Java Code Examples for org.apache.xml.security.signature.XMLSignature#getKeyInfo()
The following examples show how to use
org.apache.xml.security.signature.XMLSignature#getKeyInfo() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
try {
String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
xmlSignature.setFollowNestedManifests(followNestedManifest);
xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
KeyInfo keyInfo = xmlSignature.getKeyInfo();
keyInfo.setSecureValidation(false);
Extractor extractor = new X509DataExctractor();
result.getCertChain().addAll(extractor.extract(keyInfo));
X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
result.setSigningCert(signingCert);
if (!xmlSignature.checkSignatureValue(signingCert)) {
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
} catch (Exception var11) {
LOG.error("Unable to verify XmlDsig Signature", var11);
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
}
Example 2
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
try {
String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
xmlSignature.setFollowNestedManifests(followNestedManifest);
xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
KeyInfo keyInfo = xmlSignature.getKeyInfo();
keyInfo.setSecureValidation(false);
Extractor extractor = new X509DataExctractor();
result.getCertChain().addAll(extractor.extract(keyInfo));
X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
result.setSigningCert(signingCert);
if (!xmlSignature.checkSignatureValue(signingCert)) {
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
} catch (Exception var11) {
LOG.error("Unable to verify XmlDsig Signature", var11);
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
}
Example 3
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
try {
String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
xmlSignature.setFollowNestedManifests(followNestedManifest);
xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
KeyInfo keyInfo = xmlSignature.getKeyInfo();
keyInfo.setSecureValidation(false);
Extractor extractor = new X509DataExctractor();
result.getCertChain().addAll(extractor.extract(keyInfo));
X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
result.setSigningCert(signingCert);
if (!xmlSignature.checkSignatureValue(signingCert)) {
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
} catch (Exception var11) {
LOG.error("Unable to verify XmlDsig Signature", var11);
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
}
Example 4
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
try {
String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
xmlSignature.setFollowNestedManifests(followNestedManifest.booleanValue());
xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
KeyInfo keyInfo = xmlSignature.getKeyInfo();
keyInfo.setSecureValidation(false);
Extractor extractor = new X509DataExctractor();
result.getCertChain().addAll(extractor.extract(keyInfo));
X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
result.setSigningCert(signingCert);
if (!xmlSignature.checkSignatureValue(signingCert)) {
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
} catch (Exception var11) {
LOG.error("Unable to verify XmlDsig Signature", var11);
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
}
Example 5
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
try {
String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
xmlSignature.setFollowNestedManifests(followNestedManifest);
xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
KeyInfo keyInfo = xmlSignature.getKeyInfo();
keyInfo.setSecureValidation(false);
Extractor extractor = new X509DataExctractor();
result.getCertChain().addAll(extractor.extract(keyInfo));
X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
result.setSigningCert(signingCert);
if (!xmlSignature.checkSignatureValue(signingCert)) {
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
} catch (Exception var11) {
LOG.error("Unable to verify XmlDsig Signature", var11);
result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
}
}
Example 6
| Source File: SignatureUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
public Signature unmarshall(Element signatureElement) throws UnmarshallingException {
log.debug("Starting to unmarshall Apache XML-Security-based SignatureImpl element");
SignatureImpl signature = new SignatureImpl(signatureElement.getNamespaceURI(),
signatureElement.getLocalName(), signatureElement.getPrefix());
try {
log.debug("Constructing Apache XMLSignature object");
XMLSignature xmlSignature = new XMLSignature(signatureElement, "");
SignedInfo signedInfo = xmlSignature.getSignedInfo();
log.debug("Adding canonicalization and signing algorithms, and HMAC output length to Signature");
signature.setCanonicalizationAlgorithm(signedInfo.getCanonicalizationMethodURI());
signature.setSignatureAlgorithm(signedInfo.getSignatureMethodURI());
signature.setHMACOutputLength(getHMACOutputLengthValue(signedInfo.getSignatureMethodElement()));
org.apache.xml.security.keys.KeyInfo xmlSecKeyInfo = xmlSignature.getKeyInfo();
if (xmlSecKeyInfo != null) {
log.debug("Adding KeyInfo to Signature");
Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(
xmlSecKeyInfo.getElement());
KeyInfo keyInfo = (KeyInfo) unmarshaller.unmarshall(xmlSecKeyInfo.getElement());
signature.setKeyInfo(keyInfo);
}
signature.setXMLSignature(xmlSignature);
signature.setDOM(signatureElement);
return signature;
} catch (XMLSecurityException e) {
log.error("Error constructing Apache XMLSignature instance from Signature element: {}", e.getMessage());
throw new UnmarshallingException("Unable to unmarshall Signature with Apache XMLSignature", e);
}
}
Example 7
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Test
public void testIdPMetadata() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort()
+ "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
// Now validate the Signature
Document doc = rpPage.getXmlDocument();
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
Node signatureNode =
DOMUtils.getChild(doc.getDocumentElement(), "Signature");
Assert.assertNotNull(signatureNode);
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
webClient.close();
}
Example 8
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Test
public void testIdPMetadataDefault() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort()
+ "/fediz-idp/metadata";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
// Now validate the Signature
Document doc = rpPage.getXmlDocument();
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
Node signatureNode =
DOMUtils.getChild(doc.getDocumentElement(), "Signature");
Assert.assertNotNull(signatureNode);
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
webClient.close();
}
Example 9
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Test
public void testIdPServiceMetadata() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort()
+ "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
// Now validate the Signature
Document doc = rpPage.getXmlDocument();
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
Node signatureNode =
DOMUtils.getChild(doc.getDocumentElement(), "Signature");
Assert.assertNotNull(signatureNode);
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
webClient.close();
}
Example 10
| Source File: AbstractTests.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Test
public void testRPMetadata() throws Exception {
if (!isWSFederation()) {
return;
}
String url = "https://localhost:" + getRpHttpsPort()
+ "/" + getServletContextName() + "/FederationMetadata/2007-06/FederationMetadata.xml";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
// Now validate the Signature
Document doc = rpPage.getXmlDocument();
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
Node signatureNode =
DOMUtils.getChild(doc.getDocumentElement(), "Signature");
Assert.assertNotNull(signatureNode);
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
webClient.close();
}
Example 11
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Test
public void testIdPMetadata() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort()
+ "/fediz-idp/metadata?protocol=saml";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
// Now validate the Signature
Document doc = rpPage.getXmlDocument();
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
Node signatureNode =
DOMUtils.getChild(doc.getDocumentElement(), "Signature");
Assert.assertNotNull(signatureNode);
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
org.apache.xml.security.keys.KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
webClient.close();
}
Example 12
| Source File: FederationMetaDataTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException, XMLSecurityException {
FedizContext config = loadConfig("ROOT");
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc = wfProc.getMetaData(null, config);
Assert.assertNotNull(doc);
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
Assert.assertNotNull(signatureNode);
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
fail("Exception not expected: " + e.getMessage());
}
// Validate the signature
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
}
Example 13
| Source File: SAMLMetaDataTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException, XMLSecurityException {
FedizContext config = loadConfig("ROOT");
FedizProcessor wfProc = new FederationProcessorImpl();
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH).times(2);
EasyMock.replay(req);
Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
Assert.assertNotNull(signatureNode);
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
fail("Exception not expected: " + e.getMessage());
}
// Validate the signature
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
Assert.assertNotNull(ki);
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
}
