• Home
• org.glassfish.metro
• webservices-osgi
• 3.0.3
• source code
• Signature.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.sun.xml.ws.security.opt.impl.incoming.Signature Maven / Gradle / Ivy

/*
 * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0, which is available at
 * http://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

package com.sun.xml.ws.security.opt.impl.incoming;

import org.apache.xml.security.exceptions.Base64DecodingException;
import com.sun.xml.stream.buffer.MutableXMLStreamBuffer;
import com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator;
import com.sun.xml.ws.encoding.TagInfoset;
import com.sun.xml.ws.security.opt.api.NamespaceContextInfo;
import com.sun.xml.ws.security.opt.api.PolicyBuilder;
import com.sun.xml.ws.security.opt.api.SecurityElementWriter;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.crypto.dsig.SignatureValue;
import com.sun.xml.ws.security.opt.crypto.dsig.SignedInfo;
import com.sun.xml.ws.security.opt.crypto.dsig.internal.DigesterOutputStream;
import com.sun.xml.ws.security.opt.crypto.jaxb.JAXBValidateContext;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor;
import com.sun.xml.ws.security.opt.impl.incoming.processor.SignedInfoProcessor;
import com.sun.xml.ws.security.opt.impl.util.StreamUtil;
import com.sun.xml.ws.security.opt.impl.util.XMLStreamReaderFactory;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.Key;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.xml.crypto.KeySelector.Purpose;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignatureException;

import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.jvnet.staxex.Base64Data;
import org.jvnet.staxex.XMLStreamReaderEx;
import com.sun.xml.wss.impl.c14n.StAXEXC14nCanonicalizerImpl;

import java.security.MessageDigest;

import com.sun.xml.ws.security.opt.impl.incoming.processor.StreamingPayLoadDigester;
import com.sun.xml.ws.security.opt.impl.util.SOAPUtil;
import java.security.NoSuchAlgorithmException;
import javax.xml.crypto.dsig.Transform;
import com.sun.xml.ws.security.opt.impl.dsig.ExcC14NParameterSpec;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import java.util.logging.Logger;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.impl.opt.signature.LogStringsMessages;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
/**
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 *
 */


/**
 *
 * @author [email protected]
 */
public class Signature implements SecurityHeaderElement,NamespaceContextInfo, SecurityElementWriter, PolicyBuilder{
    
    private static final Logger logger = Logger.getLogger(LogDomainConstants.IMPL_OPT_SIGNATURE_DOMAIN,
            LogDomainConstants.IMPL_OPT_SIGNATURE_DOMAIN_BUNDLE);
    
    public static final int SIGNEDINFO_EVENT = 1;
    public static final int SIGNATUREVALUE_EVENT = 2;
    public static final int KEYINFO_EVENT = 3;
    public static final int OBJECT_EVENT = 4;
    
    public static final String SIGNED_INFO = "SignedInfo";
    public static final String SIGNATURE_VALUE = "SignatureValue";
    public static final String KEYINFO = "KeyInfo";
    public static final String OBJECT = "Object";
    
    private SignaturePolicy signPolicy = null;
    
    private HashMap currentParentNS = new HashMap();
    private JAXBFilterProcessingContext context;
    private StreamReaderBufferCreator creator = null;
    private SecurityContext securityContext = null;
    private String id ="";
    private SignedInfoProcessor sip = null;
    private XMLStreamWriter canonWriter = null;
    private com.sun.xml.ws.security.opt.crypto.dsig.Signature sig = null;
    private JAXBValidateContext jvc = new JAXBValidateContext();
    private SignedInfo si = null;
    private boolean validationStatus = false;
    private MutableXMLStreamBuffer buffer = null;
    private boolean cacheSignature = false;
    private boolean storeSigConfirmValue = true;
    
    //private JAXBSignatureFactory signatureFactory = null;
    
    /** Creates a new instance of SignatureProcessor */
    
    public Signature(JAXBFilterProcessingContext jpc,Map namespaceList,StreamReaderBufferCreator sbc) {
        this.currentParentNS.putAll(namespaceList);
        this.creator = sbc;
        this.securityContext = jpc.getSecurityContext();
        this.context = jpc;
        cacheSignature = true;
        signPolicy = new SignaturePolicy();
        signPolicy.setFeatureBinding(new SignaturePolicy.FeatureBinding());
        //signatureFactory = JAXBSignatureFactory.newInstance();
    }
    
    public Signature(JAXBFilterProcessingContext jpc,Map namespaceList,StreamReaderBufferCreator sbc,boolean cacheSig) {
        this.currentParentNS.putAll(namespaceList);
        this.creator = sbc;
        this.securityContext = jpc.getSecurityContext();
        this.context = jpc;
        cacheSignature = cacheSig;
        signPolicy = new SignaturePolicy();
        signPolicy.setFeatureBinding(new SignaturePolicy.FeatureBinding());
    }
    @SuppressWarnings("unchecked")
    public void process(XMLStreamReader signature) throws XWSSecurityException{
        try {
            XMLStreamReader reader = null;
            //by default buffer now , enable buffering using policy
            buffer = new MutableXMLStreamBuffer();//resuse pick from pool
            buffer.createFromXMLStreamReader(signature);
            reader =  buffer.readAsXMLStreamReader();
            reader.next();
            byte [] signatureValue = null;
            TagInfoset signatureRoot = new TagInfoset(reader);
            for(int i=0; i< reader.getNamespaceCount();i++){
                String prefix = reader.getNamespacePrefix(i);
                String uri = reader.getNamespaceURI(i);
                if(prefix == null){
                    prefix = "";
                }
                currentParentNS.put(prefix,uri);
            }
            this.context.setCurrentBuffer(buffer);
            Key key = null;
            id = reader.getAttributeValue(null,"Id");
            if(id == null || id.length() == 0){
                id = "pvid"+context.generateID();// need an Id for policy verification.
                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINEST, LogStringsMessages.WSS_1755_MISSINGID_INCOMING_SIGNATURE(id));
                }
            }
            // policy creation
            signPolicy.setUUID(id);
            
