Examples with SignedElementSecurityEvent org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent used on opensource projects

Search in sources :

Example 1 with SignedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent in project santuario-java by apache.

the class XMLSignatureReferenceVerifyInputProcessor method processElementPath.

@Override
protected void processElementPath(List<QName> elementPath, InputProcessorChain inputProcessorChain, XMLSecEvent xmlSecEvent, ReferenceType referenceType) throws XMLSecurityException {
    final DocumentContext documentContext = inputProcessorChain.getDocumentContext();
    SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(getInboundSecurityToken(), true, documentContext.getProtectionOrder());
    signedElementSecurityEvent.setElementPath(elementPath);
    signedElementSecurityEvent.setXmlSecEvent(xmlSecEvent);
    signedElementSecurityEvent.setCorrelationID(referenceType.getId());
    inputProcessorChain.getSecurityContext().registerSecurityEvent(signedElementSecurityEvent);
}
Also used : DocumentContext(org.apache.xml.security.stax.ext.DocumentContext) SignedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent)

Example 2 with SignedElementSecurityEvent

use of org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent in project testcases by coheigea.

the class SignatureUtils method verifyUsingStAX.

/**
 * Verify the document using the StAX API of Apache Santuario - XML Security for Java.
 */
public static void verifyUsingStAX(InputStream inputStream, List<QName> namesToSign, X509Certificate cert) throws Exception {
    // Set up the Configuration
    XMLSecurityProperties properties = new XMLSecurityProperties();
    List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
    actions.add(XMLSecurityConstants.SIGNATURE);
    properties.setActions(actions);
    properties.setSignatureVerificationKey(cert.getPublicKey());
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    final XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(inputStream);
    TestSecurityEventListener eventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, eventListener);
    while (securityStreamReader.hasNext()) {
        securityStreamReader.next();
    }
    xmlStreamReader.close();
    inputStream.close();
    // Check that what we were expecting to be signed was actually signed
    List<SignedElementSecurityEvent> signedElementEvents = eventListener.getSecurityEvents(SecurityEventConstants.SignedElement);
    Assert.assertNotNull(signedElementEvents);
    for (QName nameToSign : namesToSign) {
        boolean found = false;
        for (SignedElementSecurityEvent signedElement : signedElementEvents) {
            if (signedElement.isSigned() && nameToSign.equals(getSignedQName(signedElement.getElementPath()))) {
                found = true;
                break;
            }
        }
        Assert.assertTrue(found);
    }
    // Check Signing cert
    X509TokenSecurityEvent tokenEvent = (X509TokenSecurityEvent) eventListener.getSecurityEvent(SecurityEventConstants.X509Token);
    Assert.assertNotNull(tokenEvent);
    Assert.assertTrue(tokenEvent.getSecurityToken() instanceof X509SecurityToken);
    X509SecurityToken x509SecurityToken = (X509SecurityToken) tokenEvent.getSecurityToken();
    Assert.assertEquals(x509SecurityToken.getX509Certificates()[0], cert);
}
Also used : XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants) XMLStreamReader(javax.xml.stream.XMLStreamReader) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) X509SecurityToken(org.apache.xml.security.stax.impl.securityToken.X509SecurityToken) X509TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) SignedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Aggregations

SignedElementSecurityEvent (org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent)2 ArrayList (java.util.ArrayList)1 QName (javax.xml.namespace.QName)1 XMLInputFactory (javax.xml.stream.XMLInputFactory)1 XMLStreamReader (javax.xml.stream.XMLStreamReader)1 DocumentContext (org.apache.xml.security.stax.ext.DocumentContext)1 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)1 XMLSecurityConstants (org.apache.xml.security.stax.ext.XMLSecurityConstants)1 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)1 X509SecurityToken (org.apache.xml.security.stax.impl.securityToken.X509SecurityToken)1 X509TokenSecurityEvent (org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial