Example 1 with XMLEventReaderInputProcessor
use of org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor in project santuario-java by apache.
the class TransformBase64Decode method transform.
@Override
public void transform(XMLSecEvent xmlSecEvent) throws XMLStreamException {
int eventType = xmlSecEvent.getEventType();
switch(eventType) {
case XMLStreamConstants.CHARACTERS:
if (getOutputStream() != null) {
// encoding shouldn't matter here, because the data is Base64 encoded and is therefore in the ASCII range.
try {
getOutputStream().write(xmlSecEvent.asCharacters().getData().getBytes());
} catch (IOException e) {
throw new XMLStreamException(e);
}
} else {
// we have a child transformer
if (childOutputMethod == null) {
final XMLSecurityConstants.TransformMethod preferredChildTransformMethod = getTransformer().getPreferredTransformMethod(XMLSecurityConstants.TransformMethod.XMLSecEvent);
switch(preferredChildTransformMethod) {
case XMLSecEvent:
{
childOutputMethod = new ChildOutputMethod() {
private UnsyncByteArrayOutputStream byteArrayOutputStream;
private Base64OutputStream base64OutputStream;
@Override
public void transform(Object object) throws XMLStreamException {
if (base64OutputStream == null) {
byteArrayOutputStream = new UnsyncByteArrayOutputStream();
base64OutputStream = new Base64OutputStream(byteArrayOutputStream, false);
}
try {
base64OutputStream.write((byte[]) object);
} catch (IOException e) {
throw new XMLStreamException(e);
}
}
@Override
public void doFinal() throws XMLStreamException {
try {
base64OutputStream.close();
} catch (IOException e) {
throw new XMLStreamException(e);
}
try (InputStream is = new UnsyncByteArrayInputStream(byteArrayOutputStream.toByteArray())) {
XMLEventReaderInputProcessor xmlEventReaderInputProcessor = new XMLEventReaderInputProcessor(null, getXmlInputFactory().createXMLStreamReader(is));
XMLSecEvent xmlSecEvent;
do {
xmlSecEvent = xmlEventReaderInputProcessor.processNextEvent(null);
getTransformer().transform(xmlSecEvent);
} while (xmlSecEvent.getEventType() != XMLStreamConstants.END_DOCUMENT);
} catch (XMLSecurityException | IOException e) {
throw new XMLStreamException(e);
}
getTransformer().doFinal();
}
};
break;
}
case InputStream:
{
childOutputMethod = new ChildOutputMethod() {
private UnsyncByteArrayOutputStream byteArrayOutputStream;
private Base64OutputStream base64OutputStream;
@Override
public void transform(Object object) throws XMLStreamException {
if (base64OutputStream == null) {
byteArrayOutputStream = new UnsyncByteArrayOutputStream();
base64OutputStream = new Base64OutputStream(byteArrayOutputStream, false);
}
try {
base64OutputStream.write((byte[]) object);
} catch (IOException e) {
throw new XMLStreamException(e);
}
}
@Override
public void doFinal() throws XMLStreamException {
try {
base64OutputStream.close();
} catch (IOException e) {
throw new XMLStreamException(e);
}
try (InputStream is = new UnsyncByteArrayInputStream(byteArrayOutputStream.toByteArray())) {
getTransformer().transform(is);
getTransformer().doFinal();
} catch (IOException ex) {
throw new XMLStreamException(ex);
}
}
};
break;
}
}
}
childOutputMethod.transform(xmlSecEvent.asCharacters().getData().getBytes());
}
break;
}
}
Also used :
XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants)
UnsyncByteArrayOutputStream(org.apache.xml.security.utils.UnsyncByteArrayOutputStream)
UnsyncByteArrayInputStream(org.apache.xml.security.utils.UnsyncByteArrayInputStream)
Base64InputStream(org.apache.commons.codec.binary.Base64InputStream)
XMLEventReaderInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)
Base64OutputStream(org.apache.commons.codec.binary.Base64OutputStream)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLSecEvent(org.apache.xml.security.stax.ext.stax.XMLSecEvent)
XMLStreamException(javax.xml.stream.XMLStreamException)
UnsyncByteArrayInputStream(org.apache.xml.security.utils.UnsyncByteArrayInputStream)
Example 2 with XMLEventReaderInputProcessor
use of org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor in project santuario-java by apache.
the class TransformIdentity method transform.
