use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class CreateExclC14nInteropValues method main.
/**
* Method main
*
* @param unused
* @throws Exception
*/
public static void main(String[] unused) throws Exception {
org.apache.xml.security.Init.init();
Document doc = TestUtils.newDocument();
String directory = "data/org/apache/xml/security/c14n/outExcl/";
File signatureFile = new File(directory + "apacheSignature.xml");
XMLSignature xmlSignature = new XMLSignature(doc, signatureFile.toURI().toURL().toString(), XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
doc.appendChild(xmlSignature.getElement());
{
// ref 0
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::Parent or (parent::Parent and not(self::Child)) or self::GrandChild or parent::GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("iaikTests.example1.xml", tf);
}
{
// ref 1
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::Parent or (parent::Parent and not(self::Child)) or self::GrandChild or parent::GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
tf.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
xmlSignature.addDocument("iaikTests.example1.xml", tf);
}
{
// ref 2
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:default", "http://example.org");
xc.setXPath("self::Parent or (parent::Parent and not(self::default:Child)) or self::GrandChild or parent::GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("iaikTests.example2.xml", tf);
}
{
// ref 3
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:default", "http://example.org");
xc.setXPath("self::Parent or (parent::Parent and not(self::default:Child)) or self::GrandChild or parent::GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
tf.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
xmlSignature.addDocument("iaikTests.example2.xml", tf);
}
{
// ref 4
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:default", "http://example.org/default");
xc.setXPathNamespaceContext("xmlns:ns1", "http://example.org/ns1");
xc.setXPath("self::default:Parent or (parent::default:Parent and not(self::default:Child)) or self::ns1:GrandChild or parent::ns1:GrandChild or self::default:GrandChild or parent::default:GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("iaikTests.example3.xml", tf);
}
{
// ref 5
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:default", "http://example.org/default");
xc.setXPathNamespaceContext("xmlns:ns1", "http://example.org/ns1");
xc.setXPath("self::default:Parent or (parent::default:Parent and not(self::default:Child)) or self::ns1:GrandChild or parent::ns1:GrandChild or self::default:GrandChild or parent::default:GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
tf.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
xmlSignature.addDocument("iaikTests.example3.xml", tf);
}
{
// ref 6
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:ns1", "http://example.org/ns1");
xc.setXPath("self::Parent or (parent::Parent and not(self::Child)) or self::ns1:GrandChild or parent::ns1:GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("iaikTests.example4.xml", tf);
}
{
// ref 7
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPathNamespaceContext("xmlns:ns1", "http://example.org/ns1");
xc.setXPath("self::Parent or (parent::Parent and not(self::Child)) or self::ns1:GrandChild or parent::ns1:GrandChild");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
{
InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2");
tf.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, incNS.getElement());
}
xmlSignature.addDocument("iaikTests.example4.xml", tf);
}
{
// ref 8
ObjectContainer obj = new ObjectContainer(doc);
String id = "object1";
obj.setId(id);
String xmlStr = "" + "<included xml:lang='de'>" + "\n" + "<notIncluded xml:lang='de'>" + "\n" + "<notIncluded xml:lang='uk'>" + "\n" + "<included >" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</notIncluded>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
// ref apache_8
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 9
ObjectContainer obj = new ObjectContainer(doc);
String id = "object2";
obj.setId(id);
String xmlStr = "" + "<included xml:lang='uk'>" + "\n" + "<notIncluded xml:lang='de'>" + "\n" + "<notIncluded xml:lang='uk'>" + "\n" + "<included >" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</notIncluded>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
// ref apache_8
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 10
ObjectContainer obj = new ObjectContainer(doc);
String id = "object3";
obj.setId(id);
