Search in sources :

Example 1 with XMLSecAttribute

use of org.apache.xml.security.stax.ext.stax.XMLSecAttribute in project santuario-java by apache.

the class AbstractSignatureEndingOutputProcessor method processHeaderEvent.

/*
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1022834285">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <ds:Reference URI="#id-1612925417">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>cy/khx5N6UobCJ1EbX+qnrGID2U=</ds:DigestValue>
                </ds:Reference>
                <ds:Reference URI="#Timestamp-1106985890">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>+p5YRII6uvUdsJ7XLKkWx1CBewE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
                Izg1FlI9oa4gOon2vTXi7V0EpiyCUazECVGYflbXq7/3GF8ThKGDMpush/fo1I2NVjEFTfmT2WP/
                +ZG5N2jASFptrcGbsqmuLE5JbxUP1TVKb9SigKYcOQJJ8klzmVfPXnSiRZmIU+DUT2UXopWnGNFL
                TwY0Uxja4ZuI6U8m8Tg=
            </ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-1043455692">
                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1008354042">
                    <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                        URI="#CertId-3458500" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
    */
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
    OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
    List<XMLSecAttribute> attributes = new ArrayList<>(1);
    if (securityProperties.isSignatureGenerateIds()) {
        attributes = new ArrayList<>(1);
        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
    } else {
        attributes = Collections.emptyList();
    }
    XMLSecStartElement signatureElement = createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature, true, attributes);
    SignatureAlgorithm signatureAlgorithm;
    try {
        signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(getSecurityProperties().getSignatureAlgorithm());
    } catch (NoSuchAlgorithmException e) {
        throw new XMLSecurityException(e);
    } catch (NoSuchProviderException e) {
        throw new XMLSecurityException(e);
    }
    String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
    if (tokenId == null) {
        throw new XMLSecurityException("stax.keyNotFound");
    }
    SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
    if (wrappingSecurityTokenProvider == null) {
        throw new XMLSecurityException("stax.keyNotFound");
    }
    final OutboundSecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
    if (wrappingSecurityToken == null) {
        throw new XMLSecurityException("stax.keyNotFound");
    }
    String sigAlgorithm = getSecurityProperties().getSignatureAlgorithm();
    Key key = wrappingSecurityToken.getSecretKey(sigAlgorithm);
    // todo remove and use wrappingSecurityToken.isSymmetric or so?
    if (XMLSecurityConstants.NS_XMLDSIG_HMACSHA1.equals(sigAlgorithm)) {
        key = XMLSecurityUtils.prepareSecretKey(sigAlgorithm, key.getEncoded());
    }
    signatureAlgorithm.engineInitSign(key);
    SignedInfoProcessor signedInfoProcessor = newSignedInfoProcessor(signatureAlgorithm, signatureElement, subOutputProcessorChain);
    createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignedInfo, false, null);
    attributes = new ArrayList<>(1);
    final String signatureCanonicalizationAlgorithm = getSecurityProperties().getSignatureCanonicalizationAlgorithm();
    attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signatureCanonicalizationAlgorithm));
    createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod, false, attributes);
    if (getSecurityProperties().isAddExcC14NInclusivePrefixes() && XMLSecurityConstants.NS_C14N_EXCL.equals(signatureCanonicalizationAlgorithm)) {
        attributes = new ArrayList<>(1);
        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList, signedInfoProcessor.getInclusiveNamespacePrefixes()));
        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces, true, attributes);
        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
    }
    createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod);
    attributes = new ArrayList<>(1);
    attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getSignatureAlgorithm()));
    createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureMethod, false, attributes);
    createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureMethod);
    Iterator<SignaturePartDef> signaturePartDefIterator = signaturePartDefList.iterator();
    while (signaturePartDefIterator.hasNext()) {
        SignaturePartDef signaturePartDef = signaturePartDefIterator.next();
        String uriString;
        if (signaturePartDef.isExternalResource()) {
            uriString = signaturePartDef.getSigRefId();
        } else if (signaturePartDef.getSigRefId() != null) {
            if (signaturePartDef.isGenerateXPointer()) {
                uriString = "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))";
            } else {
                uriString = "#" + signaturePartDef.getSigRefId();
            }
        } else {
            uriString = "";
        }
        attributes = new ArrayList<>(1);
        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, uriString));
        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Reference, false, attributes);
        createTransformsStructureForSignature(subOutputProcessorChain, signaturePartDef);
        attributes = new ArrayList<>(1);
        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getDigestAlgo()));
        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, false, attributes);
        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestValue, false, null);
        createCharactersAndOutputAsEvent(subOutputProcessorChain, signaturePartDef.getDigestValue());
        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestValue);
        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Reference);
    }
    createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignedInfo);
    subOutputProcessorChain.removeProcessor(signedInfoProcessor);
    createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue, false, null);
    final byte[] signatureValue = signedInfoProcessor.getSignatureValue();
    createCharactersAndOutputAsEvent(subOutputProcessorChain, Base64.getMimeEncoder().encodeToString(signatureValue));
    createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue);
    if (securityProperties.isSignatureGenerateIds()) {
        attributes = new ArrayList<>(1);
        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
    } else {
        attributes = Collections.emptyList();
    }
    if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, attributes);
        createKeyInfoStructureForSignature(subOutputProcessorChain, wrappingSecurityToken, getSecurityProperties().isUseSingleCert());
        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
    }
    createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature);
}
Also used : SignaturePartDef(org.apache.xml.security.stax.impl.SignaturePartDef) SignatureAlgorithm(org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute) NoSuchProviderException(java.security.NoSuchProviderException) OutputProcessorChain(org.apache.xml.security.stax.ext.OutputProcessorChain) Key(java.security.Key)

