Search in sources :

Example 11 with Transforms

use of org.apache.xml.security.transforms.Transforms in project testcases by coheigea.

the class SignatureUtils method signUsingDOM.

/**
 * Sign the document using the DOM API of Apache Santuario - XML Security for Java.
 * It signs a list of QNames that it finds in the Document via XPath.
 */
public static void signUsingDOM(Document document, List<QName> namesToSign, String algorithm, Key signingKey, X509Certificate signingCert) throws Exception {
    XMLSignature sig = new XMLSignature(document, "", algorithm, "http://www.w3.org/2001/10/xml-exc-c14n#");
    Element root = document.getDocumentElement();
    root.appendChild(sig.getElement());
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    for (QName nameToSign : namesToSign) {
        String expression = "//*[local-name()='" + nameToSign.getLocalPart() + "']";
        NodeList elementsToSign = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
        for (int i = 0; i < elementsToSign.getLength(); i++) {
            Element elementToSign = (Element) elementsToSign.item(i);
            Assert.assertNotNull(elementToSign);
            String id = UUID.randomUUID().toString();
            elementToSign.setAttributeNS(null, "Id", id);
            elementToSign.setIdAttributeNS(null, "Id", true);
            Transforms transforms = new Transforms(document);
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            sig.addDocument("#" + id, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
        }
    }
    sig.sign(signingKey);
    // Find the Signature Element
    Element sigElement = getSignatureElement(document);
    Assert.assertNotNull(sigElement);
    if (signingCert != null) {
        sig.addKeyInfo(signingCert);
    }
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) XMLSignature(org.apache.xml.security.signature.XMLSignature) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Transforms(org.apache.xml.security.transforms.Transforms)

Example 12 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.

the class XmlSecTest method checkXmlSignatureSoftwareStack.

private void checkXmlSignatureSoftwareStack(boolean cert) throws Exception {
    Init.init();
    Document testDocument = TestUtils.newDocument();
    Element rootElement = testDocument.createElementNS("urn:namespace", "tns:document");
    rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:namespace");
    testDocument.appendChild(rootElement);
    Element childElement = testDocument.createElementNS("urn:childnamespace", "t:child");
    childElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:t", "urn:childnamespace");
    childElement.appendChild(testDocument.createTextNode("hello world"));
    rootElement.appendChild(childElement);
    PrivateKey privateKey;
    PublicKey publicKey = null;
    X509Certificate signingCert = null;
    if (cert) {
        // get key & self-signed certificate from keystore
        String fs = System.getProperty("file.separator");
        FileInputStream fis = new FileInputStream(BASEDIR + fs + "src/test/resources" + fs + "test.jks");
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(fis, "changeit".toCharArray());
        signingCert = (X509Certificate) ks.getCertificate("mullan");
        publicKey = signingCert.getPublicKey();
        privateKey = (PrivateKey) ks.getKey("mullan", "changeit".toCharArray());
    } else {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
        kpg.initialize(1024);
        KeyPair keyPair = kpg.generateKeyPair();
        publicKey = keyPair.getPublic();
        privateKey = keyPair.getPrivate();
    }
    XMLSignature signature = new XMLSignature(testDocument, "", XMLSignature.ALGO_ID_SIGNATURE_DSA, Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
    Element signatureElement = signature.getElement();
    rootElement.appendChild(signatureElement);
    Transforms transforms = new Transforms(testDocument);
    XPathContainer xpath = new XPathContainer(testDocument);
    xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
    xpath.setXPath("not(ancestor-or-self::ds:Signature)");
    transforms.addTransform(Transforms.TRANSFORM_XPATH, xpath.getElementPlusReturns());
    transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
    signature.addDocument("", transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
    if (cert) {
        signature.addKeyInfo(signingCert);
    } else {
        signature.addKeyInfo(publicKey);
    }
    Element nsElement = testDocument.createElementNS(null, "nsElement");
    nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
    signature.sign(privateKey);
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xPath = xpf.newXPath();
    xPath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//ds:Signature[1]";
    Element sigElement = (Element) xPath.evaluate(expression, testDocument, XPathConstants.NODE);
    XMLSignature signatureToVerify = new XMLSignature(sigElement, "");
    boolean signResult = signatureToVerify.checkSignatureValue(publicKey);
    assertTrue(signResult);
}
Also used : XPath(javax.xml.xpath.XPath) KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) KeyPairGenerator(java.security.KeyPairGenerator) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) XPathContainer(org.apache.xml.security.transforms.params.XPathContainer) X509Certificate(java.security.cert.X509Certificate) FileInputStream(java.io.FileInputStream) XPathFactory(javax.xml.xpath.XPathFactory) XMLSignature(org.apache.xml.security.signature.XMLSignature) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext)

Example 13 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.

the class TransformBase64DecodeTest method test1.

