1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /* 6 * Copyright 1999-2004 The Apache Software Foundation. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 */ 21 package com.sun.org.apache.xml.internal.security.signature; 22 23 import java.io.ByteArrayInputStream; 24 import java.io.IOException; 25 import java.io.OutputStream; 26 import javax.crypto.SecretKey; 27 import javax.crypto.spec.SecretKeySpec; 28 import javax.xml.XMLConstants; 29 import javax.xml.parsers.ParserConfigurationException; 30 31 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; 32 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; 33 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; 34 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException; 35 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; 36 import com.sun.org.apache.xml.internal.security.utils.Constants; 37 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 38 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces; 39 import org.w3c.dom.Document; 40 import org.w3c.dom.Element; 41 import org.w3c.dom.Node; 42 import org.xml.sax.SAXException; 43 44 /** 45 * Handles <code><ds:SignedInfo></code> elements 46 * This <code>SignedInfo<code> element includes the canonicalization algorithm, 47 * a signature algorithm, and one or more references. 48 * 49 * @author Christian Geuer-Pollmann 50 */ 51 public class SignedInfo extends Manifest { 52 53 /** Field _signatureAlgorithm */ 54 private SignatureAlgorithm _signatureAlgorithm = null; 55 56 /** Field _c14nizedBytes */ 57 private byte[] _c14nizedBytes = null; 58 59 private Element c14nMethod; 60 private Element signatureMethod; 61 62 /** 63 * Overwrites {@link Manifest#addDocument} because it creates another 64 * Element. 65 * 66 * @param doc the {@link Document} in which <code>XMLsignature</code> will 67 * be placed 68 * @throws XMLSecurityException 69 */ 70 public SignedInfo(Document doc) throws XMLSecurityException { 71 this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA, 72 Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); 73 } 74 75 /** 76 * Constructs {@link SignedInfo} using given Canonicalization algorithm and 77 * Signature algorithm. 78 * 79 * @param doc <code>SignedInfo</code> is placed in this document 80 * @param signatureMethodURI URI representation of the Digest and 81 * Signature algorithm 82 * @param canonicalizationMethodURI URI representation of the 83 * Canonicalization method 84 * @throws XMLSecurityException 85 */ 86 public SignedInfo(Document doc, String signatureMethodURI, 87 String canonicalizationMethodURI) 88 throws XMLSecurityException { 89 this(doc, signatureMethodURI, 0, canonicalizationMethodURI); 90 } 91 92 /** 93 * Constructor SignedInfo 94 * 95 * @param doc <code>SignedInfo</code> is placed in this document 96 * @param signatureMethodURI URI representation of the Digest and 97 * Signature algorithm 98 * @param hMACOutputLength 99 * @param canonicalizationMethodURI URI representation of the 100 * Canonicalization method 101 * @throws XMLSecurityException 102 */ 103 public SignedInfo(Document doc, String signatureMethodURI, 104 int hMACOutputLength, String canonicalizationMethodURI) 105 throws XMLSecurityException { 106 107 super(doc); 108 109 c14nMethod = XMLUtils.createElementInSignatureSpace(this._doc, 110 Constants._TAG_CANONICALIZATIONMETHOD); 111 112 c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, 113 canonicalizationMethodURI); 114 this._constructionElement.appendChild(c14nMethod); 115 XMLUtils.addReturnToElement(this._constructionElement); 116 117 if (hMACOutputLength > 0) { 118 this._signatureAlgorithm = new SignatureAlgorithm(this._doc, 119 signatureMethodURI, hMACOutputLength); 120 } else { 121 this._signatureAlgorithm = new SignatureAlgorithm(this._doc, 122 signatureMethodURI); 123 } 124 125 signatureMethod = this._signatureAlgorithm.getElement(); 126 this._constructionElement.appendChild(signatureMethod); 127 XMLUtils.addReturnToElement(this._constructionElement); 128 } 129 130 /** 131 * @param doc 132 * @param signatureMethodElem 133 * @param