Example 71 with Transforms
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class CreateSignatureTest method doSignWithCert.
private String doSignWithCert() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jks");
} else {
fis = new FileInputStream("src/test/resources/test.jks");
}
ks.load(fis, "changeit".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("mullan", "changeit".toCharArray());
Document doc = TestUtils.newDocument();
X509Certificate signingCert = (X509Certificate) ks.getCertificate("mullan");
doc.appendChild(doc.createComment(" Comment before "));
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA);
XMLSignature sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
root.appendChild(sig.getElement());
doc.appendChild(doc.createComment(" Comment after "));
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
sig.addKeyInfo(signingCert);
sig.sign(privateKey);
X509Certificate cert = sig.getKeyInfo().getX509Certificate();
sig.checkSignatureValue(cert.getPublicKey());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
return new String(bos.toByteArray());
}
Also used :
PrivateKey(java.security.PrivateKey)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Transforms(org.apache.xml.security.transforms.Transforms)
SignatureAlgorithm(org.apache.xml.security.algorithms.SignatureAlgorithm)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Example 72 with Transforms
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class HMACOutputLengthTest method testValidHMACOutputLength.
@org.junit.jupiter.api.Test
public void testValidHMACOutputLength() throws Exception {
Document doc = TestUtils.newDocument();
doc.appendChild(doc.createComment(" Comment before "));
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
Element canonElem = XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1, 160);
root.appendChild(sig.getElement());
doc.appendChild(doc.createComment(" Comment after "));
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256);
SecretKey sk = sig.createSecretKey("secret".getBytes(StandardCharsets.US_ASCII));
sig.sign(sk);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
String signedContent = new String(bos.toByteArray());
assertTrue(signedContent.contains("ds:HMACOutputLength>160</ds:HMACOutputLength>"));
// Verify
NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Couldn't find signature Element");
}
Element sigElement = (Element) nl.item(0);
XMLSignature signature = new XMLSignature(sigElement, null);
assertTrue(signature.checkSignatureValue(sk));
}
Also used :
SecretKey(javax.crypto.SecretKey)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Transforms(org.apache.xml.security.transforms.Transforms)
NodeList(org.w3c.dom.NodeList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Document(org.w3c.dom.Document)
XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)
Example 73 with Transforms
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class ForbiddenRefCountTest method signDocument.
private void signDocument(Document doc, int refCount) throws Exception {
XMLSignature sig = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_DSA);
Element root = doc.getDocumentElement();
root.appendChild(sig.getElement());
for (int i = 0; i < refCount; i++) {
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
}
sig.addKeyInfo(getPublicKey());
sig.sign(getPrivateKey());
}
Also used :
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Transforms(org.apache.xml.security.transforms.Transforms)
Example 74 with Transforms
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class SignatureReferenceTest method signDocument.
private XMLSignature signDocument(Document doc) throws Throwable {
XMLSignature sig = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_DSA);
Element root = doc.getDocumentElement();
root.appendChild(sig.getElement());
sig.getSignedInfo().addResourceResolver(new ResolverXPointer());
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
sig.addKeyInfo(getPublicKey());
sig.sign(getPrivateKey());
return sig;
}
Also used :
ResolverXPointer(org.apache.xml.security.utils.resolver.implementations.ResolverXPointer)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Transforms(org.apache.xml.security.transforms.Transforms)
Example 75 with Transforms
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class AbstractSignatureVerificationTest method signUsingDOM.
/**
* Sign the document using DOM
*/
protected XMLSignature signUsingDOM(String algorithm, Document document, List<String> localNames, Key signingKey, String c14nMethod, String digestMethod, List<ReferenceInfo> additionalReferences, ResourceResolverSpi resourceResolverSpi, AlgorithmParameterSpec spec) throws Exception {
XMLSignature sig = new XMLSignature(document, "", algorithm, 0, c14nMethod, null, spec);
if (resourceResolverSpi != null) {
sig.addResourceResolver(resourceResolverSpi);
}
Element root = document.getDocumentElement();
root.appendChild(sig.getElement());
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
NodeList elementsToSign = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
for (int i = 0; i < elementsToSign.getLength(); i++) {
Element elementToSign = (Element) elementsToSign.item(i);
assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
Transforms transforms = new Transforms(document);
transforms.addTransform(c14nMethod);
sig.addDocument("#" + id, transforms, digestMethod);
}
}
if (additionalReferences != null) {
for (int i = 0; i < additionalReferences.size(); i++) {
ReferenceInfo referenceInfo = additionalReferences.get(i);
if (referenceInfo.isBinary()) {
sig.addDocument(referenceInfo.getResource(), null, referenceInfo.getDigestMethod());
} else {
Transforms transforms = new Transforms(document);
for (int j = 0; j < referenceInfo.getC14NMethod().length; j++) {
String transform = referenceInfo.getC14NMethod()[j];
transforms.addTransform(transform);
}
sig.addDocument(referenceInfo.getResource(), transforms, referenceInfo.getDigestMethod());
}
}
}
sig.sign(signingKey);
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
assertNotNull(sigElement);
return sig;
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathFactory(javax.xml.xpath.XPathFactory)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
Transforms(org.apache.xml.security.transforms.Transforms)
Aggregations
Transforms (org.apache.xml.security.transforms.Transforms)94
XMLSignature (org.apache.xml.security.signature.XMLSignature)66
Element (org.w3c.dom.Element)57
Document (org.w3c.dom.Document)45
XPath (javax.xml.xpath.XPath)24
XPathFactory (javax.xml.xpath.XPathFactory)23
ByteArrayOutputStream (java.io.ByteArrayOutputStream)22
DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)22
PrivateKey (java.security.PrivateKey)20
InputStream (java.io.InputStream)17
ByteArrayInputStream (java.io.ByteArrayInputStream)16
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)15
NodeList (org.w3c.dom.NodeList)14
SignatureAlgorithm (org.apache.xml.security.algorithms.SignatureAlgorithm)13
ObjectContainer (org.apache.xml.security.signature.ObjectContainer)13
FileInputStream (java.io.FileInputStream)12
XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)10
XPathContainer (org.apache.xml.security.transforms.params.XPathContainer)10
KeyStore (java.security.KeyStore)9
X509Certificate (java.security.cert.X509Certificate)8