            if(StreamUtil.moveToNextElement(reader)){
                int refElement = getEventType(reader);
                while(reader.getEventType() != reader.END_DOCUMENT){
                    switch(refElement){
                    case SIGNEDINFO_EVENT :{
                        sip = new SignedInfoProcessor(signatureRoot,currentParentNS,reader,context, signPolicy,buffer);
                        si = (SignedInfo) sip.process();
                        canonWriter = sip.getCanonicalizer();
                        break;
                    }
                    case SIGNATUREVALUE_EVENT :{
                        if(canonWriter == null){
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1707_ERROR_PROCESSING_SIGNEDINFO(id));
                            throw new XWSSecurityException("Elements under Signature are not as per defined schema"+
                                    " or error must have occurred while processing SignedInfo for Signature with ID"+id);
                        }
                        StreamUtil.writeCurrentEvent(reader,canonWriter);
                        
                        if(reader instanceof XMLStreamReaderEx){
                            reader.next();
                            StringBuffer sb = null;
                            while(reader.getEventType() == reader.CHARACTERS && reader.getEventType() != reader.END_ELEMENT){
                                CharSequence charSeq = ((XMLStreamReaderEx)reader).getPCDATA();
                                if(charSeq instanceof Base64Data){
                                    Base64Data bd = (Base64Data) ((XMLStreamReaderEx)reader).getPCDATA();
                                    signatureValue = bd.getExact();
                                    canonWriter.writeCharacters(Base64.encode(signatureValue));
                                } else{
                                    if(sb == null){
                                        sb = new StringBuffer();
                                    }
                                    for(int i=0;i refList = sip.getReferenceList();
        com.sun.xml.ws.security.opt.crypto.dsig.Reference ref = null;
        for(int i=0;i getReferences(){
        return sip.getReferenceList();
    }
    
    public boolean isValidated(){
        return validationStatus;
    }
    @SuppressWarnings("unchecked")
    public boolean isReady() throws XWSSecurityException{
        if(sip.getReferenceList().size() == 0){
            return true;
        }else{
            ArrayList refList =  (ArrayList) sip.getReferenceList().clone();
            for(int i=0;iparentNS,boolean payLoad)throws XWSSecurityException{
        
        MessageDigest  md = null;
        try {
            String algo = StreamUtil.convertDigestAlgorithm(ref.getDigestMethod().getAlgorithm());
            
            if(logger.isLoggable(Level.FINE)){
                logger.log(Level.FINE, "Digest Algorithm is "+  ref.getDigestMethod().getAlgorithm());
                logger.log(Level.FINE, "Mapped Digest Algorithm is "+ algo);
            }
            md = MessageDigest.getInstance(algo);
            
        } catch (NoSuchAlgorithmException nsae) {
            throw new XWSSecurityException(nsae);
        }
        
        DigesterOutputStream dos;
        dos = new DigesterOutputStream(md);
        // OutputStream os = new UnsyncBufferedOutputStream(dos);
        StAXEXC14nCanonicalizerImpl canonicalizer = new StAXEXC14nCanonicalizerImpl();
        canonicalizer.setBodyPrologue(bodyPrologue);
        canonicalizer.setBodyEpilogue(bodyEpilogue);
        //TODO:share canonicalizers .
        canonicalizer.setStream(dos);
        if(logger.isLoggable(Level.FINEST)){
            canonicalizer.setStream(new ByteArrayOutputStream());
        }
        List trList = ref.getTransforms();
        if(trList.size() >1){
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1714_UNSUPPORTED_TRANSFORM_ERROR());
            throw new XWSSecurityException("Only EXC14n Transform is supported");
        }
        Transform tr = (Transform) trList.get(0);
        
        ExcC14NParameterSpec spec = (ExcC14NParameterSpec)tr.getParameterSpec();
        if(spec != null){
            canonicalizer.setInclusivePrefixList(spec.getPrefixList());
        }
        if(parentNS != null && parentNS.size() >0){
            Iterator> itr = parentNS.entrySet().iterator();
            
            while(itr.hasNext()){
                Map.Entry entry = itr.next();
                String prefix = entry.getKey();
                try {
                    String uri = entry.getValue();
                    canonicalizer.writeNamespace(prefix,uri);
                } catch (XMLStreamException ex) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1715_ERROR_CANONICALIZING_BODY(), ex);
                }
            }
        }
        try {
            if(!payLoad){
                bodyTag.writeStart(canonicalizer);

                // the space characters between soap:Body and payload element must be preserved for payload signature!
                canonicalizer.setBodyPrologueTime(true);
            }
        } catch (XMLStreamException ex) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1715_ERROR_CANONICALIZING_BODY(), ex);
            throw new XWSSecurityException("Error occurred while canonicalizing BodyTag"+ex);
        }
        StreamingPayLoadDigester digester = new StreamingPayLoadDigester(ref,message,canonicalizer,payLoad);
        return XMLStreamReaderFactory.createFilteredXMLStreamReader(message,digester);
    }
    
    public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter, HashMap props) throws javax.xml.stream.XMLStreamException {
        throw new UnsupportedOperationException();
    }
    
    public HashMap getInscopeNSContext() {
        return currentParentNS;
    }
    
    public WSSPolicy getPolicy() {
        return signPolicy;
    }
}