Example 31 with InboundXMLSec
use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.
the class SymmetricEncryptionVerificationTest method testAES192.
@Test
public void testAES192() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(192);
SecretKey key = keygen.generateKey();
// Encrypt using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
String algorithm = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
encryptUsingDOM(algorithm, key, null, null, document, localNames, false);
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 0);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the CreditCard decrypted ok
nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
Assert.assertEquals(nodeList.getLength(), 1);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
SecretKey(javax.crypto.SecretKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
KeyGenerator(javax.crypto.KeyGenerator)
Test(org.junit.Test)
Example 32 with InboundXMLSec
use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.
the class XMLEncryption11Test method decryptElementStAX.
/**
* Decrypt using StAX API
*/
private Document decryptElementStAX(Document doc, Key rsaKey) throws Exception {
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(rsaKey);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(new DOMSource(doc));
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
return StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
TestSecurityEventListener(org.apache.xml.security.test.stax.signature.TestSecurityEventListener)
Example 33 with InboundXMLSec
use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.
the class SignatureVerificationReferenceURIResolverTest method testSignatureVerificationWithSameDocumentXPointerIdDoubleQuoteReference.
@Test
public void testSignatureVerificationWithSameDocumentXPointerIdDoubleQuoteReference() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//*[local-name()='ShippingAddress']";
Element elementToSign = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
ReferenceInfo referenceInfo = new ReferenceInfo("#xpointer(id(\"" + id + "\"))", new String[] { "http://www.w3.org/2001/10/xml-exc-c14n#" }, "http://www.w3.org/2000/09/xmldsig#sha1", false);
List<ReferenceInfo> referenceInfos = new ArrayList<>();
referenceInfos.add(referenceInfo);
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, referenceInfos);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Document(org.w3c.dom.Document)
XPathFactory(javax.xml.xpath.XPathFactory)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
XPath(javax.xml.xpath.XPath)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Key(java.security.Key)
Test(org.junit.Test)
Example 34 with InboundXMLSec
use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.
the class SignatureVerificationReferenceURIResolverTest method testSignatureVerificationWithExternalFilesystemXMLReference.
@Test
public void testSignatureVerificationWithExternalFilesystemXMLReference() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
File file = new File(BASEDIR + "/src/test/resources/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml").getCanonicalFile();
ReferenceInfo referenceInfo = new ReferenceInfo(file.toURI().toString(), new String[] { "http://www.w3.org/2001/10/xml-exc-c14n#" }, "http://www.w3.org/2000/09/xmldsig#sha1", false);
List<ReferenceInfo> referenceInfos = new ArrayList<>();
referenceInfos.add(referenceInfo);
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, referenceInfos);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
try {
TestUtils.switchAllowNotSameDocumentReferences(true);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
} finally {
TestUtils.switchAllowNotSameDocumentReferences(false);
}
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
File(java.io.File)
Key(java.security.Key)
Test(org.junit.Test)
Example 35 with InboundXMLSec
use of org.apache.xml.security.stax.ext.InboundXMLSec in project santuario-java by apache.
the class UnknownAlgoSignatureTest method testBadSigAlgo.
@Test
public void testBadSigAlgo() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("org/apache/xml/security/temp/signature/signature-bad-sig-algo.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("org/apache/xml/security/samples/input/keystore.jks").openStream(), null);
X509Certificate cert = (X509Certificate) keyStore.getCertificate("test");
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
try {
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
fail("Failure expected on a bad signature algorithm");
} catch (XMLStreamException ex) {
Assert.assertTrue(ex.getCause() instanceof XMLSecurityException);
Assert.assertEquals("The algorithm URI \"http://www.apache.org/bad-sig-algo\" could not be mapped to a JCE algorithm", ex.getCause().getMessage());
}
// XMLUtils.outputDOM(document, System.out);
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamResult(javax.xml.transform.stream.StreamResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties)
Test(org.junit.Test)
Aggregations
XMLStreamReader (javax.xml.stream.XMLStreamReader)155
InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)155
XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)155
Test (org.junit.Test)151
InputStream (java.io.InputStream)150
DOMSource (javax.xml.transform.dom.DOMSource)150
ByteArrayInputStream (java.io.ByteArrayInputStream)149
ByteArrayOutputStream (java.io.ByteArrayOutputStream)149
DocumentBuilder (javax.xml.parsers.DocumentBuilder)149
StreamResult (javax.xml.transform.stream.StreamResult)149
Document (org.w3c.dom.Document)123
ArrayList (java.util.ArrayList)89
SecretKey (javax.crypto.SecretKey)79
TestSecurityEventListener (org.apache.xml.security.test.stax.signature.TestSecurityEventListener)58
KeyGenerator (javax.crypto.KeyGenerator)34
Key (java.security.Key)31
KeyStore (java.security.KeyStore)27
X509Certificate (java.security.cert.X509Certificate)27
SecretKeySpec (javax.crypto.spec.SecretKeySpec)26
InetSocketAddress (java.net.InetSocketAddress)22
