use of org.apache.xml.security.transforms.Transforms in project testcases by coheigea.
the class SignatureUtils method signUsingDOM.
/**
* Sign the document using the DOM API of Apache Santuario - XML Security for Java.
* It signs a list of QNames that it finds in the Document via XPath.
*/
public static void signUsingDOM(Document document, List<QName> namesToSign, String algorithm, Key signingKey, X509Certificate signingCert) throws Exception {
XMLSignature sig = new XMLSignature(document, "", algorithm, "http://www.w3.org/2001/10/xml-exc-c14n#");
Element root = document.getDocumentElement();
root.appendChild(sig.getElement());
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (QName nameToSign : namesToSign) {
String expression = "//*[local-name()='" + nameToSign.getLocalPart() + "']";
NodeList elementsToSign = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
for (int i = 0; i < elementsToSign.getLength(); i++) {
Element elementToSign = (Element) elementsToSign.item(i);
Assert.assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
Transforms transforms = new Transforms(document);
transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
sig.addDocument("#" + id, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
}
}
sig.sign(signingKey);
// Find the Signature Element
Element sigElement = getSignatureElement(document);
Assert.assertNotNull(sigElement);
if (signingCert != null) {
sig.addKeyInfo(signingCert);
}
}
use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class XmlSecTest method checkXmlSignatureSoftwareStack.
private void checkXmlSignatureSoftwareStack(boolean cert) throws Exception {
Init.init();
Document testDocument = TestUtils.newDocument();
Element rootElement = testDocument.createElementNS("urn:namespace", "tns:document");
rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:namespace");
testDocument.appendChild(rootElement);
Element childElement = testDocument.createElementNS("urn:childnamespace", "t:child");
childElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:t", "urn:childnamespace");
childElement.appendChild(testDocument.createTextNode("hello world"));
rootElement.appendChild(childElement);
PrivateKey privateKey;
PublicKey publicKey = null;
X509Certificate signingCert = null;
if (cert) {
// get key & self-signed certificate from keystore
String fs = System.getProperty("file.separator");
FileInputStream fis = new FileInputStream(BASEDIR + fs + "src/test/resources" + fs + "test.jks");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, "changeit".toCharArray());
signingCert = (X509Certificate) ks.getCertificate("mullan");
publicKey = signingCert.getPublicKey();
privateKey = (PrivateKey) ks.getKey("mullan", "changeit".toCharArray());
} else {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
}
XMLSignature signature = new XMLSignature(testDocument, "", XMLSignature.ALGO_ID_SIGNATURE_DSA, Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
Element signatureElement = signature.getElement();
rootElement.appendChild(signatureElement);
Transforms transforms = new Transforms(testDocument);
XPathContainer xpath = new XPathContainer(testDocument);
xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
xpath.setXPath("not(ancestor-or-self::ds:Signature)");
transforms.addTransform(Transforms.TRANSFORM_XPATH, xpath.getElementPlusReturns());
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
signature.addDocument("", transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
if (cert) {
signature.addKeyInfo(signingCert);
} else {
signature.addKeyInfo(publicKey);
}
Element nsElement = testDocument.createElementNS(null, "nsElement");
nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
signature.sign(privateKey);
XPathFactory xpf = XPathFactory.newInstance();
XPath xPath = xpf.newXPath();
xPath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xPath.evaluate(expression, testDocument, XPathConstants.NODE);
XMLSignature signatureToVerify = new XMLSignature(sigElement, "");
boolean signResult = signatureToVerify.checkSignatureValue(publicKey);
assertTrue(signResult);
}
use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class TransformBase64DecodeTest method test1.
@org.junit.jupiter.api.Test
public void test1() throws Exception {
// base64 encoded
String s1 = "VGhlIFVSSSBvZiB0aGUgdHJhbnNmb3JtIGlzIGh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=";
Document doc = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc);
doc.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput in = null;
try (InputStream is = new ByteArrayInputStream(s1.getBytes())) {
in = new XMLSignatureInput(is);
}
XMLSignatureInput out = t.performTransforms(in);
String result = new String(out.getBytes());
assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64");
}
use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class TransformBase64DecodeTest method test2.
@org.junit.jupiter.api.Test
public void test2() throws Exception {
// base64 encoded twice
String s2 = "VkdobElGVlNTU0J2WmlCMGFHVWdkSEpoYm5ObWIzSnRJR2x6SUdoMGRIQTZMeTkzZDNjdWR6TXVi\n" + "M0puTHpJd01EQXZNRGt2ZUcxcwpaSE5wWnlOaVlYTmxOalE9";
Document doc = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc);
doc.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput in = null;
try (InputStream is = new ByteArrayInputStream(s2.getBytes())) {
in = new XMLSignatureInput(is);
}
XMLSignatureInput out = t.performTransforms(t.performTransforms(in));
String result = new String(out.getBytes());
assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64");
}
use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class TransformBase64DecodeTest method test3.
@org.junit.jupiter.api.Test
public void test3() throws Exception {
// J-
String input = "" + "<Object xmlns:signature='http://www.w3.org/2000/09/xmldsig#'>\n" + "<signature:Base64>\n" + "VGhlIFVSSSBvZiB0aGU gdHJhbn<RealText>Nmb 3JtIGlzIG<test/>h0dHA6</RealText>Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=\n" + "</signature:Base64>\n" + "</Object>\n";
// J+
Document doc = null;
try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
doc = XMLUtils.read(is, false);
}
// XMLUtils.circumventBug2650(doc);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Base64";
Node base64Node = (Node) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignatureInput xmlinput = new XMLSignatureInput(base64Node);
Document doc2 = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc2);
doc2.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput out = t.performTransforms(xmlinput);
String result = new String(out.getBytes());
assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64", "\"" + result + "\"");
}
Aggregations