List of usage examples for javax.xml.parsers DocumentBuilderFactory setAttribute
public abstract void setAttribute(String name, Object value) throws IllegalArgumentException;
From source file:org.apache.rampart.util.Axis2Util.java
/** * Create DocumentBuilderFactory with the XXE prevention measurements * * @return DocumentBuilderFactory instance *//* www. ja v a2s. co m*/ public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (ParserConfigurationException e) { logger.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE); } SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }
From source file:org.apache.woden.internal.DOMWSDLReader.java
/** * Create the JAXP DocumentBuilderFactory instance.Use JAXP 1.2 API for validation. * @param namespaceAware whether the returned factory is to provide support for XML namespaces * @return the JAXP DocumentBuilderFactory * @throws ParserConfigurationException if we failed to build a proper DocumentBuilderFactory */// www. ja va 2 s . c o m protected DocumentBuilderFactory createDocumentBuilderFactory(boolean namespaceAware) throws ParserConfigurationException, WSDLException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(namespaceAware); // Enable validation on the XML parser if it has been enabled // for the Woden parser. if (features.getValue(WSDLReader.FEATURE_VALIDATION)) { factory.setValidating(true); // Enforce namespace aware for XSD... factory.setNamespaceAware(true); try { factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA); factory.setAttribute(JAXP_SCHEMA_SOURCE, schemas); } catch (IllegalArgumentException e) { getErrorReporter().reportError(new ErrorLocatorImpl(), //TODO line&col nos. "WSDL515", new Object[] { factory.getClass().getName() }, ErrorReporter.SEVERITY_FATAL_ERROR, e); } } else { factory.setValidating(false); } return factory; }
From source file:org.apache.xml.security.samples.iaik.IAIKInterOp.java
/** * Method main/*from w ww.jav a 2s. co m*/ * * @param unused */ public static void main(String unused[]) { if (schemaValidate) { System.out.println("We do schema-validation"); } else { System.out.println("We do not schema-validation"); } javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); if (IAIKInterOp.schemaValidate) { dbf.setAttribute("http://apache.org/xml/features/validation/schema", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.TRUE); dbf.setValidating(true); dbf.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation", Constants.SignatureSpecNS + " " + IAIKInterOp.signatureSchemaFile); } dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); //J- String gregorsDir = "data/at/iaik/ixsil/"; String filenames[] = { gregorsDir + "signatureAlgorithms/signatures/hMACSignature.xml", gregorsDir + "signatureAlgorithms/signatures/hMACShortSignature.xml", gregorsDir + "signatureAlgorithms/signatures/dSASignature.xml", gregorsDir + "signatureAlgorithms/signatures/rSASignature.xml", gregorsDir + "transforms/signatures/base64DecodeSignature.xml", gregorsDir + "transforms/signatures/c14nSignature.xml", gregorsDir + "coreFeatures/signatures/manifestSignature.xml", gregorsDir + "transforms/signatures/xPathSignature.xml", gregorsDir + "coreFeatures/signatures/signatureTypesSignature.xml", gregorsDir + "transforms/signatures/envelopedSignatureSignature.xml" }; //J+ verifyAnonymous(gregorsDir, dbf); for (int i = 0; i < 2; i++) { String signatureFileName = filenames[i]; try { org.apache.xml.security.samples.signature.VerifyMerlinsExamplesFifteen.verifyHMAC(dbf, signatureFileName); } catch (Exception ex) { System.out.println( "The XML signature in file " + signatureFileName + " crashed the application (bad)"); ex.printStackTrace(); System.out.println(); } } for (int i = 2; i < filenames.length; i++) { String signatureFileName = filenames[i]; try { org.apache.xml.security.samples.signature.VerifyMerlinsExamplesSixteen.verify(dbf, signatureFileName); } catch (Exception ex) { System.out.println( "The XML signature in file " + signatureFileName + " crashed the application (bad)"); ex.printStackTrace(); System.out.println(); } } for (int i = 2; i < filenames.length; i++) { String signatureFileName = filenames[i]; try { org.apache.xml.security.samples.signature.VerifyMerlinsExamplesTwentyThree.verify(dbf, signatureFileName); } catch (Exception ex) { System.out.println( "The XML signature in file " + signatureFileName + " crashed the application (bad)"); ex.printStackTrace(); System.out.println(); } } }
From source file:org.apache.xml.security.samples.signature.VerifyCollectableSignature.java
