List of usage examples for javax.xml.crypto XMLCryptoContext getProperty
Object getProperty(String name);
From source file:org.apache.jcp.xml.dsig.internal.dom.ApacheTransform.java
private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException { if (ownerDoc == null) { throw new TransformException("transform must be marshalled"); }/*from www . j a v a2s. c o m*/ if (apacheTransform == null) { try { apacheTransform = new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); apacheTransform.setElement(transformElem, xc.getBaseURI()); if (log.isDebugEnabled()) { log.debug("Created transform for algorithm: " + getAlgorithm()); } } catch (Exception ex) { throw new TransformException("Couldn't find Transform for: " + getAlgorithm(), ex); } } Boolean secureValidation = (Boolean) xc.getProperty("org.apache.jcp.xml.dsig.secureValidation"); if (secureValidation != null && secureValidation.booleanValue()) { String algorithm = getAlgorithm(); if (Transforms.TRANSFORM_XSLT.equals(algorithm)) { throw new TransformException( "Transform " + algorithm + " is forbidden when secure validation is enabled"); } } XMLSignatureInput in; if (data instanceof ApacheData) { if (log.isDebugEnabled()) { log.debug("ApacheData = true"); } in = ((ApacheData) data).getXMLSignatureInput(); } else if (data instanceof NodeSetData) { if (log.isDebugEnabled()) { log.debug("isNodeSet() = true"); } if (data instanceof DOMSubTreeData) { if (log.isDebugEnabled()) { log.debug("DOMSubTreeData = true"); } DOMSubTreeData subTree = (DOMSubTreeData) data; in = new XMLSignatureInput(subTree.getRoot()); in.setExcludeComments(subTree.excludeComments()); } else { @SuppressWarnings("unchecked") Set<Node> nodeSet = Utils.toNodeSet(((NodeSetData) data).iterator()); in = new XMLSignatureInput(nodeSet); } } else { if (log.isDebugEnabled()) { log.debug("isNodeSet() = false"); } try { in = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } catch (Exception ex) { throw new TransformException(ex); } } try { if (os != null) { in = apacheTransform.performTransform(in, os); if (!in.isNodeSet() && !in.isElement()) { return null; } } else { in = apacheTransform.performTransform(in); } if (in.isOctetStream()) { return new ApacheOctetStreamData(in); } else { return new ApacheNodeSetData(in); } } catch (Exception ex) { throw new TransformException(ex); } }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMReference.java
/** * Creates a <code>DOMReference</code> from an element. * * @param refElem a Reference element//from ww w . ja v a 2 s . c o m */ public DOMReference(Element refElem, XMLCryptoContext context, Provider provider) throws MarshalException { Boolean secureValidation = (Boolean) context.getProperty("org.apache.jcp.xml.dsig.secureValidation"); boolean secVal = false; if (secureValidation != null && secureValidation.booleanValue()) { secVal = true; } // unmarshal Transforms, if specified Element nextSibling = DOMUtils.getFirstChildElement(refElem); List<Transform> transforms = new ArrayList<Transform>(5); if (nextSibling.getLocalName().equals("Transforms")) { Element transformElem = DOMUtils.getFirstChildElement(nextSibling); int transformCount = 0; while (transformElem != null) { transforms.add(new DOMTransform(transformElem, context, provider)); transformElem = DOMUtils.getNextSiblingElement(transformElem); transformCount++; if (secVal && (transformCount > MAXIMUM_TRANSFORM_COUNT)) { String error = "A maxiumum of " + MAXIMUM_TRANSFORM_COUNT + " " + "transforms per Reference are allowed with secure validation"; throw new MarshalException(error); } } nextSibling = DOMUtils.getNextSiblingElement(nextSibling); } // unmarshal DigestMethod Element dmElem = nextSibling; this.digestMethod = DOMDigestMethod.unmarshal(dmElem); String digestMethodAlgorithm = this.digestMethod.getAlgorithm(); if (secVal && MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5.equals(digestMethodAlgorithm)) { throw new MarshalException( "It is forbidden to use algorithm " + digestMethod + " when secure validation is enabled"); } // unmarshal DigestValue try { Element dvElem = DOMUtils.getNextSiblingElement(dmElem); this.digestValue = Base64.decode(dvElem); } catch (Base64DecodingException bde) { throw new MarshalException(bde); } // unmarshal attributes this.uri = DOMUtils.getAttributeValue(refElem, "URI"); Attr attr = refElem.getAttributeNodeNS(null, "Id"); if (attr != null) { this.id = attr.getValue(); refElem.setIdAttributeNode(attr, true); } else { this.id = null; } this.type = DOMUtils.getAttributeValue(refElem, "Type"); this.here = refElem.getAttributeNodeNS(null, "URI"); this.refElem = refElem; this.transforms = transforms; this.allTransforms = transforms; this.appliedTransformData = null; this.provider = provider; }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMReference.java
