Search in sources :

Example 66 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.

the class TransformBase64DecodeTest method test3.

@org.junit.jupiter.api.Test
public void test3() throws Exception {
    // J-
    String input = "" + "<Object xmlns:signature='http://www.w3.org/2000/09/xmldsig#'>\n" + "<signature:Base64>\n" + "VGhlIFVSSSBvZiB0aGU gdHJhbn<RealText>Nmb  3JtIGlzIG<test/>h0dHA6</RealText>Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=\n" + "</signature:Base64>\n" + "</Object>\n";
    // J+
    Document doc = null;
    try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
        doc = XMLUtils.read(is, false);
    }
    // XMLUtils.circumventBug2650(doc);
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//ds:Base64";
    Node base64Node = (Node) xpath.evaluate(expression, doc, XPathConstants.NODE);
    XMLSignatureInput xmlinput = new XMLSignatureInput(base64Node);
    Document doc2 = TransformBase64DecodeTest.createDocument();
    Transforms t = new Transforms(doc2);
    doc2.appendChild(t.getElement());
    t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
    XMLSignatureInput out = t.performTransforms(xmlinput);
    String result = new String(out.getBytes());
    assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64", "\"" + result + "\"");
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) Node(org.w3c.dom.Node) Transforms(org.apache.xml.security.transforms.Transforms) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Document(org.w3c.dom.Document)

Example 67 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.

the class CreateSignatureTest method testEmptyNodeSet.

/**
 * Test for bug 36044 - Canonicalizing an empty node-set throws an
 * ArrayIndexOutOfBoundsException.
 */
@org.junit.jupiter.api.Test
public void testEmptyNodeSet() throws Exception {
    Document doc = TestUtils.newDocument();
    Element envelope = doc.createElementNS("http://www.usps.gov/", "Envelope");
    envelope.appendChild(doc.createTextNode("\n"));
    doc.appendChild(envelope);
    XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
    envelope.appendChild(sig.getElement());
    ObjectContainer object1 = new ObjectContainer(doc);
    object1.setId("object-1");
    object1.setMimeType("text/plain");
    sig.appendObject(object1);
    ObjectContainer object2 = new ObjectContainer(doc);
    object2.setId("object-2");
    object2.setMimeType("text/plain");
    object2.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
    object2.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
    sig.appendObject(object2);
    Transforms transforms = new Transforms(doc);
    XPathContainer xpathC = new XPathContainer(doc);
    xpathC.setXPath("self::text()");
    transforms.addTransform(Transforms.TRANSFORM_XPATH, xpathC.getElementPlusReturns());
    sig.addDocument("#object-1", transforms, Constants.ALGO_ID_DIGEST_SHA1, null, "http://www.w3.org/2000/09/xmldsig#Object");
    KeyStore ks = KeyStore.getInstance("JKS");
    FileInputStream fis = null;
    if (BASEDIR != null && !"".equals(BASEDIR)) {
        fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
    } else {
        fis = new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
    }
    ks.load(fis, "xmlsecurity".toCharArray());
    PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
    sig.sign(privateKey);
}
Also used : PrivateKey(java.security.PrivateKey) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) Document(org.w3c.dom.Document) ObjectContainer(org.apache.xml.security.signature.ObjectContainer) XPathContainer(org.apache.xml.security.transforms.params.XPathContainer) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream)

Example 68 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.

the class CreateSignatureTest method doSign.

private String doSign() throws Exception {
    PrivateKey privateKey = kp.getPrivate();
    Document doc = TestUtils.newDocument();
    doc.appendChild(doc.createComment(" Comment before "));
    Element root = doc.createElementNS("", "RootElement");
    doc.appendChild(root);
    root.appendChild(doc.createTextNode("Some simple text\n"));
    Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
    canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
    XMLSignature sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
    root.appendChild(sig.getElement());
    doc.appendChild(doc.createComment(" Comment after "));
    Transforms transforms = new Transforms(doc);
    transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
    transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
    sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
    sig.addKeyInfo(kp.getPublic());
    sig.sign(privateKey);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    XMLUtils.outputDOMc14nWithComments(doc, bos);
    return new String(bos.toByteArray());
}
Also used : PrivateKey(java.security.PrivateKey) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) SignatureAlgorithm(org.apache.xml.security.algorithms.SignatureAlgorithm) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Document(org.w3c.dom.Document)

Example 69 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.

the class CreateSignatureTest method testAddDuplicateKeyInfo.