canonicalizationMethodElem 134 * @throws XMLSecurityException 135 */ 136 public SignedInfo(Document doc, Element signatureMethodElem, 137 Element canonicalizationMethodElem) throws XMLSecurityException { 138 139 super(doc); 140 // Check this? 141 this.c14nMethod = canonicalizationMethodElem; 142 this._constructionElement.appendChild(c14nMethod); 143 XMLUtils.addReturnToElement(this._constructionElement); 144 145 this._signatureAlgorithm = 146 new SignatureAlgorithm(signatureMethodElem, null); 147 148 signatureMethod = this._signatureAlgorithm.getElement(); 149 this._constructionElement.appendChild(signatureMethod); 150 151 XMLUtils.addReturnToElement(this._constructionElement); 152 } 153 154 /** 155 * Build a {@link SignedInfo} from an {@link Element} 156 * 157 * @param element <code>SignedInfo</code> 158 * @param baseURI the URI of the resource where the XML instance was stored 159 * @throws XMLSecurityException 160 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">Question</A> 161 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">Answer</A> 162 */ 163 public SignedInfo(Element element, String baseURI) 164 throws XMLSecurityException { 165 166 // Parse the Reference children and Id attribute in the Manifest 167 super(element, baseURI); 168 169 /* canonicalize ds:SignedInfo, reparse it into a new document 170 * and replace the original not-canonicalized ds:SignedInfo by 171 * the re-parsed canonicalized one. 172 */ 173 c14nMethod = XMLUtils.getNextElement(element.getFirstChild()); 174 String c14nMethodURI = this.getCanonicalizationMethodURI(); 175 if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) || 176 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) || 177 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) || 178 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS))) { 179 // the c14n is not a secure one and can rewrite the URIs or like 180 // that reparse the SignedInfo to be sure 181 try { 182 Canonicalizer c14nizer = 183 Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); 184 185 this._c14nizedBytes = 186 c14nizer.canonicalizeSubtree(this._constructionElement); 187 javax.xml.parsers.DocumentBuilderFactory dbf = 188 javax.xml.parsers.DocumentBuilderFactory.newInstance(); 189 dbf.setNamespaceAware(true); 190 dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 191 Boolean.TRUE); 192 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 193 Document newdoc = 194 db.parse(new ByteArrayInputStream(this._c14nizedBytes)); 195 Node imported = 196 this._doc.importNode(newdoc.getDocumentElement(), true); 197 198 this._constructionElement.getParentNode().replaceChild(imported, 199 this._constructionElement); 200 201 this._constructionElement = (Element) imported; 202 } catch (ParserConfigurationException ex) { 203 throw new XMLSecurityException("empty", ex); 204 } catch (IOException ex) { 205 throw new XMLSecurityException("empty", ex); 206 } catch (SAXException ex) { 207 throw new XMLSecurityException("empty", ex); 208 } 209 } 210 signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling()); 211 this._signatureAlgorithm = 212 new SignatureAlgorithm(signatureMethod, this.getBaseURI()); 213 } 214 215 /** 216 * Tests core validation process 217 * 218 * @return true if verification was successful 219 * @throws MissingResourceFailureException 220 * @throws XMLSecurityException 221 */ 222 public boolean verify() 223 throws MissingResourceFailureException, XMLSecurityException { 224 return super.verifyReferences(false); 225 } 226 227 /** 228 * Tests core validation process 229 * 230 * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too 231 * @return true if verification was successful 232 * @throws MissingResourceFailureException 233 * @throws XMLSecurityException 234 */ 235 public boolean verify(boolean followManifests) 236 throws MissingResourceFailureException, XMLSecurityException { 237 return super.verifyReferences(followManifests); 238 } 239 240 /** 241 * Returns getCanonicalizedOctetStream 242 * 243 * @return the canonicalization result octedt stream of <code>SignedInfo</code> element 