Example 1 with XMLSecStartElement
use of org.apache.xml.security.stax.ext.stax.XMLSecStartElement in project santuario-java by apache.
the class AbstractDecryptInputProcessor method processEvent.
private XMLSecEvent processEvent(InputProcessorChain inputProcessorChain, boolean isSecurityHeaderEvent) throws XMLStreamException, XMLSecurityException {
if (!tmpXmlEventList.isEmpty()) {
return tmpXmlEventList.pollLast();
}
XMLSecEvent xmlSecEvent = isSecurityHeaderEvent ? inputProcessorChain.processHeaderEvent() : inputProcessorChain.processEvent();
boolean encryptedHeader = false;
if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
// otherwise replay it
if (xmlSecStartElement.getName().equals(XMLSecurityConstants.TAG_wsse11_EncryptedHeader)) {
xmlSecEvent = readAndBufferEncryptedHeader(inputProcessorChain, isSecurityHeaderEvent, xmlSecEvent);
xmlSecStartElement = xmlSecEvent.asStartElement();
encryptedHeader = true;
}
// check if the current start-element has the name EncryptedData and an Id attribute
if (xmlSecStartElement.getName().equals(XMLSecurityConstants.TAG_xenc_EncryptedData)) {
ReferenceType referenceType = null;
if (references != null) {
referenceType = matchesReferenceId(xmlSecStartElement);
if (referenceType == null) {
// if the events were not for us (no matching reference-id the we have to replay the EncryptedHeader elements)
if (!tmpXmlEventList.isEmpty()) {
return tmpXmlEventList.pollLast();
}
return xmlSecEvent;
}
// duplicate id's are forbidden
if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException("signature.Verification.MultipleIDs");
}
processedReferences.add(referenceType);
}
tmpXmlEventList.clear();
// the following LOGic reads the encryptedData structure and doesn't pass them further
// through the chain
InputProcessorChain subInputProcessorChain = inputProcessorChain.createSubChain(this);
EncryptedDataType encryptedDataType = parseEncryptedDataStructure(isSecurityHeaderEvent, xmlSecEvent, subInputProcessorChain);
if (encryptedDataType.getId() == null) {
encryptedDataType.setId(IDGenerator.generateID(null));
}
InboundSecurityToken inboundSecurityToken = getSecurityToken(inputProcessorChain, xmlSecStartElement, encryptedDataType);
handleSecurityToken(inboundSecurityToken, inputProcessorChain.getSecurityContext(), encryptedDataType);
final String algorithmURI = encryptedDataType.getEncryptionMethod().getAlgorithm();
final int ivLength = JCEAlgorithmMapper.getIVLengthFromURI(algorithmURI) / 8;
Cipher symCipher = getCipher(algorithmURI);
if (encryptedDataType.getCipherData().getCipherReference() != null) {
handleCipherReference(inputProcessorChain, encryptedDataType, symCipher, inboundSecurityToken);
subInputProcessorChain.reset();
return isSecurityHeaderEvent ? subInputProcessorChain.processHeaderEvent() : subInputProcessorChain.processEvent();
}
// create a new Thread for streaming decryption
DecryptionThread decryptionThread = new DecryptionThread(subInputProcessorChain, isSecurityHeaderEvent);
Key decryptionKey = inboundSecurityToken.getSecretKey(algorithmURI, XMLSecurityConstants.Enc, encryptedDataType.getId());
decryptionKey = XMLSecurityUtils.prepareSecretKey(algorithmURI, decryptionKey.getEncoded());
decryptionThread.setSecretKey(decryptionKey);
decryptionThread.setSymmetricCipher(symCipher);
decryptionThread.setIvLength(ivLength);
XMLSecStartElement parentXMLSecStartElement = xmlSecStartElement.getParentXMLSecStartElement();
if (encryptedHeader) {
parentXMLSecStartElement = parentXMLSecStartElement.getParentXMLSecStartElement();
}
AbstractDecryptedEventReaderInputProcessor decryptedEventReaderInputProcessor = newDecryptedEventReaderInputProcessor(encryptedHeader, parentXMLSecStartElement, encryptedDataType, inboundSecurityToken, inputProcessorChain.getSecurityContext());
// add the new created EventReader processor to the chain.
