All Downloads are FREE. Search and download functionalities are using the official Maven repository.
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
org.apache.xml.security.stax.impl.processor.output.AbstractSignatureOutputProcessor Maven / Gradle / Ivy
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.xml.security.stax.impl.processor.output;
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.config.ResourceResolverMapper;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.transformer.TransformIdentity;
import org.apache.xml.security.stax.impl.util.DigestOutputStream;
import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.*;
/**
* @author $Author: coheigea $
* @version $Revision: 1707268 $ $Date: 2015-10-07 12:56:24 +0100 (Wed, 07 Oct 2015) $
*/
public abstract class AbstractSignatureOutputProcessor extends AbstractOutputProcessor {
private static final transient Logger log = LoggerFactory.getLogger(AbstractSignatureOutputProcessor.class);
private final List signaturePartDefList = new ArrayList();
private InternalSignatureOutputProcessor activeInternalSignatureOutputProcessor = null;
public AbstractSignatureOutputProcessor() throws XMLSecurityException {
super();
}
public List getSignaturePartDefList() {
return signaturePartDefList;
}
@Override
public abstract void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException;
@Override
public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
doFinalInternal(outputProcessorChain);
super.doFinal(outputProcessorChain);
}
protected void doFinalInternal(OutputProcessorChain outputProcessorChain) throws XMLSecurityException, XMLStreamException {
Map dynamicSecureParts =
outputProcessorChain.getSecurityContext().getAsMap(XMLSecurityConstants.SIGNATURE_PARTS);
if (dynamicSecureParts != null) {
Iterator> securePartsMapIterator = dynamicSecureParts.entrySet().iterator();
while (securePartsMapIterator.hasNext()) {
Map.Entry securePartEntry = securePartsMapIterator.next();
final SecurePart securePart = securePartEntry.getValue();
if (securePart.getExternalReference() != null) {
digestExternalReference(outputProcessorChain, securePart);
}
}
}
verifySignatureParts(outputProcessorChain);
}
protected void digestExternalReference(
OutputProcessorChain outputProcessorChain, SecurePart securePart)
throws XMLSecurityException, XMLStreamException {
final String externalReference = securePart.getExternalReference();
ResourceResolver resourceResolver =
ResourceResolverMapper.getResourceResolver(
externalReference, outputProcessorChain.getDocumentContext().getBaseURI());
String digestAlgo = securePart.getDigestMethod();
if (digestAlgo == null) {
digestAlgo = getSecurityProperties().getSignatureDigestAlgorithm();
}
DigestOutputStream digestOutputStream = createMessageDigestOutputStream(digestAlgo);
InputStream inputStream = resourceResolver.getInputStreamFromExternalReference();
SignaturePartDef signaturePartDef = new SignaturePartDef();
signaturePartDef.setSecurePart(securePart);
signaturePartDef.setSigRefId(externalReference);
signaturePartDef.setExternalResource(true);
signaturePartDef.setTransforms(securePart.getTransforms());
signaturePartDef.setDigestAlgo(digestAlgo);
try {
if (securePart.getTransforms() != null) {
signaturePartDef.setExcludeVisibleC14Nprefixes(true);
Transformer transformer = buildTransformerChain(digestOutputStream, signaturePartDef, null);
transformer.transform(inputStream);
transformer.doFinal();
} else {
XMLSecurityUtils.copy(inputStream, digestOutputStream);
}
digestOutputStream.close();
} catch (IOException e) {
throw new XMLSecurityException(e);
}
String calculatedDigest = new String(Base64.encodeBase64(digestOutputStream.getDigestValue()));
if (log.isDebugEnabled()) {
log.debug("Calculated Digest: " + calculatedDigest);
}
signaturePartDef.setDigestValue(calculatedDigest);
getSignaturePartDefList().add(signaturePartDef);
}
protected void verifySignatureParts(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
List signaturePartDefs = getSignaturePartDefList();
Map dynamicSecureParts = outputProcessorChain.getSecurityContext().getAsMap(XMLSecurityConstants.SIGNATURE_PARTS);
if (dynamicSecureParts != null) {
Iterator> securePartsMapIterator = dynamicSecureParts.entrySet().iterator();
loop:
while (securePartsMapIterator.hasNext()) {
Map.Entry securePartEntry = securePartsMapIterator.next();
final SecurePart securePart = securePartEntry.getValue();
if (securePart.isRequired()) {
for (int i = 0; i < signaturePartDefs.size(); i++) {
SignaturePartDef signaturePartDef = signaturePartDefs.get(i);
if (signaturePartDef.getSecurePart() == securePart) {
continue loop;
}
}
throw new XMLSecurityException("stax.signature.securePartNotFound",
new Object[] {securePart.getName()});
}
}
}
}