@Override
public void transform(final InputStream inputStream) throws XMLStreamException {
if (getOutputStream() != null) {
// we have an output stream
try {
XMLSecurityUtils.copy(inputStream, getOutputStream());
} catch (IOException e) {
throw new XMLStreamException(e);
}
} else {
// we have a child transformer
if (childOutputMethod == null) {
final XMLSecurityConstants.TransformMethod preferredChildTransformMethod = getTransformer().getPreferredTransformMethod(XMLSecurityConstants.TransformMethod.InputStream);
switch(preferredChildTransformMethod) {
case XMLSecEvent:
{
childOutputMethod = new ChildOutputMethod() {
private XMLEventReaderInputProcessor xmlEventReaderInputProcessor;
@Override
public void transform(Object object) throws XMLStreamException {
if (xmlEventReaderInputProcessor == null) {
xmlEventReaderInputProcessor = new XMLEventReaderInputProcessor(null, getXmlInputFactory().createXMLStreamReader(inputStream));
}
try {
XMLSecEvent xmlSecEvent;
do {
xmlSecEvent = xmlEventReaderInputProcessor.processNextEvent(null);
getTransformer().transform(xmlSecEvent);
} while (xmlSecEvent.getEventType() != XMLStreamConstants.END_DOCUMENT);
} catch (XMLSecurityException e) {
throw new XMLStreamException(e);
}
}
@Override
public void doFinal() throws XMLStreamException {
getTransformer().doFinal();
}
};
break;
}
case InputStream:
{
childOutputMethod = new ChildOutputMethod() {
@Override
public void transform(Object object) throws XMLStreamException {
getTransformer().transform(inputStream);
}
@Override
public void doFinal() throws XMLStreamException {
getTransformer().doFinal();
}
};
break;
}
}
}
if (childOutputMethod != null) {
childOutputMethod.transform(inputStream);
}
}
}
Also used :
XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants)
XMLEventReaderInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLSecEvent(org.apache.xml.security.stax.ext.stax.XMLSecEvent)
Example 3 with XMLEventReaderInputProcessor
use of org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor in project santuario-java by apache.
the class CanonicalizerBase method transform.
@Override
public void transform(InputStream inputStream) throws XMLStreamException {
XMLEventReaderInputProcessor xmlEventReaderInputProcessor = new XMLEventReaderInputProcessor(null, getXmlInputFactory().createXMLStreamReader(inputStream));
try {
XMLSecEvent xmlSecEvent;
do {
xmlSecEvent = xmlEventReaderInputProcessor.processNextEvent(null);
this.transform(xmlSecEvent);
} while (xmlSecEvent.getEventType() != XMLStreamConstants.END_DOCUMENT);
} catch (XMLSecurityException e) {
throw new XMLStreamException(e);
}
}
Also used :
XMLEventReaderInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Example 4 with XMLEventReaderInputProcessor
use of org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor in project santuario-java by apache.
the class InboundXMLSec method processInMessage.
/**
* Warning:
* configure your xmlStreamReader correctly. Otherwise you can create a security hole.
* At minimum configure the following properties:
* xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
* xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
* xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false);
* xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));
* <p></p>
* This method is the entry point for the incoming security-engine.
* Hand over the original XMLStreamReader and use the returned one for further processing
*
* @param xmlStreamReader The original XMLStreamReader
* @param requestSecurityEvents A List of requested SecurityEvents
* @param securityEventListener A SecurityEventListener to receive security-relevant events.
* @return A new XMLStreamReader which does transparently the security processing.