244 * @throws CanonicalizationException 245 * @throws InvalidCanonicalizerException 246 * @throws XMLSecurityException 247 */ 248 public byte[] getCanonicalizedOctetStream() 249 throws CanonicalizationException, InvalidCanonicalizerException, 250 XMLSecurityException { 251 252 if ((this._c14nizedBytes == null) 253 /*&& (this._state == ElementProxy.MODE_SIGN)*/) { 254 Canonicalizer c14nizer = 255 Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); 256 257 this._c14nizedBytes = 258 c14nizer.canonicalizeSubtree(this._constructionElement); 259 } 260 261 // make defensive copy 262 byte[] output = new byte[this._c14nizedBytes.length]; 263 264 System.arraycopy(this._c14nizedBytes, 0, output, 0, output.length); 265 266 return output; 267 } 268 269 /** 270 * Output the C14n stream to the give outputstream. 271 * @param os 272 * @throws CanonicalizationException 273 * @throws InvalidCanonicalizerException 274 * @throws XMLSecurityException 275 */ 276 public void signInOctectStream(OutputStream os) 277 throws CanonicalizationException, InvalidCanonicalizerException, 278 XMLSecurityException { 279 280 if ((this._c14nizedBytes == null)) { 281 Canonicalizer c14nizer = 282 Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); 283 c14nizer.setWriter(os); 284 String inclusiveNamespaces = this.getInclusiveNamespaces(); 285 286 if(inclusiveNamespaces == null) 287 c14nizer.canonicalizeSubtree(this._constructionElement); 288 else 289 c14nizer.canonicalizeSubtree(this._constructionElement, inclusiveNamespaces); 290 } else { 291 try { 292 os.write(this._c14nizedBytes); 293 } catch (IOException e) { 294 throw new RuntimeException(""+e); 295 } 296 } 297 } 298 299 /** 300 * Returns the Canonicalization method URI 301 * 302 * @return the Canonicalization method URI 303 */ 304 public String getCanonicalizationMethodURI() { 305 306 307 return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); 308 } 309 310 /** 311 * Returns the Signature method URI 312 * 313 * @return the Signature method URI 314 */ 315 public String getSignatureMethodURI() { 316 317 Element signatureElement = this.getSignatureMethodElement(); 318 319 if (signatureElement != null) { 320 return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM); 321 } 322 323 return null; 324 } 325 326 /** 327 * Method getSignatureMethodElement 328 * @return gets The SignatureMethod Node. 329 * 330 */ 331 public Element getSignatureMethodElement() { 332 return signatureMethod; 333 } 334 335 /** 336 * Creates a SecretKey for the appropriate Mac algorithm based on a 337 * byte[] array password. 338 * 339 * @param secretKeyBytes 340 * @return the secret key for the SignedInfo element. 341 */ 342 public SecretKey createSecretKey(byte[] secretKeyBytes) 343 { 344 345 return new SecretKeySpec(secretKeyBytes, 346 this._signatureAlgorithm 347 .getJCEAlgorithmString()); 348 } 349 350 protected SignatureAlgorithm getSignatureAlgorithm() { 351 return _signatureAlgorithm; 352 } 353 /** 354 * Method getBaseLocalName 355 * @inheritDoc 356 * 357 */ 358 public String getBaseLocalName() { 359 return Constants._TAG_SIGNEDINFO; 360 } 361 362 public String getInclusiveNamespaces() { 363 364 365 366 String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); 367 if(!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || 368 c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) { 369 return null; 370 } 371 372 Element inclusiveElement = XMLUtils.getNextElement( 373 c14nMethod.getFirstChild()); 374 375 if(inclusiveElement != null) 376 { 377 try 378 { 379 String inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, 380 InclusiveNamespaces.ExclusiveCanonicalizationNamespace).getInclusiveNamespaces(); 381 return inclusiveNamespaces; 382 } 383 catch (XMLSecurityException e) 384 { 385 return null; 386 } 387 } 388 return null; 389 } 390 } | 1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 package com.sun.org.apache.xml.internal.security.signature; 24 25 import java.io.ByteArrayInputStream; 26 import java.io.IOException; 27 import java.io.OutputStream; 28 import javax.crypto.SecretKey; 29 import