@org.junit.jupiter.api.Test
public void testAddDuplicateKeyInfo() throws Exception {
    PrivateKey privateKey = kp.getPrivate();
    Document doc = TestUtils.newDocument();
    Element root = doc.createElementNS("", "RootElement");
    doc.appendChild(root);
    root.appendChild(doc.createTextNode("Some simple text\n"));
    Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
    canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
    XMLSignature sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
    String id = "12345";
    sig.setId(id);
    root.appendChild(sig.getElement());
    Transforms transforms = new Transforms(doc);
    transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
    transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
    sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
    sig.addKeyInfo(kp.getPublic());
    sig.sign(privateKey);
    // Add a duplicate (empty) KeyInfo element
    KeyInfo keyInfo = new KeyInfo(doc);
    sig.getElement().appendChild(keyInfo.getElement());
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    XMLUtils.outputDOMc14nWithComments(doc, bos);
    String signedContent = new String(bos.toByteArray());
    try {
        doVerify(signedContent);
        fail("Failure expected on a duplicate KeyInfo element");
    } catch (XMLSignatureException ex) {
    // expected
    }
}
Also used : PrivateKey(java.security.PrivateKey) KeyInfo(org.apache.xml.security.keys.KeyInfo) XMLSignature(org.apache.xml.security.signature.XMLSignature) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) SignatureAlgorithm(org.apache.xml.security.algorithms.SignatureAlgorithm) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Document(org.w3c.dom.Document) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)

Example 70 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.

the class CreateSignatureTest method testXFilter2Signature.

@org.junit.jupiter.api.Test
public void testXFilter2Signature() throws Exception {
    Document doc = TestUtils.newDocument();
    doc.appendChild(doc.createComment(" Comment before "));
    Element root = doc.createElementNS("", "RootElement");
    doc.appendChild(root);
    root.appendChild(doc.createTextNode("Some simple text\n"));
    // Sign
    XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
    root.appendChild(sig.getElement());
    Transforms transforms = new Transforms(doc);
    String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
    XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
    xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
    Element node = xpathC.getElement();
    transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
    sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
    KeyStore ks = KeyStore.getInstance("JKS");
    FileInputStream fis = null;
    if (BASEDIR != null && !"".equals(BASEDIR)) {
        fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
    } else {
        fis = new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
    }
    ks.load(fis, "xmlsecurity".toCharArray());
    PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
    sig.sign(privateKey);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    XMLUtils.outputDOMc14nWithComments(doc, bos);
    String signedDoc = new String(bos.toByteArray());
    // Now Verify
    try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
        doc = XMLUtils.read(is, false);
    }
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//ds:Signature[1]";
    Element sigElement = (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
    XMLSignature signature = new XMLSignature(sigElement, "");
    assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
}
Also used : XPath(javax.xml.xpath.XPath) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) XPathFactory(javax.xml.xpath.XPathFactory) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLSignature(org.apache.xml.security.signature.XMLSignature) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) XPath2FilterContainer(org.apache.xml.security.transforms.params.XPath2FilterContainer)

Aggregations

Transforms (org.apache.xml.security.transforms.Transforms)94 XMLSignature (org.apache.xml.security.signature.XMLSignature)66 Element (org.w3c.dom.Element)57 Document (org.w3c.dom.Document)45 XPath (javax.xml.xpath.XPath)24 XPathFactory (javax.xml.xpath.XPathFactory)23 ByteArrayOutputStream (java.io.ByteArrayOutputStream)22 DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)22 PrivateKey (java.security.PrivateKey)20 InputStream (java.io.InputStream)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)15 NodeList (org.w3c.dom.NodeList)14 SignatureAlgorithm (org.apache.xml.security.algorithms.SignatureAlgorithm)13 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)13 FileInputStream (java.io.FileInputStream)12 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)10 XPathContainer (org.apache.xml.security.transforms.params.XPathContainer)10 KeyStore (java.security.KeyStore)9 X509Certificate (java.security.cert.X509Certificate)8