inputProcessorChain.addProcessor(decryptedEventReaderInputProcessor);
inputProcessorChain.getDocumentContext().setIsInEncryptedContent(inputProcessorChain.getProcessors().indexOf(decryptedEventReaderInputProcessor), decryptedEventReaderInputProcessor);
// important: this must occur after setIsInEncryptedContent!
if (SecurePart.Modifier.Content.getModifier().equals(encryptedDataType.getType())) {
handleEncryptedContent(inputProcessorChain, xmlSecStartElement.getParentXMLSecStartElement(), inboundSecurityToken, encryptedDataType);
}
Thread thread = new Thread(decryptionThread);
thread.setPriority(Thread.NORM_PRIORITY + 1);
thread.setName("decryption thread");
// when an exception in the decryption thread occurs, we want to forward them:
thread.setUncaughtExceptionHandler(decryptedEventReaderInputProcessor);
decryptedEventReaderInputProcessor.setDecryptionThread(thread);
// we have to start the thread before we call decryptionThread.getPipedInputStream().
// Otherwise we will end in a deadlock, because the StAX reader expects already data.
// @See some lines below:
LOG.debug("Starting decryption thread");
thread.start();
InputStream prologInputStream;
InputStream epilogInputStream;
try {
prologInputStream = writeWrapperStartElement(xmlSecStartElement);
epilogInputStream = writeWrapperEndElement();
} catch (UnsupportedEncodingException e) {
throw new XMLSecurityException(e);
} catch (IOException e) {
throw new XMLSecurityException(e);
}
InputStream decryptInputStream = decryptionThread.getPipedInputStream();
decryptInputStream = applyTransforms(referenceType, decryptInputStream);
// spec says (4.2): "The cleartext octet sequence obtained in step 3 is
// interpreted as UTF-8 encoded character data."
XMLStreamReader xmlStreamReader = inputProcessorChain.getSecurityContext().<XMLInputFactory>get(XMLSecurityConstants.XMLINPUTFACTORY).createXMLStreamReader(new MultiInputStream(prologInputStream, decryptInputStream, epilogInputStream), StandardCharsets.UTF_8.name());
// forward to wrapper element
forwardToWrapperElement(xmlStreamReader);
decryptedEventReaderInputProcessor.setXmlStreamReader(xmlStreamReader);
if (isSecurityHeaderEvent) {
return decryptedEventReaderInputProcessor.processNextHeaderEvent(inputProcessorChain);
} else {
return decryptedEventReaderInputProcessor.processNextEvent(inputProcessorChain);
}
}
}
return xmlSecEvent;
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
EncryptedDataType(org.apache.xml.security.binding.xmlenc.EncryptedDataType)
UnsyncByteArrayInputStream(org.apache.xml.security.utils.UnsyncByteArrayInputStream)
ReferenceType(org.apache.xml.security.binding.xmlenc.ReferenceType)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLSecEvent(org.apache.xml.security.stax.ext.stax.XMLSecEvent)
XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement)
InboundSecurityToken(org.apache.xml.security.stax.securityToken.InboundSecurityToken)
Key(java.security.Key)
Example 2 with XMLSecStartElement
use of org.apache.xml.security.stax.ext.stax.XMLSecStartElement in project santuario-java by apache.
the class AbstractSignatureEndingOutputProcessor method processHeaderEvent.