String xmlStr = "" + "<included xml:lang='de'>" + "\n" + "<notIncluded xml:lang='de'>" + "\n" + "<notIncluded xml:lang='uk'>" + "\n" + "<included xml:lang='de'>" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</notIncluded>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
// ref apache_8
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 11
ObjectContainer obj = new ObjectContainer(doc);
String id = "object4";
obj.setId(id);
String xmlStr = "" + "<included xml:lang='de'>" + "\n" + "<included xml:lang='de'>" + "\n" + "<notIncluded xml:lang='uk'>" + "\n" + "<included >" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</included>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 12
ObjectContainer obj = new ObjectContainer(doc);
String id = "object5";
obj.setId(id);
String xmlStr = "" + "<included xml:lang='de'>" + "\n" + "<included xml:lang='de'>" + "\n" + "<notIncluded xml:space='preserve' xml:lang='uk'>" + "\n" + "<included >" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</included>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 13
ObjectContainer obj = new ObjectContainer(doc);
String id = "object6";
obj.setId(id);
String xmlStr = "" + "<included xml:space='preserve' xml:lang='de'>" + "\n" + "<included xml:lang='de'>" + "\n" + "<notIncluded xml:lang='uk'>" + "\n" + "<included>" + "\n" + "</included>" + "\n" + "</notIncluded>" + "\n" + "</included>" + "\n" + "</included>";
Document importDoc = null;
try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes(StandardCharsets.UTF_8))) {
importDoc = XMLUtils.read(is, false);
}
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement().appendChild(doc.importNode(importDoc.getDocumentElement(), true));
obj.getElement().appendChild(doc.createTextNode("\n"));
xmlSignature.appendObject(obj);
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 13b
String id = "object6";
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
tf.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
}
xmlSignature.addDocument("#" + id, tf);
}
{
// ref 13c
String id = "object6";
Transforms tf = new Transforms(doc);
{
XPathContainer xc = new XPathContainer(doc);
xc.setXPath("self::node()[local-name()='included']");
tf.addTransform(Transforms.TRANSFORM_XPATH, xc.getElement());
tf.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
tf.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
}
xmlSignature.addDocument("#" + id, tf);
// xmlSignature.addDocument("#" + id, tf, org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1, "ref13c", null);
}
String secretKey = "secret";
xmlSignature.getKeyInfo().addKeyName("The UTF-8 octets of \"" + secretKey + "\" are used for signing (" + secretKey.length() + " octets)");
xmlSignature.sign(xmlSignature.createSecretKey(secretKey.getBytes()));
FileOutputStream fos = new FileOutputStream(signatureFile);
XMLUtils.outputDOM(doc, fos);
fos.close();
int length = xmlSignature.getSignedInfo().getLength();
for (int i = 0; i < length; i++) {
String fname = directory + "c14n-" + i + "-apache.xml";
System.out.println(fname);
JavaUtils.writeBytesToFilename(fname, xmlSignature.getSignedInfo().getReferencedContentAfterTransformsItem(i).getBytes());
}
XMLSignature s = new XMLSignature(doc.getDocumentElement(), signatureFile.toURI().toURL().toString());
boolean verify = s.checkSignatureValue(s.createSecretKey("secret".getBytes()));
System.out.println("verify=" + verify);
System.out.println("");
XMLUtils.outputDOMc14nWithComments(doc, System.out);
}
use of org.apache.xml.security.transforms.Transforms in project santuario-xml-security-java by apache.
the class HMACSignatureAlgorithmTest method sign.
private XMLSignature sign(String algorithm, Document document, List<String> localNames, Key signingKey) throws Exception {
String c14nMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
XMLSignature sig = new XMLSignature(document, "", algorithm, c14nMethod);
Element root = document.getDocumentElement();
root.appendChild(sig.getElement());
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
for (String localName : localNames) {
String expression = "//*[local-name()='" + localName + "']";
NodeList elementsToSign = (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
for (int i = 0; i < elementsToSign.getLength(); i++) {
Element elementToSign = (Element) elementsToSign.item(i);
assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
Transforms transforms = new Transforms(document);
transforms.addTransform(c14nMethod);
String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
sig.addDocument("#" + id, transforms, digestMethod);
}
}
sig.sign(signingKey);
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
assertNotNull(sigElement);
return sig;
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class JDKXPathFactoryTest method testXPathSignature.
