use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class TransformBase64DecodeTest method test3.
@org.junit.jupiter.api.Test
public void test3() throws Exception {
// J-
String input = "" + "<Object xmlns:signature='http://www.w3.org/2000/09/xmldsig#'>\n" + "<signature:Base64>\n" + "VGhlIFVSSSBvZiB0aGU gdHJhbn<RealText>Nmb 3JtIGlzIG<test/>h0dHA6</RealText>Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=\n" + "</signature:Base64>\n" + "</Object>\n";
// J+
Document doc = null;
try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
doc = XMLUtils.read(is, false);
}
// XMLUtils.circumventBug2650(doc);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Base64";
Node base64Node = (Node) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignatureInput xmlinput = new XMLSignatureInput(base64Node);
Document doc2 = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc2);
doc2.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput out = t.performTransforms(xmlinput);
String result = new String(out.getBytes());
assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64", "\"" + result + "\"");
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class CreateSignatureTest method testEmptyNodeSet.
/**
* Test for bug 36044 - Canonicalizing an empty node-set throws an
* ArrayIndexOutOfBoundsException.
*/
@org.junit.jupiter.api.Test
public void testEmptyNodeSet() throws Exception {
Document doc = TestUtils.newDocument();
Element envelope = doc.createElementNS("http://www.usps.gov/", "Envelope");
envelope.appendChild(doc.createTextNode("\n"));
doc.appendChild(envelope);
XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
envelope.appendChild(sig.getElement());
ObjectContainer object1 = new ObjectContainer(doc);
object1.setId("object-1");
object1.setMimeType("text/plain");
sig.appendObject(object1);
ObjectContainer object2 = new ObjectContainer(doc);
object2.setId("object-2");
object2.setMimeType("text/plain");
object2.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
object2.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
sig.appendObject(object2);
Transforms transforms = new Transforms(doc);
XPathContainer xpathC = new XPathContainer(doc);
xpathC.setXPath("self::text()");
transforms.addTransform(Transforms.TRANSFORM_XPATH, xpathC.getElementPlusReturns());
sig.addDocument("#object-1", transforms, Constants.ALGO_ID_DIGEST_SHA1, null, "http://www.w3.org/2000/09/xmldsig#Object");
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
} else {
fis = new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
}
ks.load(fis, "xmlsecurity".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
sig.sign(privateKey);
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class CreateSignatureTest method doSign.
private String doSign() throws Exception {
PrivateKey privateKey = kp.getPrivate();
Document doc = TestUtils.newDocument();
doc.appendChild(doc.createComment(" Comment before "));
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
XMLSignature sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
root.appendChild(sig.getElement());
doc.appendChild(doc.createComment(" Comment after "));
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
sig.addKeyInfo(kp.getPublic());
sig.sign(privateKey);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
return new String(bos.toByteArray());
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class CreateSignatureTest method testAddDuplicateKeyInfo.
@org.junit.jupiter.api.Test
public void testAddDuplicateKeyInfo() throws Exception {
PrivateKey privateKey = kp.getPrivate();
Document doc = TestUtils.newDocument();
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
XMLSignature sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
String id = "12345";
sig.setId(id);
root.appendChild(sig.getElement());
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
sig.addKeyInfo(kp.getPublic());
sig.sign(privateKey);
// Add a duplicate (empty) KeyInfo element
KeyInfo keyInfo = new KeyInfo(doc);
sig.getElement().appendChild(keyInfo.getElement());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
String signedContent = new String(bos.toByteArray());
try {
doVerify(signedContent);
fail("Failure expected on a duplicate KeyInfo element");
} catch (XMLSignatureException ex) {
// expected
}
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class CreateSignatureTest method testXFilter2Signature.
@org.junit.jupiter.api.Test
public void testXFilter2Signature() throws Exception {
Document doc = TestUtils.newDocument();
doc.appendChild(doc.createComment(" Comment before "));
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
// Sign
XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
root.appendChild(sig.getElement());
Transforms transforms = new Transforms(doc);
String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
Element node = xpathC.getElement();
transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
} else {
fis = new FileInputStream("src/test/resources/org/apache/xml/security/samples/input/keystore.jks");
}
ks.load(fis, "xmlsecurity".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("test", "xmlsecurity".toCharArray());
sig.sign(privateKey);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
String signedDoc = new String(bos.toByteArray());
// Now Verify
try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
doc = XMLUtils.read(is, false);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignature signature = new XMLSignature(sigElement, "");
assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
}
Aggregations