/*
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1022834285">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1612925417">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>cy/khx5N6UobCJ1EbX+qnrGID2U=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-1106985890">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>+p5YRII6uvUdsJ7XLKkWx1CBewE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Izg1FlI9oa4gOon2vTXi7V0EpiyCUazECVGYflbXq7/3GF8ThKGDMpush/fo1I2NVjEFTfmT2WP/
+ZG5N2jASFptrcGbsqmuLE5JbxUP1TVKb9SigKYcOQJJ8klzmVfPXnSiRZmIU+DUT2UXopWnGNFL
TwY0Uxja4ZuI6U8m8Tg=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-1043455692">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1008354042">
<wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
URI="#CertId-3458500" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
*/
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
List<XMLSecAttribute> attributes = new ArrayList<>(1);
if (securityProperties.isSignatureGenerateIds()) {
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
} else {
attributes = Collections.emptyList();
}
XMLSecStartElement signatureElement = createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature, true, attributes);
SignatureAlgorithm signatureAlgorithm;
try {
signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(getSecurityProperties().getSignatureAlgorithm());
} catch (NoSuchAlgorithmException e) {
throw new XMLSecurityException(e);
} catch (NoSuchProviderException e) {
throw new XMLSecurityException(e);
}
String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
if (tokenId == null) {
throw new XMLSecurityException("stax.keyNotFound");
}
SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
if (wrappingSecurityTokenProvider == null) {
throw new XMLSecurityException("stax.keyNotFound");
}
final OutboundSecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
if (wrappingSecurityToken == null) {
throw new XMLSecurityException("stax.keyNotFound");
}
String sigAlgorithm = getSecurityProperties().getSignatureAlgorithm();
Key key = wrappingSecurityToken.getSecretKey(sigAlgorithm);
// todo remove and use wrappingSecurityToken.isSymmetric or so?
if (XMLSecurityConstants.NS_XMLDSIG_HMACSHA1.equals(sigAlgorithm)) {
key = XMLSecurityUtils.prepareSecretKey(sigAlgorithm, key.getEncoded());
}
signatureAlgorithm.engineInitSign(key);
SignedInfoProcessor signedInfoProcessor = newSignedInfoProcessor(signatureAlgorithm, signatureElement, subOutputProcessorChain);
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignedInfo, false, null);
attributes = new ArrayList<>(1);
final String signatureCanonicalizationAlgorithm = getSecurityProperties().getSignatureCanonicalizationAlgorithm();
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signatureCanonicalizationAlgorithm));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod, false, attributes);
if (getSecurityProperties().isAddExcC14NInclusivePrefixes() && XMLSecurityConstants.NS_C14N_EXCL.equals(signatureCanonicalizationAlgorithm)) {
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList, signedInfoProcessor.getInclusiveNamespacePrefixes()));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces, true, attributes);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
}
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod);
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getSignatureAlgorithm()));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureMethod, false, attributes);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureMethod);
Iterator<SignaturePartDef> signaturePartDefIterator = signaturePartDefList.iterator();
while (signaturePartDefIterator.hasNext()) {
SignaturePartDef signaturePartDef = signaturePartDefIterator.next();
String uriString;
if (signaturePartDef.isExternalResource()) {
uriString = signaturePartDef.getSigRefId();
} else if (signaturePartDef.getSigRefId() != null) {
if (signaturePartDef.isGenerateXPointer()) {
uriString = "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))";
} else {
uriString = "#" + signaturePartDef.getSigRefId();
}
} else {
uriString = "";
}
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, uriString));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Reference, false, attributes);
createTransformsStructureForSignature(subOutputProcessorChain, signaturePartDef);
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getDigestAlgo()));
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, false, attributes);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestValue, false, null);
createCharactersAndOutputAsEvent(subOutputProcessorChain, signaturePartDef.getDigestValue());
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestValue);
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Reference);
}
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignedInfo);
subOutputProcessorChain.removeProcessor(signedInfoProcessor);
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue, false, null);
final byte[] signatureValue = signedInfoProcessor.getSignatureValue();
createCharactersAndOutputAsEvent(subOutputProcessorChain, Base64.getMimeEncoder().encodeToString(signatureValue));
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue);
if (securityProperties.isSignatureGenerateIds()) {
attributes = new ArrayList<>(1);
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
} else {
attributes = Collections.emptyList();
}
if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, attributes);
createKeyInfoStructureForSignature(subOutputProcessorChain, wrappingSecurityToken, getSecurityProperties().isUseSingleCert());
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
}
createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature);
}
Also used :
SignaturePartDef(org.apache.xml.security.stax.impl.SignaturePartDef)
SignatureAlgorithm(org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement)
OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken)
XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)
NoSuchProviderException(java.security.NoSuchProviderException)
OutputProcessorChain(org.apache.xml.security.stax.ext.OutputProcessorChain)
Key(java.security.Key)
Example 3 with XMLSecStartElement
use of org.apache.xml.security.stax.ext.stax.XMLSecStartElement in project santuario-java by apache.
the class XMLSignatureOutputProcessor method processEvent.