@org.junit.jupiter.api.Test
public void testXPathSignature() throws Exception {
Document doc = TestUtils.newDocument();
doc.appendChild(doc.createComment(" Comment before "));
Element root = doc.createElementNS("", "RootElement");
doc.appendChild(root);
root.appendChild(doc.createTextNode("Some simple text\n"));
// Sign
XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA);
root.appendChild(sig.getElement());
ObjectContainer object = new ObjectContainer(doc);
object.setId("object-1");
object.setMimeType("text/plain");
object.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
object.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
sig.appendObject(object);
Transforms transforms = new Transforms(doc);
XPathContainer xpathC = new XPathContainer(doc);
xpathC.setXPath("ancestor-or-self::dsig-xpath:Object");
xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH);
Element node = xpathC.getElement();
transforms.addTransform(Transforms.TRANSFORM_XPATH, node);
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
sig.sign(kp.getPrivate());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLUtils.outputDOMc14nWithComments(doc, bos);
String signedDoc = new String(bos.toByteArray());
// Now Verify
try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
doc = XMLUtils.read(is, false);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignature signature = new XMLSignature(sigElement, "");
assertTrue(signature.checkSignatureValue(kp.getPublic()));
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class XmlSecTest method checkXmlSignatureSoftwareStack.
private void checkXmlSignatureSoftwareStack(boolean cert) throws Exception {
Init.init();
Document testDocument = TestUtils.newDocument();
Element rootElement = testDocument.createElementNS("urn:namespace", "tns:document");
rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:namespace");
testDocument.appendChild(rootElement);
Element childElement = testDocument.createElementNS("urn:childnamespace", "t:child");
childElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:t", "urn:childnamespace");
childElement.appendChild(testDocument.createTextNode("hello world"));
rootElement.appendChild(childElement);
PrivateKey privateKey;
PublicKey publicKey = null;
X509Certificate signingCert = null;
if (cert) {
// get key & self-signed certificate from keystore
String fs = System.getProperty("file.separator");
FileInputStream fis = new FileInputStream(BASEDIR + fs + "src/test/resources" + fs + "test.jks");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, "changeit".toCharArray());
signingCert = (X509Certificate) ks.getCertificate("mullan");
publicKey = signingCert.getPublicKey();
privateKey = (PrivateKey) ks.getKey("mullan", "changeit".toCharArray());
} else {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
}
XMLSignature signature = new XMLSignature(testDocument, "", XMLSignature.ALGO_ID_SIGNATURE_DSA, Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
Element signatureElement = signature.getElement();
rootElement.appendChild(signatureElement);
Transforms transforms = new Transforms(testDocument);
XPathContainer xpath = new XPathContainer(testDocument);
xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
xpath.setXPath("not(ancestor-or-self::ds:Signature)");
transforms.addTransform(Transforms.TRANSFORM_XPATH, xpath.getElementPlusReturns());
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
signature.addDocument("", transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
if (cert) {
signature.addKeyInfo(signingCert);
} else {
signature.addKeyInfo(publicKey);
}
Element nsElement = testDocument.createElementNS(null, "nsElement");
nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
signature.sign(privateKey);
XPathFactory xpf = XPathFactory.newInstance();
XPath xPath = xpf.newXPath();
xPath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xPath.evaluate(expression, testDocument, XPathConstants.NODE);
XMLSignature signatureToVerify = new XMLSignature(sigElement, "");
boolean signResult = signatureToVerify.checkSignatureValue(publicKey);
assertTrue(signResult);
}
use of org.apache.xml.security.transforms.Transforms in project santuario-java by apache.
the class TransformBase64DecodeTest method test2.
@org.junit.jupiter.api.Test
public void test2() throws Exception {
// base64 encoded twice
String s2 = "VkdobElGVlNTU0J2WmlCMGFHVWdkSEpoYm5ObWIzSnRJR2x6SUdoMGRIQTZMeTkzZDNjdWR6TXVi\n" + "M0puTHpJd01EQXZNRGt2ZUcxcwpaSE5wWnlOaVlYTmxOalE9";
Document doc = TransformBase64DecodeTest.createDocument();
Transforms t = new Transforms(doc);
doc.appendChild(t.getElement());
t.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
XMLSignatureInput in = null;
try (InputStream is = new ByteArrayInputStream(s2.getBytes())) {
in = new XMLSignatureInput(is);
}
XMLSignatureInput out = t.performTransforms(t.performTransforms(in));
String result = new String(out.getBytes());
assertEquals(result, "The URI of the transform is http://www.w3.org/2000/09/xmldsig#base64");
}
Aggregations