protected InternalSignatureOutputProcessor getActiveInternalSignatureOutputProcessor() {
return activeInternalSignatureOutputProcessor;
}
protected void setActiveInternalSignatureOutputProcessor(
InternalSignatureOutputProcessor activeInternalSignatureOutputProcessor) {
this.activeInternalSignatureOutputProcessor = activeInternalSignatureOutputProcessor;
}
protected DigestOutputStream createMessageDigestOutputStream(String digestAlgorithm)
throws XMLSecurityException {
String jceName = JCEAlgorithmMapper.translateURItoJCEID(digestAlgorithm);
String jceProvider = JCEAlgorithmMapper.getJCEProviderFromURI(digestAlgorithm);
if (jceName == null) {
throw new XMLSecurityException("algorithms.NoSuchMap",
new Object[] {digestAlgorithm});
}
MessageDigest messageDigest;
try {
if (jceProvider != null) {
messageDigest = MessageDigest.getInstance(jceName, jceProvider);
} else {
messageDigest = MessageDigest.getInstance(jceName);
}
} catch (NoSuchAlgorithmException e) {
throw new XMLSecurityException(e);
} catch (NoSuchProviderException e) {
throw new XMLSecurityException(e);
}
return new DigestOutputStream(messageDigest);
}
protected Transformer buildTransformerChain(OutputStream outputStream,
SignaturePartDef signaturePartDef,
XMLSecStartElement xmlSecStartElement)
throws XMLSecurityException {
String[] transforms = signaturePartDef.getTransforms();
if (transforms == null || transforms.length == 0) {
Transformer transformer = new TransformIdentity();
transformer.setOutputStream(outputStream);
return transformer;
}
Transformer parentTransformer = null;
for (int i = transforms.length - 1; i >= 0; i--) {
String transform = transforms[i];
Map transformerProperties = null;
if (getSecurityProperties().isAddExcC14NInclusivePrefixes() &&
XMLSecurityConstants.NS_C14N_EXCL_OMIT_COMMENTS.equals(transform)) {
Set prefixSet = XMLSecurityUtils.getExcC14NInclusiveNamespacePrefixes(
xmlSecStartElement, signaturePartDef.isExcludeVisibleC14Nprefixes()
);
StringBuilder prefixes = new StringBuilder();
for (Iterator iterator = prefixSet.iterator(); iterator.hasNext(); ) {
String prefix = iterator.next();
if (prefixes.length() != 0) {
prefixes.append(" ");
}
prefixes.append(prefix);
}
signaturePartDef.setInclusiveNamespacesPrefixes(prefixes.toString());
List inclusiveNamespacePrefixes = new ArrayList(prefixSet);
transformerProperties = new HashMap();
transformerProperties.put(
Canonicalizer20010315_Excl.INCLUSIVE_NAMESPACES_PREFIX_LIST, inclusiveNamespacePrefixes);
}
if (parentTransformer != null) {
parentTransformer = XMLSecurityUtils.getTransformer(
parentTransformer, null, transformerProperties, transform, XMLSecurityConstants.DIRECTION.OUT);
} else {
parentTransformer = XMLSecurityUtils.getTransformer(
null, outputStream, transformerProperties, transform, XMLSecurityConstants.DIRECTION.OUT);
}
}
return parentTransformer;
}
public class InternalSignatureOutputProcessor extends AbstractOutputProcessor {
private SignaturePartDef signaturePartDef;
private XMLSecStartElement xmlSecStartElement;
private int elementCounter = 0;
private OutputStream bufferedDigestOutputStream;
private DigestOutputStream digestOutputStream;
private Transformer transformer;
public InternalSignatureOutputProcessor(SignaturePartDef signaturePartDef, XMLSecStartElement xmlSecStartElement)
throws XMLSecurityException {
super();
this.addBeforeProcessor(InternalSignatureOutputProcessor.class.getName());
this.signaturePartDef = signaturePartDef;
this.xmlSecStartElement = xmlSecStartElement;
}
@Override
public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
this.digestOutputStream = createMessageDigestOutputStream(signaturePartDef.getDigestAlgo());
this.bufferedDigestOutputStream = new UnsynchronizedBufferedOutputStream(digestOutputStream);
this.transformer = buildTransformerChain(this.bufferedDigestOutputStream, signaturePartDef, xmlSecStartElement);
super.init(outputProcessorChain);
}
@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
transformer.transform(xmlSecEvent);
switch (xmlSecEvent.getEventType()) {
case XMLStreamConstants.START_ELEMENT:
elementCounter++;
break;
case XMLStreamConstants.END_ELEMENT:
elementCounter--;
if (elementCounter == 0 &&
xmlSecEvent.asEndElement().getName().equals(this.xmlSecStartElement.getName())) {
transformer.doFinal();
try {
bufferedDigestOutputStream.close();
} catch (IOException e) {
throw new XMLSecurityException(e);
}
String calculatedDigest = new String(Base64.encodeBase64(this.digestOutputStream.getDigestValue()));
if (log.isDebugEnabled()) {
log.debug("Calculated Digest: " + calculatedDigest);
}
signaturePartDef.setDigestValue(calculatedDigest);
outputProcessorChain.removeProcessor(this);
//from now on signature is possible again
setActiveInternalSignatureOutputProcessor(null);
}
break;
}
outputProcessorChain.processEvent(xmlSecEvent);
}
}
}