@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
// avoid double signature when child elements matches too
if (getActiveInternalSignatureOutputProcessor() == null) {
SecurePart securePart = securePartMatches(xmlSecStartElement, outputProcessorChain, XMLSecurityConstants.SIGNATURE_PARTS);
if (securePart != null) {
LOG.debug("Matched securePart for signature");
InternalSignatureOutputProcessor internalSignatureOutputProcessor = null;
SignaturePartDef signaturePartDef = new SignaturePartDef();
signaturePartDef.setSecurePart(securePart);
signaturePartDef.setTransforms(securePart.getTransforms());
if (signaturePartDef.getTransforms() == null) {
signaturePartDef.setTransforms(new String[] { XMLSecurityConstants.NS_C14N_EXCL_OMIT_COMMENTS });
}
signaturePartDef.setExcludeVisibleC14Nprefixes(true);
signaturePartDef.setDigestAlgo(securePart.getDigestMethod());
if (signaturePartDef.getDigestAlgo() == null) {
signaturePartDef.setDigestAlgo(getSecurityProperties().getSignatureDigestAlgorithm());
}
if (securityProperties.isSignatureGenerateIds()) {
if (securePart.getIdToSign() == null) {
signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
signaturePartDef.setSigRefId(IDGenerator.generateID(null));
Attribute attribute = xmlSecStartElement.getAttributeByName(securityProperties.getIdAttributeNS());
if (attribute != null) {
signaturePartDef.setSigRefId(attribute.getValue());
} else {
List<XMLSecAttribute> attributeList = new ArrayList<>(1);
attributeList.add(createAttribute(securityProperties.getIdAttributeNS(), signaturePartDef.getSigRefId()));
xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
}
} else {
signaturePartDef.setSigRefId(securePart.getIdToSign());
}
}
getSignaturePartDefList().add(signaturePartDef);
internalSignatureOutputProcessor = new InternalSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalSignatureOutputProcessor.setAction(getAction());
internalSignatureOutputProcessor.addAfterProcessor(XMLSignatureOutputProcessor.class.getName());
internalSignatureOutputProcessor.addBeforeProcessor(XMLSignatureEndingOutputProcessor.class.getName());
internalSignatureOutputProcessor.init(outputProcessorChain);
setActiveInternalSignatureOutputProcessor(internalSignatureOutputProcessor);
}
}
}
outputProcessorChain.processEvent(xmlSecEvent);
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement)
SignaturePartDef(org.apache.xml.security.stax.impl.SignaturePartDef)
XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)
Attribute(javax.xml.stream.events.Attribute)
ArrayList(java.util.ArrayList)
XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)
Example 4 with XMLSecStartElement
use of org.apache.xml.security.stax.ext.stax.XMLSecStartElement in project santuario-java by apache.
the class AbstractOutputProcessor method createStartElementAndOutputAsEvent.
