Refine search
/** * Validate the Element referred to by the KeyInfoReference. * * @param referentElement * * @throws XMLSecurityException */ private void validateReference(Element referentElement) throws XMLSecurityException { if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) { Object exArgs[] = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) }; throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs); } KeyInfo referent = new KeyInfo(referentElement, ""); if (referent.containsKeyInfoReference()) { if (secureValidation) { throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure"); } else { // Don't support chains of references at this time. If do support in the future, this is where the code // would go to validate that don't have a cycle, resulting in an infinite loop. This may be unrealistic // to implement, and/or very expensive given remote URI references. throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithoutSecure"); } } }
/** * Method lengthUnknownElement * NOTE possibly buggy. * @return the number of the UnknownElement tags */ public int lengthUnknownElement() { int res = 0; Node childNode = getElement().getFirstChild(); while (childNode != null) { /** * $todo$ using this method, we don't see unknown Elements * from Signature NS; revisit */ if (childNode.getNodeType() == Node.ELEMENT_NODE && childNode.getNamespaceURI().equals(Constants.SignatureSpecNS)) { res++; } childNode = childNode.getNextSibling(); } return res; }
/** {{@inheritDoc}}. */ public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException { LOG.debug("Can I resolve {}", element.getTagName()); if (!engineCanResolve(element, baseURI, storage)) { return null; } try { KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage); if (referent != null) { return referent.getX509Certificate(); } } catch (XMLSecurityException e) { LOG.debug("XMLSecurityException", e); } return null; }
/** * Constructor KeyInfo * @param doc */ public KeyInfo(Document doc) { super(doc); addReturnToSelf(); String prefix = ElementProxy.getDefaultPrefix(this.getBaseNamespace()); if (prefix != null && prefix.length() > 0) { getElement().setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, this.getBaseNamespace()); } }
/** * Method addKeyValue * * @param unknownKeyValueElement */ public void addKeyValue(Element unknownKeyValueElement) { this.add(new KeyValue(getDocument(), unknownKeyValueElement)); }
/** * @param element * @return a new KeyInfo * @throws XMLEncryptionException */ KeyInfo newKeyInfo(Element element) throws XMLEncryptionException { try { KeyInfo ki = new KeyInfo(element, null); ki.setSecureValidation(secureValidation); if (internalKeyResolvers != null) { int size = internalKeyResolvers.size(); for (int i = 0; i < size; i++) { ki.registerInternalKeyResolver(internalKeyResolvers.get(i)); } } return ki; } catch (XMLSecurityException xse) { throw new XMLEncryptionException(xse, "KeyInfo.error"); } }
&& elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc))) { createEncryptedHeaderElement(securityHeader, elementToEncrypt, idAllocator); encryptedData.setAttributeNS(null, "Id", encEncryptedDataId); encryptedData.setAttributeNS(null, "Type", type); encryptedData.appendChild(encryptionMethod); encryptedData.appendChild(WSSecurityUtil.cloneElement(doc, keyInfo.getElement()));
String val = oElem.getAttribute(Tags.ATTR_PRIORITY); if (val != null && val.length() > 0) { setPriority(new Integer(val)); String sChildName = oChild.getLocalName(); if (sChildName == null) sChildName = oChild.getNodeName(); keyInfo = new KeyInfo(oChild, "");
private <T extends Element> X509Certificate[] _getcerts(T element, SignatureOptions options) throws XMLSignatureException, XMLSecurityException { List<X509Certificate> certs = new ArrayList<X509Certificate>(); org.w3c.dom.Element dom = fomToDom((Element)element, options); NodeList children = dom.getChildNodes(); for (int n = 0; n < children.getLength(); n++) { try { Node node = children.item(n); if (node.getNodeType() == Node.ELEMENT_NODE) { org.w3c.dom.Element el = (org.w3c.dom.Element)node; if (Constants.DSIG_NS.equals(el.getNamespaceURI()) && Constants.LN_SIGNATURE.equals(el .getLocalName())) { IRI baseUri = element.getResolvedBaseUri(); XMLSignature sig = new XMLSignature(el, (baseUri != null) ? baseUri.toString() : ""); if (is_valid_signature(sig, options)) { KeyInfo ki = sig.getKeyInfo(); if (ki != null) { X509Certificate cert = ki.getX509Certificate(); if (cert != null) certs.add(cert); } } } } } catch (Exception e) { } } return certs.toArray(new X509Certificate[certs.size()]); }
nameId.setAttribute("SPNameQualifier", spnq); nameId.setAttribute("Format", format); nameId.setAttribute("NameQualifier", nq); KeyInfo keyInfo = new KeyInfo(doc); keyInfo.add(encryptedKey); encryptedData.setKeyInfo(keyInfo);
elem.setAttribute(Tags.ATTR_PRIORITY, getPriority().toString()); elem.appendChild(this.providerID.toXML(doc)); elem.appendChild(type.toXML(doc, Tags.TAG_TYPE)); Node oChild = doc.importNode(getKeyInfo().getElement(), true); elem.appendChild(oChild);
