 X509Certificate (java.security.cert.X509Certificate)27 SecretKeySpec (javax.crypto.spec.SecretKeySpec)26 InetSocketAddress (java.net.InetSocketAddress)22
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial