Examples of javax.xml.crypto.dsig.Transform

• javax.xml.crypto.dsig.Transform
  3.org/TR/xmldsig-core/"> W3C Recommendation for XML-Signature Syntax and Processing. The XML Schema Definition is defined as:

   <element name="Transform" type="ds:TransformType"/> <complexType name="TransformType" mixed="true"> <choice minOccurs="0" maxOccurs="unbounded"> <any namespace="##other" processContents="lax"/> <!-- (1,1) elements from (0,unbounded) namespaces --> <element name="XPath" type="string"/> </choice> <attribute name="Algorithm" type="anyURI" use="required"/> </complexType> 

  A Transform instance may be created by invoking the {@link XMLSignatureFactory#newTransform newTransform} method of the {@link XMLSignatureFactory} class. @author Sean Mullan @author JSR 105 Expert Group @see XMLSignatureFactory#newTransform(String,TransformParameterSpec)

        List trList = ref.getTransforms();
        if(trList.size() >1){
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1714_UNSUPPORTED_TRANSFORM_ERROR());
            throw new XWSSecurityException("Only EXC14n Transform is supported");
        }
        Transform tr = (Transform) trList.get(0);

        ExcC14NParameterSpec spec = (ExcC14NParameterSpec)tr.getParameterSpec();
        if(spec != null){
            canonicalizer.setInclusivePrefixList(spec.getPrefixList());
        }
        if(parentNS != null && parentNS.size() >0){
            Iterator<Map.Entry<String, String>> itr = parentNS.entrySet().iterator();

            ListIterator transformIterator = transforms.listIterator();
            ArrayList transformList = new ArrayList(2);
            while(transformIterator.hasNext()) {
                SignatureTarget.Transform transformInfo = (SignatureTarget.Transform)transformIterator.next();
                String transformAlgo = transformInfo.getTransform();
                Transform transform = null;

                if(logger.isLoggable(Level.FINEST))
                    logger.log(Level.FINEST, "Transform Algorithm is "+transformAlgo);
                if(Transform.XPATH.equals(transformAlgo)){
                    /*TransformParameterSpec spec =(TransformParameterSpec) transformInfo.getAlgorithmParameters();
                    //XPathFilterParameterSpec spec = null;
                    if(spec == null){
                        throw new XWSSecurityException("XPATH parameters cannot be null");
                    }
                    //XPATH2,XSLTC , ..
                    transform = signatureFactory.newTransform(transformAlgo,spec);*/
                    throw new UnsupportedOperationException("XPATH not supported");
                } else if(Transform.XPATH2.equals(transformAlgo)){
                    /*TransformParameterSpec transformParams = (TransformParameterSpec)transformInfo.getAlgorithmParameters();
                    transform= signatureFactory.newTransform(transformAlgo,transformParams);*/
                    throw new UnsupportedOperationException("XPATH not supported");
                } else if (MessageConstants.STR_TRANSFORM_URI.equals(transformAlgo)){
                    Parameter transformParams =(Parameter) transformInfo.getAlgorithmParameters();
                    String  algo = null;
                    if(transformParams.getParamName().equals("CanonicalizationMethod")){
                        algo = transformParams.getParamValue();
                    }
                    if(algo == null){
                        throw new XWSSecurityException("STR Transform must have a"+
                                "canonicalization method specified");
                    }
                    if(logger.isLoggable(Level.FINEST)){
                        logger.log(Level.FINEST, "CanonicalizationMethod is " + algo);
                    }
                    //CanonicalizationMethod cm = null;
                    C14NMethodParameterSpec spec = null;
                    try{
                        TransformationParametersType tp =
                                new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParametersType();
                        com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod cm =
                                new com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod();
                        cm.setAlgorithm(algo);
                        tp.getAny().add(cm);
                        JAXBElement<TransformationParametersType> tpElement =
                                new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParameters(tp);
                        XMLStructure transformSpec = new JAXBStructure(tpElement);
                        transform = signatureFactory.newTransform(transformAlgo,transformSpec);
                        if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureTarget.getType())){
                            String targetURI = signatureTarget.getValue();
                            ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setReferenceId(targetURI);
                        }