javax.crypto.spec.SecretKeySpec; 30 import javax.xml.XMLConstants; 31 import javax.xml.parsers.ParserConfigurationException; 32 33 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; 34 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; 35 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; 36 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException; 37 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; 38 import com.sun.org.apache.xml.internal.security.utils.Constants; 39 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 40 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces; 41 import org.w3c.dom.Document; 42 import org.w3c.dom.Element; 43 import org.w3c.dom.Node; 44 import org.xml.sax.SAXException; 45 46 /** 47 * Handles <code><ds:SignedInfo></code> elements 48 * This <code>SignedInfo<code> element includes the canonicalization algorithm, 49 * a signature algorithm, and one or more references. 50 * 51 * @author Christian Geuer-Pollmann 52 */ 53 public class SignedInfo extends Manifest { 54 55 /** Field signatureAlgorithm */ 56 private SignatureAlgorithm signatureAlgorithm = null; 57 58 /** Field c14nizedBytes */ 59 private byte[] c14nizedBytes = null; 60 61 private Element c14nMethod; 62 private Element signatureMethod; 63 64 /** 65 * Overwrites {@link Manifest#addDocument} because it creates another 66 * Element. 67 * 68 * @param doc the {@link Document} in which <code>XMLsignature</code> will 69 * be placed 70 * @throws XMLSecurityException 71 */ 72 public SignedInfo(Document doc) throws XMLSecurityException { 73 this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA, 74 Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); 75 } 76 77 /** 78 * Constructs {@link SignedInfo} using given Canonicalization algorithm and 79 * Signature algorithm. 80 * 81 * @param doc <code>SignedInfo</code> is placed in this document 82 * @param signatureMethodURI URI representation of the Digest and 83 * Signature algorithm 84 * @param canonicalizationMethodURI URI representation of the 85 * Canonicalization method 86 * @throws XMLSecurityException 87 */ 88 public SignedInfo( 89 Document doc, String signatureMethodURI, String canonicalizationMethodURI 90 ) throws XMLSecurityException { 91 this(doc, signatureMethodURI, 0, canonicalizationMethodURI); 92 } 93 94 /** 95 * Constructor SignedInfo 96 * 97 * @param doc <code>SignedInfo</code> is placed in this document 98 * @param signatureMethodURI URI representation of the Digest and 99 * Signature algorithm 100 * @param hMACOutputLength 101 * @param canonicalizationMethodURI URI representation of the 102 * Canonicalization method 103 * @throws XMLSecurityException 104 */ 105 public SignedInfo( 106 Document doc, String signatureMethodURI, 107 int hMACOutputLength, String canonicalizationMethodURI 108 ) throws XMLSecurityException { 109 super(doc); 110 111 c14nMethod = 112 XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_CANONICALIZATIONMETHOD); 113 114 c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI); 115 this.constructionElement.appendChild(c14nMethod); 116 XMLUtils.addReturnToElement(this.constructionElement); 117 118 if (hMACOutputLength > 0) { 119 this.signatureAlgorithm = 120 new SignatureAlgorithm(this.doc, signatureMethodURI, hMACOutputLength); 121 } else { 122 this.signatureAlgorithm = new SignatureAlgorithm(this.doc, signatureMethodURI); 123 } 124 125 signatureMethod = this.signatureAlgorithm.getElement(); 126 this.constructionElement.appendChild(signatureMethod); 127 XMLUtils.addReturnToElement(this.constructionElement); 128 } 129 130 /** 131 * @param doc 132 * @param signatureMethodElem 133 * @param canonicalizationMethodElem 134 * @throws XMLSecurityException 135 */ 136 public SignedInfo( 137 Document doc, Element signatureMethodElem, Element canonicalizationMethodElem 138 ) throws XMLSecurityException { 139 super(doc); 140 // Check this? 141 this.c14nMethod = canonicalizationMethodElem; 142 this.constructionElement.appendChild(c14nMethod); 143 XMLUtils.addReturnToElement(this.constructionElement); 144 145 this.signatureAlgorithm = 146 