private byte[] transform(Data dereferencedData, XMLCryptoContext context) throws XMLSignatureException { if (md == null) { try {//from www .jav a2 s . c om md = MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm()); } catch (NoSuchAlgorithmException nsae) { throw new XMLSignatureException(nsae); } } md.reset(); DigesterOutputStream dos; Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference"); if (cache != null && cache.booleanValue()) { this.derefData = copyDerefData(dereferencedData); dos = new DigesterOutputStream(md, true); } else { dos = new DigesterOutputStream(md); } OutputStream os = null; Data data = dereferencedData; try { os = new UnsyncBufferedOutputStream(dos); for (int i = 0, size = transforms.size(); i < size; i++) { DOMTransform transform = (DOMTransform) transforms.get(i); if (i < size - 1) { data = transform.transform(data, context); } else { data = transform.transform(data, context, os); } } if (data != null) { XMLSignatureInput xi; // explicitly use C14N 1.1 when generating signature // first check system property, then context property boolean c14n11 = useC14N11; String c14nalg = CanonicalizationMethod.INCLUSIVE; if (context instanceof XMLSignContext) { if (!c14n11) { Boolean prop = (Boolean) context.getProperty("org.apache.xml.security.useC14N11"); c14n11 = (prop != null && prop.booleanValue()); if (c14n11) { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } else { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } if (data instanceof ApacheData) { xi = ((ApacheData) data).getXMLSignatureInput(); } else if (data instanceof OctetStreamData) { xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else if (data instanceof NodeSetData) { TransformService spi = null; if (provider == null) { spi = TransformService.getInstance(c14nalg, "DOM"); } else { try { spi = TransformService.getInstance(c14nalg, "DOM", provider); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM"); } } data = spi.transform(data, context); xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else { throw new XMLSignatureException("unrecognized Data type"); } if (context instanceof XMLSignContext && c14n11 && !xi.isOctetStream() && !xi.isOutputStreamSet()) { TransformService spi = null; if (provider == null) { spi = TransformService.getInstance(c14nalg, "DOM"); } else { try { spi = TransformService.getInstance(c14nalg, "DOM", provider); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM"); } } DOMTransform t = new DOMTransform(spi); Element transformsElem = null; String dsPrefix = DOMUtils.getSignaturePrefix(context); if (allTransforms.isEmpty()) { transformsElem = DOMUtils.createElement(refElem.getOwnerDocument(), "Transforms", XMLSignature.XMLNS, dsPrefix); refElem.insertBefore(transformsElem, DOMUtils.getFirstChildElement(refElem)); } else { transformsElem = DOMUtils.getFirstChildElement(refElem); } t.marshal(transformsElem, dsPrefix, (DOMCryptoContext) context); allTransforms.add(t); xi.updateOutputStream(os, true); } else { xi.updateOutputStream(os); } } os.flush(); if (cache != null && cache.booleanValue()) { this.dis = dos.getInputStream(); } return dos.getDigestValue(); } catch (NoSuchAlgorithmException e) { throw new XMLSignatureException(e); } catch (TransformException e) { throw new XMLSignatureException(e); } catch (MarshalException e) { throw new XMLSignatureException(e); } catch (IOException e) { throw new XMLSignatureException(e); } catch (org.apache.xml.security.c14n.CanonicalizationException e) { throw new XMLSignatureException(e); } finally { if (os != null) { try { os.close(); } catch (IOException e) { throw new XMLSignatureException(e); } } if (dos != null) { try { dos.close(); } catch (IOException e) { throw new XMLSignatureException(e); } } } }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.java