                    } catch(Exception ex){
                        logger.log(Level.SEVERE,LogStringsMessages.WSS_1767_ERROR_CREATE_TRANSFORM_OBJECT(),ex);
                        throw new XWSSecurityException(ex.getMessage());
                    }
                } else if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // should be there by default...
                    // As per R 5412, last child of ds:Transforms must be either excl-c14n, or attachment-content only or attachment-complete transform
                    exclTransformToBeAdded = true;
                } else {
                    transform = signatureFactory.newTransform(transformAlgo,(TransformParameterSpec)null);
                    //throw new XWSSecurityException(transformAlgo + " not supported as Signature transform");

                }
                if (!MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // will add c14n transform in the end; later
                    transformList.add(transform);
                }
            }
            String targetURI = "";
            String signatureType = signatureTarget.getType();
            if (signatureTarget.isITNever()) {
                String uri = signatureTarget.getValue();
                uri =  uri.startsWith("#") ? uri.substring(1) : uri;
                SSEData data = (SSEData) fpContext.getElementCache().get(uri);
                SecurityHeaderElement se = (SecurityHeaderElement) data.getSecurityElement();
                fpContext.getSecurityHeader().add(se);
            }
            SecuredMessage secMessage = fpContext.getSecuredMessage();
            //SecurityHeader secHeader = fpContext.getSecurityHeader();
            //boolean headersOnly = signatureTarget.isSOAPHeadersOnly();

            if(signatureType.equals(SignatureTarget.TARGET_TYPE_VALUE_QNAME)){

                String expr = null;
                List<SignedMessagePart> targets = new ArrayList<SignedMessagePart>();

                String targetValue = signatureTarget.getValue();
                boolean optimized = false;
                if(fpContext.getConfigType() == MessageConstants.SIGN_BODY ||
                        fpContext.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY){
                    optimized = true;
                }

                if(targetValue.equals(SignatureTarget.BODY )){
                    Object body = secMessage.getBody();
                    if(body instanceof SignedMessagePart){
                        targets.add((SignedMessagePart)body);
                    } else if(body instanceof SecurityElement){
                        SignedMessagePart smp = new SignedMessagePart((SecurityElement)body);
                        targets.add(smp);

                    } else{
                        // replace SOAPBody with securityElement and add
                        // to targets
                        boolean contentOnly = signatureTarget.getContentOnly();
                        SOAPBody soapBody = (SOAPBody)body;
                        if(!contentOnly){
                            if(soapBody.getId() == null || "".equals(soapBody.getId()))
                                soapBody.setId(fpContext.generateID());
                            SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
                            secMessage.replaceBody(smp);
                            targets.add(smp);
                        } else{
                            String id = null;
                            if(soapBody.getBodyContentId() == null || "".equals(soapBody.getBodyContentId())){
                                id = fpContext.generateID();
                                soapBody.setBodyContentId(id);
                            }

                            SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
                            SOAPBody newBody =  new SOAPBody(smp,fpContext.getSOAPVersion());
                            newBody.setId(soapBody.getId());
                            secMessage.replaceBody(newBody);
                            targets.add(smp);
                        }
                    }
                } else{
                    //if QName is of the form "{NS-URI}" then this method throws
                    //illegalArgumentException with JDK 1.6
                    //QName name = QName.valueOf(targetValue);
                    QName name = null;
                    if (targetValue.endsWith("}")) {
                        String nsURI = targetValue.substring(1,targetValue.length() -1);
                        name = new QName(nsURI,"");
                    } else {
                        name = QName.valueOf(targetValue);
                    }
                    //boolean contentOnly = signatureTarget.getContentOnly();
                    Iterator headers = null;
                    if(name.getNamespaceURI().equals(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE) ||
                            name.getNamespaceURI().equals(MessageConstants.ADDRESSING_W3C_NAMESPACE)){
                        if(!"".equals(name.getLocalPart()))
                            headers = secMessage.getHeaders(name.getLocalPart(), null);
                        else{
                            headers = secMessage.getHeaders(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE);
                            if(!headers.hasNext())
                                headers = secMessage.getHeaders(MessageConstants.ADDRESSING_W3C_NAMESPACE);
                        }
                    } else {
                        if(!"".equals(name.getLocalPart()))
                            headers = secMessage.getHeaders(name.getLocalPart(), name.getNamespaceURI());
                        else
                            headers = secMessage.getHeaders(name.getNamespaceURI());
                    }