new SignatureAlgorithm(signatureMethodElem, null); 147 148 signatureMethod = this.signatureAlgorithm.getElement(); 149 this.constructionElement.appendChild(signatureMethod); 150 151 XMLUtils.addReturnToElement(this.constructionElement); 152 } 153 154 /** 155 * Build a {@link SignedInfo} from an {@link Element} 156 * 157 * @param element <code>SignedInfo</code> 158 * @param baseURI the URI of the resource where the XML instance was stored 159 * @throws XMLSecurityException 160 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html"> 161 * Question</A> 162 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html"> 163 * Answer</A> 164 */ 165 public SignedInfo(Element element, String baseURI) throws XMLSecurityException { 166 this(element, baseURI, false); 167 } 168 169 /** 170 * Build a {@link SignedInfo} from an {@link Element} 171 * 172 * @param element <code>SignedInfo</code> 173 * @param baseURI the URI of the resource where the XML instance was stored 174 * @param secureValidation whether secure validation is enabled or not 175 * @throws XMLSecurityException 176 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html"> 177 * Question</A> 178 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html"> 179 * Answer</A> 180 */ 181 public SignedInfo( 182 Element element, String baseURI, boolean secureValidation 183 ) throws XMLSecurityException { 184 // Parse the Reference children and Id attribute in the Manifest 185 super(reparseSignedInfoElem(element), baseURI, secureValidation); 186 187 c14nMethod = XMLUtils.getNextElement(element.getFirstChild()); 188 signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling()); 189 this.signatureAlgorithm = 190 new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation); 191 } 192 193 private static Element reparseSignedInfoElem(Element element) 194 throws XMLSecurityException { 195 /* 196 * If a custom canonicalizationMethod is used, canonicalize 197 * ds:SignedInfo, reparse it into a new document 198 * and replace the original not-canonicalized ds:SignedInfo by 199 * the re-parsed canonicalized one. 200 */ 201 Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild()); 202 String c14nMethodURI = 203 c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); 204 if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) || 205 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) || 206 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) || 207 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) || 208 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) || 209 c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) { 210 // the c14n is not a secure one and can rewrite the URIs or like 211 // so reparse the SignedInfo to be sure 212 try { 213 Canonicalizer c14nizer = 214 Canonicalizer.getInstance(c14nMethodURI); 215 216 byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element); 217 javax.xml.parsers.DocumentBuilderFactory dbf = 218 javax.xml.parsers.DocumentBuilderFactory.newInstance(); 219 dbf.setNamespaceAware(true); 220 dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); 221 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 222 Document newdoc = 223 db.parse(new ByteArrayInputStream(c14nizedBytes)); 224 Node imported = 225 element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true); 226 227 element.getParentNode().replaceChild(imported, element); 228 229 return (Element) imported; 230 } catch (ParserConfigurationException ex) { 231 throw new XMLSecurityException("empty", ex); 232 } catch (IOException ex) { 233 throw new XMLSecurityException("empty", ex); 234 } catch (SAXException ex) { 235 throw new XMLSecurityException("empty", ex); 236 } 237 } 238 return element; 239 } 240 241 /** 242 * Tests core validation process 243 * 244 * @return true if verification was successful 245 * @throws MissingResourceFailureException 246 * @throws XMLSecurityException 247 */ 248 public boolean verify() 249 throws MissingResourceFailureException, XMLSecurityException { 250 return super.verifyReferences(false); 251 } 252 253 /** 254 * Tests core validation