/** * Creates a <code>DOMSignedInfo</code> from an element. * * @param siElem a SignedInfo element// www . j a va 2s . c o m */ public DOMSignedInfo(Element siElem, XMLCryptoContext context, Provider provider) throws MarshalException { localSiElem = siElem; ownerDoc = siElem.getOwnerDocument(); // get Id attribute, if specified id = DOMUtils.getAttributeValue(siElem, "Id"); // unmarshal CanonicalizationMethod Element cmElem = DOMUtils.getFirstChildElement(siElem); canonicalizationMethod = new DOMCanonicalizationMethod(cmElem, context, provider); // unmarshal SignatureMethod Element smElem = DOMUtils.getNextSiblingElement(cmElem); signatureMethod = DOMSignatureMethod.unmarshal(smElem); Boolean secureValidation = (Boolean) context.getProperty("org.apache.jcp.xml.dsig.secureValidation"); boolean secVal = false; if (secureValidation != null && secureValidation.booleanValue()) { secVal = true; } String signatureMethodAlgorithm = signatureMethod.getAlgorithm(); if (secVal && ((ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(signatureMethodAlgorithm) || ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(signatureMethodAlgorithm)))) { throw new MarshalException( "It is forbidden to use algorithm " + signatureMethod + " when secure validation is enabled"); } // unmarshal References ArrayList<Reference> refList = new ArrayList<Reference>(5); Element refElem = DOMUtils.getNextSiblingElement(smElem); int refCount = 0; while (refElem != null) { refList.add(new DOMReference(refElem, context, provider)); refElem = DOMUtils.getNextSiblingElement(refElem); refCount++; if (secVal && (refCount > MAXIMUM_REFERENCE_COUNT)) { String error = "A maxiumum of " + MAXIMUM_REFERENCE_COUNT + " " + "references per Manifest are allowed with secure validation"; throw new MarshalException(error); } } references = Collections.unmodifiableList(refList); }
From source file:org.jcp.xml.dsig.internal.dom.DOMReference.java
private byte[] transform(Data dereferencedData, XMLCryptoContext context) throws XMLSignatureException { if (md == null) { try {/*from ww w . j a v a 2 s . c om*/ md = MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm()); } catch (NoSuchAlgorithmException nsae) { throw new XMLSignatureException(nsae); } } md.reset(); DigesterOutputStream dos; Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference"); if (cache != null && cache.booleanValue() == true) { this.derefData = copyDerefData(dereferencedData); dos = new DigesterOutputStream(md, true); } else { dos = new DigesterOutputStream(md); } OutputStream os = new UnsyncBufferedOutputStream(dos); Data data = dereferencedData; for (int i = 0, size = transforms.size(); i < size; i++) { DOMTransform transform = (DOMTransform) transforms.get(i); try { if (i < size - 1) { data = transform.transform(data, context); } else { data = transform.transform(data, context, os); } } catch (TransformException te) { throw new XMLSignatureException(te); } } try { if (data != null) { XMLSignatureInput xi; // explicitly use C14N 1.1 when generating signature // first check system property, then context property boolean c14n11 = useC14N11; String c14nalg = CanonicalizationMethod.INCLUSIVE; if (context instanceof XMLSignContext) { if (!c14n11) { Boolean prop = (Boolean) context.getProperty("org.apache.xml.security.useC14N11"); c14n11 = (prop != null && prop.booleanValue() == true); if (c14n11) { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } else { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } if (data instanceof ApacheData) { xi = ((ApacheData) data).getXMLSignatureInput(); } else if (data instanceof OctetStreamData) { xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else if (data instanceof NodeSetData) { TransformService spi = null; try { spi = TransformService.getInstance(c14nalg, "DOM"); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM", provider); } data = spi.transform(data, context); xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else { throw new XMLSignatureException("unrecognized Data type"); } if (context instanceof XMLSignContext && c14n11 && !xi.isOctetStream() && !xi.isOutputStreamSet()) { DOMTransform t = new DOMTransform(TransformService.getInstance(c14nalg, "DOM")); Element transformsElem = null; String dsPrefix = DOMUtils.getSignaturePrefix(context); if (allTransforms.isEmpty()) { transformsElem = DOMUtils.createElement(refElem.getOwnerDocument(), "Transforms", XMLSignature.XMLNS, dsPrefix); refElem.insertBefore(transformsElem, DOMUtils.getFirstChildElement(refElem)); } else { transformsElem = DOMUtils.getFirstChildElement(refElem); } t.marshal(transformsElem, dsPrefix, (DOMCryptoContext) context); allTransforms.add(t); xi.updateOutputStream(os, true); } else { xi.updateOutputStream(os); } } os.flush(); if (cache != null && cache.booleanValue() == true) { this.dis = dos.getInputStream(); } return dos.getDigestValue(); } catch (NoSuchAlgorithmException e) { throw new XMLSignatureException(e); } catch (TransformException e) { throw new XMLSignatureException(e); } catch (MarshalException e) { throw new XMLSignatureException(e); } catch (IOException e) { throw new XMLSignatureException(e); } catch (org.apache.xml.security.c14n.CanonicalizationException e) { throw new XMLSignatureException(e); } }