                    while(headers.hasNext()){
                        Object next = headers.next();
                        if(next instanceof SignedMessageHeader){
                            targets.add((SignedMessageHeader)next);
                        } else if(next instanceof SecurityHeaderElement){
                            SecurityHeaderElement she = (SecurityHeaderElement)next;
                            SignedMessageHeader smh = new SignedMessageHeader(she);
                            secMessage.replaceHeader(she, smh);
                            targets.add(smh);
                        } else if(next instanceof Header){
                            Header header = (Header)next;
                            SignedMessageHeader smh = toSignedMessageHeader(header, fpContext);
                            secMessage.replaceHeader(header, smh);
                            targets.add(smh);
                        }
                    }

                    SecurityHeader sh = fpContext.getSecurityHeader();
                    headers = sh.getHeaders(name.getLocalPart(), name.getNamespaceURI());
                    while(headers.hasNext()){
                        SecurityHeaderElement she = (SecurityHeaderElement) headers.next();
                        if(she instanceof SignedMessageHeader){
                            targets.add((SignedMessageHeader)she);
                        } else{
                            if(she.getId() == null){
                                she.setId(fpContext.generateID());
                            }
                            SignedMessageHeader smh = new SignedMessageHeader(she);
                            targets.add(smh);
                        }
                    }
                }

                if(targets.size() <= 0){
                    if(signatureTarget.getEnforce()){
                        throw new XWSSecurityException("SignatureTarget with URI "+signatureTarget.getValue()+
                                " is not in the message");
                    } else
                        continue;
                }

                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINEST, "Number of nodes "+ targets.size());
                    logger.log(Level.FINEST, "+++++++++++++++END+++++++++++++++");
                }

                HashMap elementCache = null;
                if(fpContext != null ){
                    elementCache = fpContext.getElementCache();
                }

                for(int i = 0; i < targets.size(); i++){
                    SignedMessagePart targetRef = targets.get(i);
                    ArrayList clonedTransformList = (ArrayList)transformList.clone();
                    if (exclTransformToBeAdded) {
                        // exc-14-n must be one of the last transforms under ReferenceList by default.
                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                        ((NamespaceContextEx)fpContext.getNamespaceContext()).addExc14NS();
                        ExcC14NParameterSpec spec = null;
                        if(!fpContext.getDisableIncPrefix()){
                            ArrayList list = new ArrayList();
                            /*list.add("wsu");list.add("wsse");*/ list.add("S");
                            spec = new ExcC14NParameterSpec(list); //TO BE SET
                        }
                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                        // Commenting this - content is now set directly in com.sun.xml.ws.security.opt.crypto.dsig.Transform
                        // class
//                        if(!fpContext.getDisableIncPrefix()){
//                            List contentList = setInclusiveNamespaces(spec);
//                            ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setContent(contentList);
//                        }
                        clonedTransformList.add(transform);
                    }

                    String id = targetRef.getId();
                    if (id == null || id.equals("")) {
                        id = fpContext.generateID();
                        if(!verify){
                            targetRef.setId(id);
                        } else{
                            //add to context. dont modify the message.
                            elementCache.put(id, targetRef);
                        }
                    }

                    if(logger.isLoggable(Level.FINEST))
                        logger.log(Level.FINEST, "SignedInfo val id "+id);

                    targetURI = "#"+id;