public XMLSecStartElement createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, boolean outputLocalNs, List<XMLSecAttribute> attributes) throws XMLStreamException, XMLSecurityException {
List<XMLSecNamespace> comparableNamespaces = Collections.emptyList();
if (outputLocalNs) {
comparableNamespaces = new ArrayList<>(2);
comparableNamespaces.add(XMLSecEventFactory.createXMLSecNamespace(element.getPrefix(), element.getNamespaceURI()));
}
if (attributes != null) {
for (int i = 0; i < attributes.size(); i++) {
XMLSecAttribute xmlSecAttribute = attributes.get(i);
QName attributeName = xmlSecAttribute.getName();
String attributeNamePrefix = attributeName.getPrefix();
if (attributeNamePrefix != null && attributeNamePrefix.isEmpty()) {
continue;
}
if (!comparableNamespaces.contains(xmlSecAttribute.getAttributeNamespace())) {
if (comparableNamespaces == Collections.<XMLSecNamespace>emptyList()) {
comparableNamespaces = new ArrayList<>(1);
}
comparableNamespaces.add(xmlSecAttribute.getAttributeNamespace());
}
}
}
XMLSecStartElement xmlSecStartElement = XMLSecEventFactory.createXmlSecStartElement(element, attributes, comparableNamespaces);
outputAsEvent(outputProcessorChain, xmlSecStartElement);
return xmlSecStartElement;
}
Also used :
XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement)
XMLSecNamespace(org.apache.xml.security.stax.ext.stax.XMLSecNamespace)
QName(javax.xml.namespace.QName)
XMLSecAttribute(org.apache.xml.security.stax.ext.stax.XMLSecAttribute)
Example 5 with XMLSecStartElement
use of org.apache.xml.security.stax.ext.stax.XMLSecStartElement in project santuario-java by apache.
the class AbstractSignatureReferenceVerifyInputProcessor method processNextEvent.
@Override
public XMLSecEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
XMLSecEvent xmlSecEvent = inputProcessorChain.processEvent();
switch(xmlSecEvent.getEventType()) {
case XMLStreamConstants.START_ELEMENT:
XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
List<ReferenceType> referenceTypes = resolvesResource(xmlSecStartElement);
if (!referenceTypes.isEmpty()) {
for (int i = 0; i < referenceTypes.size(); i++) {
ReferenceType referenceType = referenceTypes.get(i);
if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException("signature.Verification.MultipleIDs", new Object[] { referenceType.getURI() });
}
InternalSignatureReferenceVerifier internalSignatureReferenceVerifier = getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain, referenceType, xmlSecStartElement);
if (!internalSignatureReferenceVerifier.isFinished()) {
internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
}
processedReferences.add(referenceType);
inputProcessorChain.getDocumentContext().setIsInSignedContent(inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier), internalSignatureReferenceVerifier);
processElementPath(internalSignatureReferenceVerifier.getStartElementPath(), inputProcessorChain, internalSignatureReferenceVerifier.getStartElement(), referenceType);
}
}
break;
}
return xmlSecEvent;
}
Also used :
XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement)
ReferenceType(org.apache.xml.security.binding.xmldsig.ReferenceType)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLSecEvent(org.apache.xml.security.stax.ext.stax.XMLSecEvent)
Aggregations
XMLSecStartElement (org.apache.xml.security.stax.ext.stax.XMLSecStartElement)10
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)4
XMLSecAttribute (org.apache.xml.security.stax.ext.stax.XMLSecAttribute)3
XMLSecEvent (org.apache.xml.security.stax.ext.stax.XMLSecEvent)3
Key (java.security.Key)2
XMLSecEndElement (org.apache.xml.security.stax.ext.stax.XMLSecEndElement)2
XMLSecNamespace (org.apache.xml.security.stax.ext.stax.XMLSecNamespace)2
SignaturePartDef (org.apache.xml.security.stax.impl.SignaturePartDef)2
OutboundSecurityToken (org.apache.xml.security.stax.securityToken.OutboundSecurityToken)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
NoSuchProviderException (java.security.NoSuchProviderException)1
ArrayDeque (java.util.ArrayDeque)1
ArrayList (java.util.ArrayList)1
QName (javax.xml.namespace.QName)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
XMLStreamReader (javax.xml.stream.XMLStreamReader)1
Attribute (javax.xml.stream.events.Attribute)1
ReferenceType (org.apache.xml.security.binding.xmldsig.ReferenceType)1
EncryptedDataType (org.apache.xml.security.binding.xmlenc.EncryptedDataType)1
ReferenceType (org.apache.xml.security.binding.xmlenc.ReferenceType)1
