use of org.apache.xml.security.utils.resolver.ResourceResolverException in project santuario-java by apache.
the class ResolverLocalFilesystem method engineResolveURI.
/**
* {@inheritDoc}
*/
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
try {
// calculate new URI
URI uriNew = getNewURI(context.uriToResolve, context.baseUri);
String fileName = ResolverLocalFilesystem.translateUriToFilename(uriNew.toString());
InputStream inputStream = Files.newInputStream(Paths.get(fileName));
XMLSignatureInput result = new XMLSignatureInput(inputStream);
result.setSecureValidation(context.secureValidation);
result.setSourceURI(uriNew.toString());
return result;
} catch (Exception e) {
throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
}
}
use of org.apache.xml.security.utils.resolver.ResourceResolverException in project santuario-java by apache.
the class ResolverXPointer method engineResolveURI.
/**
* {@inheritDoc}
*/
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
Node resultNode = null;
Document doc = context.attr.getOwnerElement().getOwnerDocument();
if (isXPointerSlash(context.uriToResolve)) {
resultNode = doc;
} else if (isXPointerId(context.uriToResolve)) {
String id = getXPointerId(context.uriToResolve);
resultNode = doc.getElementById(id);
if (context.secureValidation) {
Element start = context.attr.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
Object[] exArgs = { id };
throw new ResourceResolverException("signature.Verification.MultipleIDs", exArgs, context.uriToResolve, context.baseUri);
}
}
if (resultNode == null) {
Object[] exArgs = { id };
throw new ResourceResolverException("signature.Verification.MissingID", exArgs, context.uriToResolve, context.baseUri);
}
}
XMLSignatureInput result = new XMLSignatureInput(resultNode);
result.setSecureValidation(context.secureValidation);
result.setMIMEType("text/xml");
if (context.baseUri != null && context.baseUri.length() > 0) {
result.setSourceURI(context.baseUri.concat(context.uriToResolve));
} else {
result.setSourceURI(context.uriToResolve);
}
return result;
}
use of org.apache.xml.security.utils.resolver.ResourceResolverException in project santuario-java by apache.
the class XPointerResourceResolver method engineResolveURI.
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
String v = context.uriToResolve;
if (v.charAt(0) != '#') {
return null;
}
String xpURI;
try {
xpURI = URLDecoder.decode(v, "utf-8");
} catch (UnsupportedEncodingException e) {
LOG.warn("utf-8 not a valid encoding ", e);
return null;
}
String[] parts = xpURI.substring(1).split("\\s");
int i = 0;
Map<String, String> namespaces = new HashMap<>();
if (parts.length > 1) {
for (; i < parts.length - 1; ++i) {
if (!parts[i].endsWith(")") || !parts[i].startsWith(XNS_OPEN)) {
return null;
}
String mapping = parts[i].substring(XNS_OPEN.length(), parts[i].length() - 1);
int pos = mapping.indexOf('=');
if (pos <= 0 || pos >= mapping.length() - 1) {
throw new ResourceResolverException("malformed namespace part of XPointer expression", context.uriToResolve, context.baseUri);
}
namespaces.put(mapping.substring(0, pos), mapping.substring(pos + 1));
}
}
try {
Node node = null;
NodeList nodes = null;
// plain ID reference.
if (i == 0 && !parts[i].startsWith(XP_OPEN)) {
node = this.baseNode.getOwnerDocument().getElementById(parts[i]);
} else {
if (!parts[i].endsWith(")") || !parts[i].startsWith(XP_OPEN)) {
return null;
}
String xpathExpr = parts[i].substring(XP_OPEN.length(), parts[i].length() - 1);
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
DSNamespaceContext namespaceContext = new DSNamespaceContext(namespaces);
xpath.setNamespaceContext(namespaceContext);
nodes = (NodeList) xpath.evaluate(xpathExpr, this.baseNode, XPathConstants.NODESET);
if (nodes.getLength() == 0) {
return null;
}
if (nodes.getLength() == 1) {
node = nodes.item(0);
}
}
XMLSignatureInput result = null;
if (node != null) {
result = new XMLSignatureInput(node);
} else if (nodes != null) {
Set<Node> nodeSet = new HashSet<>(nodes.getLength());
for (int j = 0; j < nodes.getLength(); ++j) {
nodeSet.add(nodes.item(j));
}
result = new XMLSignatureInput(nodeSet);
} else {
return null;
}
result.setMIMEType("text/xml");
result.setExcludeComments(true);
result.setSourceURI((context.baseUri != null) ? context.baseUri.concat(v) : v);
return result;
} catch (XPathExpressionException e) {
throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "Problem evaluating XPath expression");
}
}
use of org.apache.xml.security.utils.resolver.ResourceResolverException in project santuario-java by apache.
the class ResolverDirectHTTPTest method testProxyAuthWithWrongPassword.
@Test
@Ignore
public void testProxyAuthWithWrongPassword() throws Exception {
Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
Attr uri = doc.createAttribute("URI");
uri.setNodeValue(url);
ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
resolverDirectHTTP.engineSetProperty("http.proxy.host", proxyHost);
resolverDirectHTTP.engineSetProperty("http.proxy.port", proxyPort);
resolverDirectHTTP.engineSetProperty("http.proxy.username", proxyUsername);
resolverDirectHTTP.engineSetProperty("http.proxy.password", "wrongPassword");
ResourceResolverContext context = new ResourceResolverContext(uri, url, true);
try {
resolverDirectHTTP.engineResolveURI(context);
Assert.fail("Expected ResourceResolverException");
} catch (ResourceResolverException e) {
Assert.assertEquals("Server returned HTTP response code: 407 for URL: " + url, e.getMessage());
}
}
use of org.apache.xml.security.utils.resolver.ResourceResolverException in project santuario-java by apache.
the class ResolverDirectHTTPTest method testServerAuthWithWrongPassword.
@Test
@Ignore
public void testServerAuthWithWrongPassword() throws Exception {
Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
Attr uri = doc.createAttribute("URI");
uri.setNodeValue(url);
ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
resolverDirectHTTP.engineSetProperty("http.basic.username", serverUsername);
resolverDirectHTTP.engineSetProperty("http.basic.password", "wrongPassword");
ResourceResolverContext context = new ResourceResolverContext(uri, url, true);
try {
resolverDirectHTTP.engineResolveURI(context);
Assert.fail("Expected ResourceResolverException");
} catch (ResourceResolverException e) {
Assert.assertEquals("Server returned HTTP response code: 401 for URL: " + url, e.getMessage());
}
}
Aggregations