@org.junit.jupiter.api.Test
public void test1() throws Exception {
    // base64 encoded
    String s1 = "VGhlIFVSSSBvZiB0aGUgdHJhbnNmb3JtIGlzIGh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=";
    Document doc = TransformBase64DecodeTest.createDocument();
    Transforms t = new Transforms(doc);
    doc.appendChild(t.getElement());
    t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
    XMLSignatureInput in = null;
    try (InputStream is = new ByteArrayInputStream(s1.getBytes())) {
        in = new XMLSignatureInput(is);
    }
    XMLSignatureInput out = t.performTransforms(in);
    String result = new String(out.getBytes());
    assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64");
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Transforms(org.apache.xml.security.transforms.Transforms) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Document(org.w3c.dom.Document)

Example 14 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.

the class TransformBase64DecodeTest method test2.

@org.junit.jupiter.api.Test
public void test2() throws Exception {
    // base64 encoded twice
    String s2 = "VkdobElGVlNTU0J2WmlCMGFHVWdkSEpoYm5ObWIzSnRJR2x6SUdoMGRIQTZMeTkzZDNjdWR6TXVi\n" + "M0puTHpJd01EQXZNRGt2ZUcxcwpaSE5wWnlOaVlYTmxOalE9";
    Document doc = TransformBase64DecodeTest.createDocument();
    Transforms t = new Transforms(doc);
    doc.appendChild(t.getElement());
    t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
    XMLSignatureInput in = null;
    try (InputStream is = new ByteArrayInputStream(s2.getBytes())) {
        in = new XMLSignatureInput(is);
    }
    XMLSignatureInput out = t.performTransforms(t.performTransforms(in));
    String result = new String(out.getBytes());
    assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64");
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Transforms(org.apache.xml.security.transforms.Transforms) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Document(org.w3c.dom.Document)

Example 15 with Transforms

use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.

the class TransformBase64DecodeTest method test3.

@org.junit.jupiter.api.Test
public void test3() throws Exception {
    // J-
    String input = "" + "<Object xmlns:signature='http://www.w3.org/2000/09/xmldsig#'>\n" + "<signature:Base64>\n" + "VGhlIFVSSSBvZiB0aGU gdHJhbn<RealText>Nmb  3JtIGlzIG<test/>h0dHA6</RealText>Ly93d3cudzMub3JnLzIwMDAvMDkveG1s\n" + "ZHNpZyNiYXNlNjQ=\n" + "</signature:Base64>\n" + "</Object>\n";
    // J+
    Document doc = null;
    try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
        doc = XMLUtils.read(is, false);
    }
    // XMLUtils.circumventBug2650(doc);
    XPathFactory xpf = XPathFactory.newInstance();
    XPath xpath = xpf.newXPath();
    xpath.setNamespaceContext(new DSNamespaceContext());
    String expression = "//ds:Base64";
    Node base64Node = (Node) xpath.evaluate(expression, doc, XPathConstants.NODE);
    XMLSignatureInput xmlinput = new XMLSignatureInput(base64Node);
    Document doc2 = TransformBase64DecodeTest.createDocument();
    Transforms t = new Transforms(doc2);
    doc2.appendChild(t.getElement());
    t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
    XMLSignatureInput out = t.performTransforms(xmlinput);
    String result = new String(out.getBytes());
    assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64", "\"" + result + "\"");
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) DSNamespaceContext(org.apache.xml.security.test.dom.DSNamespaceContext) Node(org.w3c.dom.Node) Transforms(org.apache.xml.security.transforms.Transforms) XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput) Document(org.w3c.dom.Document)

Aggregations

Transforms (org.apache.xml.security.transforms.Transforms)94 XMLSignature (org.apache.xml.security.signature.XMLSignature)66 Element (org.w3c.dom.Element)57 Document (org.w3c.dom.Document)45 XPath (javax.xml.xpath.XPath)24 XPathFactory (javax.xml.xpath.XPathFactory)23 ByteArrayOutputStream (java.io.ByteArrayOutputStream)22 DSNamespaceContext (org.apache.xml.security.test.dom.DSNamespaceContext)22 PrivateKey (java.security.PrivateKey)20 InputStream (java.io.InputStream)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)15 NodeList (org.w3c.dom.NodeList)14 SignatureAlgorithm (org.apache.xml.security.algorithms.SignatureAlgorithm)13 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)13 FileInputStream (java.io.FileInputStream)12 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)10 XPathContainer (org.apache.xml.security.transforms.params.XPathContainer)10 KeyStore (java.security.KeyStore)9 X509Certificate (java.security.cert.X509Certificate)8