/** * Method main//from w w w . ja v a 2 s. c o m * * @param unused * @throws Exception */ public static void main(String unused[]) throws Exception { javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); try { File signatureFile = new File("collectableSignature.xml"); String BaseURI = signatureFile.toURL().toString(); System.out.println("Try to verify " + signatureFile.toURL().toString()); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler()); org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(signatureFile)); Element nscontext = SampleUtils.createDSctx(doc, "ds", Constants.SignatureSpecNS); NodeList signatureElems = XPathAPI.selectNodeList(doc, "//ds:Signature", nscontext); for (int i = 0; i < signatureElems.getLength(); i++) { Element sigElement = (Element) signatureElems.item(i); XMLSignature signature = new XMLSignature(sigElement, BaseURI); byte[] secretKey = "secretValue".getBytes(); System.out.println("The XML signature number " + i + " in file " + BaseURI + " is " + (signature.checkSignatureValue( signature.createSecretKey(CreateCollectableSignature.passphrase.getBytes())) ? "valid (good)" : "invalid !!!!! (bad)")); SignedInfo s = signature.getSignedInfo(); for (int j = 0; j < s.getSignedContentLength(); j++) { System.out.println("################ Signed Resource " + i + "/" + j + " ################"); System.out.println(new String(s.getSignedContentItem(j))); System.out.println(); } } } catch (Exception ex) { ex.printStackTrace(); } }
From source file:org.apache.xml.security.samples.signature.VerifyMerlinsExamplesFifteen.java
/** * Method main//ww w . j ava2 s . c o m * * @param unused */ public static void main(String unused[]) { if (schemaValidate) { System.out.println("We do schema-validation"); } else { System.out.println("We do not schema-validation"); } javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); if (VerifyMerlinsExamplesSixteen.schemaValidate) { dbf.setAttribute("http://apache.org/xml/features/validation/schema", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.TRUE); dbf.setValidating(true); dbf.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation", Constants.SignatureSpecNS + " " + VerifyMerlinsExamplesSixteen.signatureSchemaFile); } dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); //J- String merlinsDir = "data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/"; String filenames[] = { merlinsDir + "signature-enveloping-hmac-sha1.xml", merlinsDir + "signature-enveloped-dsa.xml", merlinsDir + "signature-enveloping-b64-dsa.xml", merlinsDir + "signature-enveloping-dsa.xml", merlinsDir + "signature-enveloping-rsa.xml", merlinsDir + "signature-external-b64-dsa.xml", merlinsDir + "signature-external-dsa.xml" }; try { verifyHMAC(dbf, filenames[0]); } catch (Exception ex) { ex.printStackTrace(); } for (int i = 1; i < filenames.length; i++) { String signatureFileName = filenames[i]; try { VerifyMerlinsExamplesSixteen.verify(dbf, signatureFileName); } catch (Exception ex) { ex.printStackTrace(); } } }
From source file:org.apache.xml.security.samples.signature.VerifyMerlinsExamplesSixteen.java
/** * Method main/* w w w . j a v a2s . com*/ * * @param unused */ public static void main(String unused[]) { if (schemaValidate) { System.out.println("We do schema-validation"); } else { System.out.println("We do not schema-validation"); } javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); if (VerifyMerlinsExamplesSixteen.schemaValidate) { dbf.setAttribute("http://apache.org/xml/features/validation/schema", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.TRUE); dbf.setValidating(true); dbf.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation", Constants.SignatureSpecNS + " " + VerifyMerlinsExamplesSixteen.signatureSchemaFile); } dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); //J- String filenames[] = { // "16signature.xml" // "merlinsSixteenRecreated.xml" "data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml" }; //J+ int start = 0; int end = filenames.length; for (int i = start; i < end; i++) { String signatureFileName = filenames[i]; try { verify(dbf, signatureFileName); } catch (Exception ex) { ex.printStackTrace(); } } }
From source file:org.apache.xml.security.samples.signature.VerifyMerlinsExamplesTwentyThree.java
/** * Method main//w w w . ja v a 2 s . c o m * * @param unused */ public static void main(String unused[]) { if (schemaValidate) { System.out.println("We do schema-validation"); } else { System.out.println("We do not schema-validation"); } javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); if (VerifyMerlinsExamplesTwentyThree.schemaValidate) { dbf.setAttribute("http://apache.org/xml/features/validation/schema", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.TRUE); dbf.setValidating(true); dbf.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE); dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation", Constants.SignatureSpecNS + " " + VerifyMerlinsExamplesTwentyThree.signatureSchemaFile); } dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); //J- String merlinsDir = "data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/"; String filenames[] = { // "23signature.xml" // "merlinsTwentyThreeRecreated.xml" merlinsDir + "signature.xml", merlinsDir + "signature-enveloped-dsa.xml", merlinsDir + "signature-enveloping-b64-dsa.xml", merlinsDir + "signature-enveloping-dsa.xml", merlinsDir + "signature-enveloping-hmac-sha1.xml", merlinsDir + "signature-enveloping-rsa.xml", merlinsDir + "signature-external-b64-dsa.xml", merlinsDir + "signature-external-dsa.xml" }; //J+ int start = 0; int end = filenames.length; for (int i = start; i < end; i++) { String signatureFileName = filenames[i]; try { verify(dbf, signatureFileName); } catch (Exception ex) { ex.printStackTrace(); } } }