Example 2 with XMLSecAttribute

use of org.apache.xml.security.stax.ext.stax.XMLSecAttribute in project santuario-java by apache.

the class XMLSignatureOutputProcessor method processEvent.

@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
    if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
        XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
        // avoid double signature when child elements matches too
        if (getActiveInternalSignatureOutputProcessor() == null) {
            SecurePart securePart = securePartMatches(xmlSecStartElement, outputProcessorChain, XMLSecurityConstants.SIGNATURE_PARTS);
            if (securePart != null) {
                LOG.debug("Matched securePart for signature");
                InternalSignatureOutputProcessor internalSignatureOutputProcessor = null;
                SignaturePartDef signaturePartDef = new SignaturePartDef();
                signaturePartDef.setSecurePart(securePart);
                signaturePartDef.setTransforms(securePart.getTransforms());
                if (signaturePartDef.getTransforms() == null) {
                    signaturePartDef.setTransforms(new String[] { XMLSecurityConstants.NS_C14N_EXCL_OMIT_COMMENTS });
                }
                signaturePartDef.setExcludeVisibleC14Nprefixes(true);
                signaturePartDef.setDigestAlgo(securePart.getDigestMethod());
                if (signaturePartDef.getDigestAlgo() == null) {
                    signaturePartDef.setDigestAlgo(getSecurityProperties().getSignatureDigestAlgorithm());
                }
                if (securityProperties.isSignatureGenerateIds()) {
                    if (securePart.getIdToSign() == null) {
                        signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
                        signaturePartDef.setSigRefId(IDGenerator.generateID(null));
                        Attribute attribute = xmlSecStartElement.getAttributeByName(securityProperties.getIdAttributeNS());
                        if (attribute != null) {
                            signaturePartDef.setSigRefId(attribute.getValue());
                        } else {
                            List<XMLSecAttribute> attributeList = new ArrayList<>(1);
                            attributeList.add(createAttribute(securityProperties.getIdAttributeNS(), signaturePartDef.getSigRefId()));
                            xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
                        }
                    } else {
                        signaturePartDef.setSigRefId(securePart.getIdToSign());
                    }
                }
                getSignaturePartDefList().add(signaturePartDef);
                internalSignatureOutputProcessor = new InternalSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
                internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                internalSignatureOutputProcessor.setAction(getAction());
                internalSignatureOutputProcessor.addAfterProcessor(XMLSignatureOutputProcessor.class.getName());
                internalSignatureOutputProcessor.addBeforeProcessor(XMLSignatureEndingOutputProcessor.class.getName());
                internalSignatureOutputProcessor.init(outputProcessorChain);
                setActiveInternalSignatureOutputProcessor(internalSignatureOutputProcessor);
            }
        }
    }
    outputProcessorChain.processEvent(xmlSecEvent);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement) SignaturePartDef(org.apache.xml.security.stax.impl.SignaturePartDef) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute) Attribute(javax.xml.stream.events.Attribute) ArrayList(java.util.ArrayList) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)

Example 3 with XMLSecAttribute

use of org.apache.xml.security.stax.ext.stax.XMLSecAttribute in project santuario-java by apache.

the class Canonicalizer11 method getInitialUtilizedAttributes.

