<ds:SignedInfo> elements This SignedInfo element includes the canonicalization algorithm, a signature algorithm, and one or more references
@author Christian Geuer-Pollmann
//
// Now dig into the Signature element to get the elements that
// this Signature covers. Build the QName of these Elements and
// return them to caller
//
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, null, null, e3
);
}
String uri = siRef.getURI();
if (uri != null && !"".equals(uri)) {
Element se = null;
try {
Transforms transforms = siRef.getTransforms();
for (int j = 0; j < transforms.getLength(); j++) {
Transform transform = transforms.item(j);
// We have some transforming to do before we can
// determine the protected element.
if (STRTransform.implementedTransformURI
.equals(transform.getURI())) {
XMLSignatureInput signatureInput =
siRef.getContentsBeforeTransformation();
if (signatureInput.isElement()) {
// The signature was already validated,
// meaning that this element was already
// parsed. We can therefore be pretty
// confident that this constructor will work.
SecurityTokenReference secTokenRef =
new SecurityTokenReference(
(Element) signatureInput.getSubNode());
// Use the utility to extract the element (or
// generate a new one in some cases) from the
// message.
se = STRTransformUtil.dereferenceSTR(
transform.getDocument(),
secTokenRef, wsDocInfo);
} else {
// The internal impl of Reference changed.
// We expect it to return the signature input
// based on a node/element.
throw new WSSecurityException(
WSSecurityException.FAILURE);
}
}
}
}
catch (XMLSecurityException e) {
log.warn("Error processing signature coverage elements.", e);
throw new WSSecurityException(WSSecurityException.FAILURE);
}
if (se == null) {
se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
}
if (se == null) {
se = WSSecurityUtil.getElementByGenId(elem.getOwnerDocument(), uri);
}
if (se == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
WSDataRef ref = new WSDataRef(uri);
ref.setWsuId(uri);
ref.setName(new QName(se.getNamespaceURI(), se.getLocalName()));
ref.setProtectedElement(se);
ref.setXpath(ReferenceListProcessor.getXPath(se));
ref.setAlgorithm(si.getSignatureMethodURI());
ref.setDigestAlgorithm(siRef.getMessageDigestAlgorithm().getAlgorithmURI());
protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
// This is the case where the signed element is identified
// by a transform such as XPath filtering
// We add the complete reference element to the return
// elements
returnElements.add(siRef);
}
}
// Algorithms used for signature and c14n
signatureMethod = si.getSignatureMethodURI();
c14nMethod = si.getCanonicalizationMethodURI();
if (certs != null) {
returnCert[0] = certs[0];
if (validateCertificateChain) {
certificates = certs;
try {
log.debug("Constructing Apache XMLSignature object");
XMLSignature xmlSignature = new XMLSignature(signatureElement, "");
SignedInfo signedInfo = xmlSignature.getSignedInfo();
log.debug("Adding canonicalization and signing algorithms, and HMAC output length to Signature");
signature.setCanonicalizationAlgorithm(signedInfo.getCanonicalizationMethodURI());
signature.setSignatureAlgorithm(signedInfo.getSignatureMethodURI());
signature.setHMACOutputLength(getHMACOutputLengthValue(signedInfo.getSignatureMethodElement()));
org.apache.xml.security.keys.KeyInfo xmlSecKeyInfo = xmlSignature.getKeyInfo();
if (xmlSecKeyInfo != null) {
log.debug("Adding KeyInfo to Signature");
Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(
//
// Now dig into the Signature element to get the elements that
// this Signature covers. Build the QName of these Elements and
// return them to caller
//
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, null, null, e3
);
}
String uri = siRef.getURI();
if (uri != null && !"".equals(uri)) {
Element se = null;
try {
Transforms transforms = siRef.getTransforms();
for (int j = 0; j < transforms.getLength(); j++) {
Transform transform = transforms.item(j);
// We have some transforming to do before we can
// determine the protected element.
if (STRTransform.implementedTransformURI
.equals(transform.getURI())) {
XMLSignatureInput signatureInput =
siRef.getContentsBeforeTransformation();
if (signatureInput.isElement()) {
// The signature was already validated,
// meaning that this element was already
// parsed. We can therefore be pretty
// confident that this constructor will work.
SecurityTokenReference secTokenRef =
new SecurityTokenReference(
(Element) signatureInput.getSubNode());
// Use the utility to extract the element (or
// generate a new one in some cases) from the
// message.
se = STRTransformUtil.dereferenceSTR(
transform.getDocument(),
secTokenRef, wsDocInfo);
} else {
// The internal impl of Reference changed.
// We expect it to return the signature input
// based on a node/element.