From source file:org.apache.xml.security.test.encryption.BaltimoreEncTest.java
/** * Method setUp//from ww w . j av a 2 s. c o m */ protected void setUp() throws Exception { // Create the comparison strings DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); String filename = "data/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml"; String basedir = System.getProperty("basedir"); if (basedir != null && !"".equals(basedir)) { filename = basedir + "/" + filename; } File f = new File(filename); DocumentBuilder db = dbf.newDocumentBuilder(); Document doc = db.parse(new java.io.FileInputStream(f)); cardNumber = retrieveCCNumber(doc); // Test decrypt testDecryptString = new String("top secret message\n"); // Count the nodes in the document as a secondary test nodeCount = countNodes(doc); // Create the keys jebBytes = "abcdefghijklmnopqrstuvwx".getBytes("ASCII"); jobBytes = "abcdefghijklmnop".getBytes("ASCII"); jedBytes = "abcdefghijklmnopqrstuvwxyz012345".getBytes("ASCII"); // Certificate information rsaCertSerialNumber = new String("1014918766910"); // rsaKey filename = "data/ie/baltimore/merlin-examples/merlin-xmlenc-five/rsa.p8"; if (basedir != null && !"".equals(basedir)) { filename = basedir + "/" + filename; } byte[] pkcs8Bytes = JavaUtils.getBytesFromFile(filename); PKCS8EncodedKeySpec pkcs8Spec = new PKCS8EncodedKeySpec(pkcs8Bytes); // Create a key factory KeyFactory keyFactory = KeyFactory.getInstance("RSA"); rsaKey = keyFactory.generatePrivate(pkcs8Spec); // Initialise the library org.apache.xml.security.Init.init(); // Register our key resolver KeyResolver.register("org.apache.xml.security.test.encryption.BobKeyResolver"); // Check what algorithms are available haveISOPadding = false; String algorithmId = JCEMapper .translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); if (algorithmId != null) { try { if (Cipher.getInstance(algorithmId) != null) haveISOPadding = true; } catch (NoSuchAlgorithmException nsae) { } catch (NoSuchPaddingException nspe) { } } haveKeyWraps = (JCEMapper.translateURItoJCEID( org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_KEYWRAP_AES128) != null); }
From source file:org.apache.xml.security.test.encryption.BaltimoreEncTest.java
/** * Method decryptElement//from w ww. j a v a 2 s . c om * * Take a key, encryption type and a file, find an encrypted element * decrypt it and return the resulting document * * @param filename File to decrypt from */ public Document decryptElement(String filename) throws Exception { XMLCipher cipher; // Parse the document in question javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); String basedir = System.getProperty("basedir"); if (basedir != null && !"".equals(basedir)) { filename = basedir + "/" + filename; } File f = new File(filename); DocumentBuilder db = dbf.newDocumentBuilder(); Document doc = db.parse(new java.io.FileInputStream(f)); // Now we have the document, lets build the XMLCipher element Element ee = null; // Create the XMLCipher element cipher = XMLCipher.getInstance(); // Need to pre-load the Encrypted Data so we can get the key info ee = (Element) doc.getElementsByTagName("EncryptedData").item(0); cipher.init(XMLCipher.DECRYPT_MODE, null); EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee); Key key = findKey(encryptedData); cipher.init(XMLCipher.DECRYPT_MODE, key); Document dd = cipher.doFinal(doc, ee); return dd; }
From source file:org.apache.xml.security.test.encryption.BaltimoreEncTest.java
/** * Method decryptData/*from w w w . j ava2 s . c o m*/ * * Take a file, find an encrypted element decrypt it and return the * resulting byte array * * @param filename File to decrypt from */ public byte[] decryptData(String filename) throws Exception { XMLCipher cipher; // Parse the document in question javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); String basedir = System.getProperty("basedir"); if (basedir != null && !"".equals(basedir)) { filename = basedir + "/" + filename; } File f = new File(filename); DocumentBuilder db = dbf.newDocumentBuilder(); Document doc = db.parse(new java.io.FileInputStream(f)); // Now we have the document, lets build the XMLCipher element Element ee = null; // Create the XMLCipher element cipher = XMLCipher.getInstance(); // Need to pre-load the Encrypted Data so we can get the key info ee = (Element) doc.getElementsByTagName("EncryptedData").item(0); cipher.init(XMLCipher.DECRYPT_MODE, null); EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee); Key key = findKey(encryptedData); cipher.init(XMLCipher.DECRYPT_MODE, key); byte[] dd = cipher.decryptToByteArray(ee); return dd; }