result.setAttributeNS(null, EncryptionConstants._ATT_ID, super.getId()); result.setAttributeNS(null, EncryptionConstants._ATT_TYPE, super.getType()); result.setAttributeNS( null, EncryptionConstants._ATT_MIMETYPE, super.getMimeType() ); result.appendChild(super.getKeyInfo().getElement().cloneNode(true));
Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild()); signedInfoElem = XMLUtils.getNextElement(element.getFirstChild()); XMLUtils.getNextElement(signedInfoElem.getNextSibling()); && Constants.SignatureSpecNS.equals(keyInfoElem.getNamespaceURI()) && Constants._TAG_KEYINFO.equals(keyInfoElem.getLocalName())) { this.keyInfo = new KeyInfo(keyInfoElem, baseURI); this.keyInfo.setSecureValidation(secureValidation);
public static SAMLAssertion unsignAssertion(Document doc) throws TransformerException, XMLSecurityException, SAMLException { boolean validSig = false; Element nscontext = doc.createElementNS(null, "namespaceContext"); nscontext.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); X509Certificate cert = ki.getX509Certificate(); PublicKey pk = ki.getPublicKey(); NodeList nodeList = doc.getDocumentElement().getChildNodes(); Node childNode = null;
String val = oElem.getAttribute(Tags.ATTR_PRIORITY); if (val != null && val.length() > 0) { setPriority(new Integer(val)); moKeyInfo = new KeyInfo((Element) oChild, "");
Document doc = ((Element) container).getOwnerDocument(); keyInfo = new KeyInfo(doc); keyInfo.add(keyName); keyInfo.addKeyValue(keyValue); try { data.addCertificate(certValue); keyInfo.add(data); } catch (XMLSecurityException ex) { throw new XKMSException(ex); keyInfo.add(keyValue); Element kiElement = keyInfo.getElement(); Element containerDOMElement = (Element) container; Document ownerDocument = containerDOMElement.getOwnerDocument(); Node node = ownerDocument.importNode(kiElement, true); containerDOMElement.appendChild(node);
KeyInfo keyInfo = new KeyInfo(document); if (embedEncryptedKey) { keyInfo.addUnknownElement(getEncryptedKeyElement()); } else if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) { SecurityTokenReference secToken = new SecurityTokenReference(document); keyInfo.addUnknownElement(secToken.getElement()); } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) { keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName); } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); secToken.setKeyIdentifier(WSConstants.WSS_SAML_KI_VALUE_TYPE, encKeyId); keyInfo.addUnknownElement(secToken.getElement()); } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, encKeyId); keyInfo.addUnknownElement(secToken.getElement()); } else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); secToken.setKeyIdentifier(customReferenceValue, encKeyId, true); keyInfo.addUnknownElement(secToken.getElement()); } else if (securityTokenReference != null) { Element tmpE = securityTokenReference.getElement();
/** {@inheritDoc} */ public Signature unmarshall(Element signatureElement) throws UnmarshallingException { log.debug("Starting to unmarshall Apache XML-Security-based SignatureImpl element"); SignatureImpl signature = new SignatureImpl(signatureElement.getNamespaceURI(), signatureElement.getLocalName(), signatureElement.getPrefix()); try { log.debug("Constructing Apache XMLSignature object"); XMLSignature xmlSignature = new XMLSignature(signatureElement, ""); SignedInfo signedInfo = xmlSignature.getSignedInfo(); log.debug("Adding canonicalization and signing algorithms, and HMAC output length to Signature"); signature.setCanonicalizationAlgorithm(signedInfo.getCanonicalizationMethodURI()); signature.setSignatureAlgorithm(signedInfo.getSignatureMethodURI()); signature.setHMACOutputLength(getHMACOutputLengthValue(signedInfo.getSignatureMethodElement())); org.apache.xml.security.keys.KeyInfo xmlSecKeyInfo = xmlSignature.getKeyInfo(); if (xmlSecKeyInfo != null) { log.debug("Adding KeyInfo to Signature"); Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller( xmlSecKeyInfo.getElement()); KeyInfo keyInfo = (KeyInfo) unmarshaller.unmarshall(xmlSecKeyInfo.getElement()); signature.setKeyInfo(keyInfo); } signature.setXMLSignature(xmlSignature); signature.setDOM(signatureElement); return signature; } catch (XMLSecurityException e) { log.error("Error constructing Apache XMLSignature instance from Signature element: {}", e.getMessage()); throw new UnmarshallingException("Unable to unmarshall Signature with Apache XMLSignature", e); } }
encryptedData.setAttributeNS(null, "Id", encEncryptedDataId); encryptedData.setAttributeNS(null, "MimeType", attachment.getMimeType()); encryptedData.setAttributeNS(null, "Type", attachmentEncryptedDataType); encryptedData.appendChild(encryptionMethod); encryptedData.appendChild(WSSecurityUtil.cloneElement(doc, keyInfo.getElement()));
NodeList children = keyInfoElement.getChildNodes(); int len = children.getLength(); KeyInfo ki = new KeyInfo(keyInfoElement, null); if (ki.containsX509Data()) { X509Data data = ki.itemX509Data(0); XMLX509Certificate certElem = null; if (data != null && data.containsCertificate()) {