@Override
protected List<XMLSecAttribute> getInitialUtilizedAttributes(final XMLSecStartElement xmlSecStartElement, final C14NStack<XMLSecEvent> outputStack) {
    List<XMLSecAttribute> utilizedAttributes = Collections.emptyList();
    List<XMLSecAttribute> visibleAttributes = new ArrayList<>();
    xmlSecStartElement.getAttributesFromCurrentScope(visibleAttributes);
    for (int i = 0; i < visibleAttributes.size(); i++) {
        XMLSecAttribute comparableAttribute = visibleAttributes.get(i);
        final QName comparableAttributeName = comparableAttribute.getName();
        // xml:id attributes must be handled like other attributes: emit but dont inherit
        if (!XML.equals(comparableAttributeName.getPrefix())) {
            continue;
        }
        if ("id".equals(comparableAttributeName.getLocalPart()) || "base".equals(comparableAttributeName.getLocalPart())) {
            continue;
        }
        if (outputStack.containsOnStack(comparableAttribute) != null) {
            continue;
        }
        if (utilizedAttributes == Collections.<XMLSecAttribute>emptyList()) {
            utilizedAttributes = new ArrayList<>(2);
        }
        utilizedAttributes.add(comparableAttribute);
        outputStack.peek().add(comparableAttribute);
    }
    List<XMLSecAttribute> elementAttributes = xmlSecStartElement.getOnElementDeclaredAttributes();
    for (int i = 0; i < elementAttributes.size(); i++) {
        XMLSecAttribute comparableAttribute = elementAttributes.get(i);
        // attributes with xml prefix are already processed in the for loop above
        // xml:id attributes must be handled like other attributes: emit but dont inherit
        final QName attributeName = comparableAttribute.getName();
        if (XML.equals(attributeName.getPrefix())) {
            continue;
        }
        if (utilizedAttributes == Collections.<XMLSecAttribute>emptyList()) {
            utilizedAttributes = new ArrayList<>(2);
        }
        utilizedAttributes.add(comparableAttribute);
    }
    return utilizedAttributes;
}
Also used : QName(javax.xml.namespace.QName) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)

Example 4 with XMLSecAttribute

use of org.apache.xml.security.stax.ext.stax.XMLSecAttribute in project santuario-java by apache.

the class AbstractOutputProcessor method createStartElementAndOutputAsEvent.

public XMLSecStartElement createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, boolean outputLocalNs, List<XMLSecAttribute> attributes) throws XMLStreamException, XMLSecurityException {
    List<XMLSecNamespace> comparableNamespaces = Collections.emptyList();
    if (outputLocalNs) {
        comparableNamespaces = new ArrayList<>(2);
        comparableNamespaces.add(XMLSecEventFactory.createXMLSecNamespace(element.getPrefix(), element.getNamespaceURI()));
    }
    if (attributes != null) {
        for (int i = 0; i < attributes.size(); i++) {
            XMLSecAttribute xmlSecAttribute = attributes.get(i);
            QName attributeName = xmlSecAttribute.getName();
            String attributeNamePrefix = attributeName.getPrefix();
            if (attributeNamePrefix != null && attributeNamePrefix.isEmpty()) {
                continue;
            }
            if (!comparableNamespaces.contains(xmlSecAttribute.getAttributeNamespace())) {
                if (comparableNamespaces == Collections.<XMLSecNamespace>emptyList()) {
                    comparableNamespaces = new ArrayList<>(1);
                }
                comparableNamespaces.add(xmlSecAttribute.getAttributeNamespace());
            }
        }
    }
    XMLSecStartElement xmlSecStartElement = XMLSecEventFactory.createXmlSecStartElement(element, attributes, comparableNamespaces);
    outputAsEvent(outputProcessorChain, xmlSecStartElement);
    return xmlSecStartElement;
}
Also used : XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement) XMLSecNamespace(org.apache.xml.security.stax.ext.stax.XMLSecNamespace) QName(javax.xml.namespace.QName) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)

Example 5 with XMLSecAttribute

use of org.apache.xml.security.stax.ext.stax.XMLSecAttribute in project santuario-java by apache.

the class AbstractOutputProcessor method addAttributes.

public XMLSecStartElement addAttributes(XMLSecStartElement xmlSecStartElement, List<XMLSecAttribute> attributeList) throws XMLStreamException {
    List<XMLSecNamespace> declaredNamespaces = xmlSecStartElement.getOnElementDeclaredNamespaces();
    for (int i = 0; i < attributeList.size(); i++) {
        XMLSecAttribute xmlSecAttribute = attributeList.get(i);
        xmlSecStartElement.addAttribute(xmlSecAttribute);
        final QName attributeName = xmlSecAttribute.getName();
        if (attributeName.getNamespaceURI() != null && !"".equals(attributeName.getNamespaceURI()) && !declaredNamespaces.contains(xmlSecAttribute.getAttributeNamespace())) {
            xmlSecStartElement.addNamespace(xmlSecAttribute.getAttributeNamespace());
        }
    }
    return xmlSecStartElement;
}
Also used : XMLSecNamespace(org.apache.xml.security.stax.ext.stax.XMLSecNamespace) QName(javax.xml.namespace.QName) XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)

Aggregations

XMLSecAttribute (org.apache.xml.security.stax.ext.stax.XMLSecAttribute)9 QName (javax.xml.namespace.QName)4 XMLSecNamespace (org.apache.xml.security.stax.ext.stax.XMLSecNamespace)4 ArrayList (java.util.ArrayList)3 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)3 XMLSecStartElement (org.apache.xml.security.stax.ext.stax.XMLSecStartElement)3 Attribute (javax.xml.stream.events.Attribute)2 SignaturePartDef (org.apache.xml.security.stax.impl.SignaturePartDef)2 OutboundSecurityToken (org.apache.xml.security.stax.securityToken.OutboundSecurityToken)2 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 Key (java.security.Key)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 X509Certificate (java.security.cert.X509Certificate)1 DSAPublicKey (java.security.interfaces.DSAPublicKey)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1