* @throws XMLStreamException thrown when a streaming error occurs
*/
public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener) throws XMLStreamException {
if (requestSecurityEvents == null) {
requestSecurityEvents = Collections.emptyList();
}
final InboundSecurityContextImpl inboundSecurityContext = new InboundSecurityContextImpl();
inboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
inboundSecurityContext.addSecurityEventListener(securityEventListener);
inboundSecurityContext.put(XMLSecurityConstants.XMLINPUTFACTORY, xmlInputFactory);
DocumentContextImpl documentContext = new DocumentContextImpl();
documentContext.setEncoding(xmlStreamReader.getEncoding() != null ? xmlStreamReader.getEncoding() : java.nio.charset.StandardCharsets.UTF_8.name());
// woodstox 3.2.9 returns null when used with a DOMSource
Location location = xmlStreamReader.getLocation();
if (location != null) {
documentContext.setBaseURI(location.getSystemId());
}
InputProcessorChainImpl inputProcessorChain = new InputProcessorChainImpl(inboundSecurityContext, documentContext);
inputProcessorChain.addProcessor(new XMLEventReaderInputProcessor(securityProperties, xmlStreamReader));
List<InputProcessor> additionalInputProcessors = securityProperties.getInputProcessorList();
if (!additionalInputProcessors.isEmpty()) {
Iterator<InputProcessor> inputProcessorIterator = additionalInputProcessors.iterator();
while (inputProcessorIterator.hasNext()) {
InputProcessor inputProcessor = inputProcessorIterator.next();
inputProcessorChain.addProcessor(inputProcessor);
}
}
inputProcessorChain.addProcessor(new XMLSecurityInputProcessor(securityProperties));
if (LOG.isTraceEnabled()) {
LogInputProcessor LOGInputProcessor = new LogInputProcessor(securityProperties);
LOGInputProcessor.addAfterProcessor(XMLSecurityInputProcessor.class.getName());
inputProcessorChain.addProcessor(LOGInputProcessor);
}
return new XMLSecurityStreamReader(inputProcessorChain, securityProperties);
}
Also used :
InputProcessorChainImpl(org.apache.xml.security.stax.impl.InputProcessorChainImpl)
XMLSecurityStreamReader(org.apache.xml.security.stax.impl.XMLSecurityStreamReader)
InboundSecurityContextImpl(org.apache.xml.security.stax.impl.InboundSecurityContextImpl)
XMLEventReaderInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)
XMLSecurityInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLSecurityInputProcessor)
LogInputProcessor(org.apache.xml.security.stax.impl.processor.input.LogInputProcessor)
XMLEventReaderInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)
XMLSecurityInputProcessor(org.apache.xml.security.stax.impl.processor.input.XMLSecurityInputProcessor)
LogInputProcessor(org.apache.xml.security.stax.impl.processor.input.LogInputProcessor)
DocumentContextImpl(org.apache.xml.security.stax.impl.DocumentContextImpl)
Location(javax.xml.stream.Location)
Aggregations
XMLEventReaderInputProcessor (org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor)4
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)3
XMLSecurityConstants (org.apache.xml.security.stax.ext.XMLSecurityConstants)2
XMLSecEvent (org.apache.xml.security.stax.ext.stax.XMLSecEvent)2
Location (javax.xml.stream.Location)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
Base64InputStream (org.apache.commons.codec.binary.Base64InputStream)1
Base64OutputStream (org.apache.commons.codec.binary.Base64OutputStream)1
DocumentContextImpl (org.apache.xml.security.stax.impl.DocumentContextImpl)1
InboundSecurityContextImpl (org.apache.xml.security.stax.impl.InboundSecurityContextImpl)1
InputProcessorChainImpl (org.apache.xml.security.stax.impl.InputProcessorChainImpl)1
XMLSecurityStreamReader (org.apache.xml.security.stax.impl.XMLSecurityStreamReader)1
LogInputProcessor (org.apache.xml.security.stax.impl.processor.input.LogInputProcessor)1
XMLSecurityInputProcessor (org.apache.xml.security.stax.impl.processor.input.XMLSecurityInputProcessor)1
UnsyncByteArrayInputStream (org.apache.xml.security.utils.UnsyncByteArrayInputStream)1
UnsyncByteArrayOutputStream (org.apache.xml.security.utils.UnsyncByteArrayOutputStream)1