                    Reference reference = null;
                    reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
                    references.add(reference);
                }
                continue;
            } else if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureType)){
                targetURI = signatureTarget.getValue();

                if(targetURI == null){
                    targetURI="";
                }
                QName policyName = signatureTarget.getPolicyQName();
                if(policyName != null && policyName == MessageConstants.SCT_NAME){
                    String _uri = targetURI;
                    if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
                        _uri = targetURI.substring(1);
                    }
                    com.sun.xml.ws.security.IssuedTokenContext ictx  = fpContext.getIssuedTokenContext(_uri);
                    com.sun.xml.ws.security.SecurityContextToken sct1 =(com.sun.xml.ws.security.SecurityContextToken)ictx.getSecurityToken();
                    targetURI = sct1.getWsuId();
                }
                if(MessageConstants.PROCESS_ALL_ATTACHMENTS.equals(targetURI)){
                    AttachmentSet as = secMessage.getAttachments();
                    if(as != null && as.isEmpty()){
                        logger.log(Level.WARNING, LogStringsMessages.WSS_1766_NO_ATTACHMENT_PARTS_TOBE_SECURED());
                        continue;
                    }
                    for(Attachment attachment : as){
                        String cid = "cid:" + attachment.getContentId();

                        Reference reference = signatureFactory.newReference(cid, digestMethod, transformList, null, null);
                        references.add(reference);
                    }
                    continue;
                } else{
                    if (exclTransformToBeAdded) {
                        String _uri = targetURI;
                        if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
                            _uri = targetURI.substring(1);
                        }
                        Object reqdPart = getPartFromId(fpContext, _uri);
                        if(reqdPart != null){
                            String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                            ExcC14NParameterSpec spec = null;
                            if(!fpContext.getDisableIncPrefix()){
                                ArrayList list = new ArrayList();
                                list.add("wsu");list.add("wsse"); list.add("S");
                                spec = new ExcC14NParameterSpec(list);
                            }
                            Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                            // Commenting this - content is now set directly in com.sun.xml.ws.security.opt.crypto.dsig.Transform
                            // class
//                            if(!fpContext.getDisableIncPrefix()){
//                                List contentList = setInclusiveNamespaces(spec);
//                                ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setContent(contentList);

                    for (int j=0; i.hasNext(); j++) {
                        Reference reference = (Reference) i.next();

                        Iterator t = reference.getTransforms().iterator();
                        for (int index=0; t.hasNext(); index++) {
                            Transform transform = (Transform) t.next();
                            if (Transform.ENVELOPED.equals(transform.getAlgorithm())) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1336_ILLEGAL_ENVELOPEDSIGNATURE());
                                throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
                            }
                            if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equals(transform.getAlgorithm())) {
                                //check the inclusiveprefix list is not empty
                                if (transform.getParameterSpec()!=null) {
                                    ExcC14NParameterSpec spec = (ExcC14NParameterSpec)transform.getParameterSpec();
                                    if (spec.getPrefixList().isEmpty())
                                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1337_INVALID_EMPTYPREFIXLIST());
                                        throw new XWSSecurityException("Prefix List cannot be empty: violation of BSP 5407");
                                }
                            }

            throw new XWSSecurityException("Receiver Requirements for the transforms are not met");
            //return false;
        }else{
            int i=0;
            while(i< tList1.size()){
                Transform tr1 = (Transform)tList1.get(i);
                Transform tr2 = (Transform)tList2.get(i);

                String alg1 = tr1.getAlgorithm();
                String alg2 = tr2.getAlgorithm();
                i++;
                if(alg1 == alg2 || (alg1 != null && alg1.equals(alg2))){
                    continue;
                }else{
                    logger.log(Level.SEVERE,LogStringsMessages.WSS_1342_ILLEGAL_UNMATCHED_TRANSFORMS());

            return inputData;
        }
        List transformList = reference.getTransforms();
        Iterator itr = transformList.iterator();
        while(itr.hasNext()){
            Transform transform = (Transform)itr.next();
            inputData = getData(transform,inputData,context);
        }
        return inputData;
    }