throw new WSSecurityException(
WSSecurityException.FAILURE);
}
}
}
}
catch (XMLSecurityException e) {
log.warn("Error processing signature coverage elements.", e);
throw new WSSecurityException(WSSecurityException.FAILURE);
}
if (se == null) {
se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
}
if (se == null) {
se = WSSecurityUtil.getElementByGenId(elem.getOwnerDocument(), uri);
}
if (se == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
WSDataRef ref = new WSDataRef(uri);
ref.setWsuId(uri);
ref.setName(new QName(se.getNamespaceURI(), se.getLocalName()));
ref.setProtectedElement(se);
ref.setXpath(ReferenceListProcessor.getXPath(se));
ref.setAlgorithm(si.getSignatureMethodURI());
ref.setDigestAlgorithm(siRef.getMessageDigestAlgorithm().getAlgorithmURI());
protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
// This is the case where the signed element is identified
// by a transform such as XPath filtering
// We add the complete reference element to the return
// elements
returnElements.add(siRef);
}
}
// Algorithms used for signature and c14n
signatureMethod = si.getSignatureMethodURI();
c14nMethod = si.getCanonicalizationMethodURI();
if (certs != null) {
returnCert[0] = certs[0];
if (validateCertificateChain) {
certificates = certs;
return result;
}
private void checkReferences(XMLSignature xmlSignature) throws Exception {
SignedInfo signedInfo = xmlSignature.getSignedInfo();
assertTrue(signedInfo.getLength() > 0);
for (int i = 0; i < signedInfo.getLength(); i++) {
Reference reference = signedInfo.item(i);
assertNotNull(reference);
ReferenceData referenceData = reference.getReferenceData();
assertNotNull(referenceData);
if (referenceData instanceof ReferenceNodeSetData) {
PublicKey pubKey = getPublicKey();
assertTrue(signature.checkSignatureValue(pubKey));
// Check the reference(s)
SignedInfo signedInfo = signature.getSignedInfo();
assertTrue(signedInfo.getLength() == 1);
Reference reference = signedInfo.item(0);
ReferenceData referenceData = reference.getReferenceData();
assertNotNull(referenceData);
assertTrue(referenceData instanceof ReferenceNodeSetData);
// Test the cached Element
/*
* Now dig into the Signature element to get the elements that
* this Signature covers. Build the QName of these Elements and
* return them to caller
*/
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK);
}
String uri = siRef.getURI();
Reference ref = null;
try {
XMLSignature signature = new XMLSignature(signatureElement, "", true);
if (sigProps != null) {
SignedInfo sInfo = signature.getSignedInfo();
if (sigProps.getSignatureAlgo() != null
&& !sigProps.getSignatureAlgo().equals(sInfo.getSignatureMethodURI())) {
throwFault("Signature Algorithm is not supported", null);
}
if (sigProps.getSignatureC14Method() != null
&& !sigProps.getSignatureC14Method().equals(sInfo.getCanonicalizationMethodURI())) {
throwFault("Signature Algorithm is not supported", null);
}
}
ref = getReference(signature);
//
// Now dig into the Signature element to get the elements that
// this Signature covers. Build the QName of these Elements and
// return them to caller
//
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, null, null, e3
);
}
String uri = siRef.getURI();
if (uri != null && !"".equals(uri)) {
Element se = null;
try {
Transforms transforms = siRef.getTransforms();
for (int j = 0; j < transforms.getLength(); j++) {
Transform transform = transforms.item(j);
// We have some transforming to do before we can
// determine the protected element.
if (STRTransform.implementedTransformURI
.equals(transform.getURI())) {
XMLSignatureInput signatureInput =
siRef.getContentsBeforeTransformation();
if (signatureInput.isElement()) {
// The signature was already validated,
// meaning that this element was already
// parsed. We can therefore be pretty
// confident that this constructor will work.
SecurityTokenReference secTokenRef =
new SecurityTokenReference(
(Element) signatureInput.getSubNode());
// Use the utility to extract the element (or
// generate a new one in some cases) from the
// message.
se = STRTransformUtil.dereferenceSTR(
transform.getDocument(),
secTokenRef, wsDocInfo);
} else {
// The internal impl of Reference changed.
// We expect it to return the signature input
// based on a node/element.
throw new WSSecurityException(
WSSecurityException.FAILURE);
}
}
}
}
catch (XMLSecurityException e) {
log.warn("Error processing signature coverage elements.", e);
throw new WSSecurityException(WSSecurityException.FAILURE);
}
if (se == null) {
se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
}
if (se == null) {
se = WSSecurityUtil.getElementByGenId(elem.getOwnerDocument(), uri);
}
if (se == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
WSDataRef ref = new WSDataRef(uri);
ref.setWsuId(uri);
ref.setName(new QName(se.getNamespaceURI(), se.getLocalName()));
ref.setProtectedElement(se);
ref.setXpath(ReferenceListProcessor.getXPath(se));
ref.setAlgorithm(si.getSignatureMethodURI());
ref.setDigestAlgorithm(siRef.getMessageDigestAlgorithm().getAlgorithmURI());
protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
// This is the case where the signed element is identified
// by a transform such as XPath filtering
// We add the complete reference element to the return
// elements
returnElements.add(siRef);
}
}
// Algorithms used for signature and c14n
signatureMethod = si.getSignatureMethodURI();
c14nMethod = si.getCanonicalizationMethodURI();
if (certs != null) {
returnCert[0] = certs[0];
return certs[0].getSubjectX500Principal();
} else if (publicKey != null) {
/*
* Now dig into the Signature element to get the elements that
* this Signature covers. Build the QName of these Elements and
* return them to caller
*/
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
Vector qvec = new Vector(numReferences);
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK);
}
String uri = siRef.getURI();
PublicKey pubKey = getPublicKey();
assertTrue(signature.checkSignatureValue(pubKey));
// Check the reference(s)
SignedInfo signedInfo = signature.getSignedInfo();
assertTrue(signedInfo.getLength() == 1);
Reference reference = signedInfo.item(0);
ReferenceData referenceData = reference.getReferenceData();
assertNotNull(referenceData);
assertTrue(referenceData instanceof ReferenceNodeSetData);
// Test the cached Element
Related Classes of org.apache.xml.security.signature.SignedInfo
Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.