process 255 * 256 * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too 257 * @return true if verification was successful 258 * @throws MissingResourceFailureException 259 * @throws XMLSecurityException 260 */ 261 public boolean verify(boolean followManifests) 262 throws MissingResourceFailureException, XMLSecurityException { 263 return super.verifyReferences(followManifests); 264 } 265 266 /** 267 * Returns getCanonicalizedOctetStream 268 * 269 * @return the canonicalization result octet stream of <code>SignedInfo</code> element 270 * @throws CanonicalizationException 271 * @throws InvalidCanonicalizerException 272 * @throws XMLSecurityException 273 */ 274 public byte[] getCanonicalizedOctetStream() 275 throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException { 276 if (this.c14nizedBytes == null) { 277 Canonicalizer c14nizer = 278 Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); 279 280 this.c14nizedBytes = 281 c14nizer.canonicalizeSubtree(this.constructionElement); 282 } 283 284 // make defensive copy 285 return this.c14nizedBytes.clone(); 286 } 287 288 /** 289 * Output the C14n stream to the given OutputStream. 290 * @param os 291 * @throws CanonicalizationException 292 * @throws InvalidCanonicalizerException 293 * @throws XMLSecurityException 294 */ 295 public void signInOctetStream(OutputStream os) 296 throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException { 297 if (this.c14nizedBytes == null) { 298 Canonicalizer c14nizer = 299 Canonicalizer.getInstance(this.getCanonicalizationMethodURI()); 300 c14nizer.setWriter(os); 301 String inclusiveNamespaces = this.getInclusiveNamespaces(); 302 303 if (inclusiveNamespaces == null) { 304 c14nizer.canonicalizeSubtree(this.constructionElement); 305 } else { 306 c14nizer.canonicalizeSubtree(this.constructionElement, inclusiveNamespaces); 307 } 308 } else { 309 try { 310 os.write(this.c14nizedBytes); 311 } catch (IOException e) { 312 throw new RuntimeException(e); 313 } 314 } 315 } 316 317 /** 318 * Returns the Canonicalization method URI 319 * 320 * @return the Canonicalization method URI 321 */ 322 public String getCanonicalizationMethodURI() { 323 return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); 324 } 325 326 /** 327 * Returns the Signature method URI 328 * 329 * @return the Signature method URI 330 */ 331 public String getSignatureMethodURI() { 332 Element signatureElement = this.getSignatureMethodElement(); 333 334 if (signatureElement != null) { 335 return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM); 336 } 337 338 return null; 339 } 340 341 /** 342 * Method getSignatureMethodElement 343 * @return returns the SignatureMethod Element 344 * 345 */ 346 public Element getSignatureMethodElement() { 347 return signatureMethod; 348 } 349 350 /** 351 * Creates a SecretKey for the appropriate Mac algorithm based on a 352 * byte[] array password. 353 * 354 * @param secretKeyBytes 355 * @return the secret key for the SignedInfo element. 356 */ 357 public SecretKey createSecretKey(byte[] secretKeyBytes) { 358 return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString()); 359 } 360 361 protected SignatureAlgorithm getSignatureAlgorithm() { 362 return signatureAlgorithm; 363 } 364 365 /** 366 * Method getBaseLocalName 367 * @inheritDoc 368 * 369 */ 370 public String getBaseLocalName() { 371 return Constants._TAG_SIGNEDINFO; 372 } 373 374 public String getInclusiveNamespaces() { 375 String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM); 376 if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || 377 c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) { 378 return null; 379 } 380 381 Element inclusiveElement = XMLUtils.getNextElement(c14nMethod.getFirstChild()); 382 383 if (inclusiveElement != null) { 384 try { 385 String inclusiveNamespaces = 386 new InclusiveNamespaces( 387 inclusiveElement, 388 InclusiveNamespaces.ExclusiveCanonicalizationNamespace 389 ).getInclusiveNamespaces(); 390 return inclusiveNamespaces; 391 } catch (XMLSecurityException e) { 392 return null; 393 } 394 } 395 return null; 396 } 397 } |