Menu
▾
▴
[Neuclear-develop] neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec KeyInfo.java,1.5,1.6 QuickEmbeddedSignature.java,1.4,1.5 XMLSignature.java,1.6,1.7
|
From: <pe...@us...> - 2004-01-07 23:11:54
|
Update of /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec
In directory sc8-pr-cvs1:/tmp/cvs-serv16526/src/java/org/neuclear/xml/xmlsec
Modified Files:
KeyInfo.java QuickEmbeddedSignature.java XMLSignature.java
Log Message:
XMLSig now has various added features:
- KeyInfo supports X509v3 (untested)
- KeyInfo supports KeyName
- When creating a XMLSignature and signing it with a Signer, it adds the alias to the KeyName
Added KeyResolver interface and KeyResolverFactory Class. At the moment no implementations.
Index: KeyInfo.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/KeyInfo.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** KeyInfo.java 19 Dec 2003 18:03:07 -0000 1.5
--- KeyInfo.java 7 Jan 2004 23:11:51 -0000 1.6
***************
*** 5,12 ****
--- 5,18 ----
import org.dom4j.Element;
import org.neuclear.commons.crypto.CryptoException;
+ import org.neuclear.commons.crypto.keyresolvers.KeyResolverFactory;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
+ import java.security.cert.Certificate;
+ import java.security.cert.X509Certificate;
+ import java.security.cert.CertificateEncodingException;
+ import java.security.cert.CertificateFactory;
+ import java.security.cert.CertificateException;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
***************
*** 15,18 ****
--- 21,26 ----
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
+ import java.util.Iterator;
+ import java.io.ByteArrayInputStream;
public final class KeyInfo extends AbstractXMLSigElement {
***************
*** 59,62 ****
--- 67,83 ----
}
}
+ public KeyInfo(final String name) {
+ super(TAG_NAME);
+ final Element kv = XMLSecTools.createElementInSignatureSpace("KeyName");
+ kv.addText(name);
+ addElement(kv);
+ }
+
+ public KeyInfo(final X509Certificate cert) throws CertificateEncodingException {
+ super(TAG_NAME);
+ final Element kv = XMLSecTools.createElementInSignatureSpace("X509Data");
+ kv.add(XMLSecTools.base64ToElement("X509Certificate",cert.getEncoded()));
+ addElement(kv);
+ }
public KeyInfo(final Element elem) throws XMLSecurityException {
***************
*** 75,127 ****
throws XMLSecurityException {
if (pub == null) {
try {
! final KeyFactory keyFactory;
!
! final Element kvElement = getElement().element(XMLSecTools.createQName("KeyValue"));
! if (kvElement == null)
! throw new XMLSecurityException("KeyInfo doesn't contains a KeyValue element.");
!
! Element algElement = kvElement.element(XMLSecTools.createQName("RSAKeyValue"));
! if (algElement == null) {
! algElement = kvElement.element(XMLSecTools.createQName("DSAKeyValue"));
! if (algElement == null)
! throw new XMLSecurityException("KeyInfo doesn't contains a [DSA|RSA]KeyValue element. " +
! "Sorry, we currently only support RSA and DSA keys");
! }
! if (algElement.getName().equalsIgnoreCase("RSAKeyValue")) {
! keyFactory = KeyFactory.getInstance("RSA");
! final Element mod = algElement.element(XMLSecTools.createQName("Modulus"));
! final Element exp = algElement.element(XMLSecTools.createQName("Exponent"));
! if ((mod == null) || (exp == null))
! throw new XMLSecurityException("KeyInfo Didn't contain a valid RSA Key");
! final RSAPublicKeySpec rsaKeyspec =
! new RSAPublicKeySpec(XMLSecTools.decodeBigIntegerFromElement(mod), XMLSecTools.decodeBigIntegerFromElement(exp));
! final PublicKey pk = keyFactory.generatePublic(rsaKeyspec);
! pub = pk;
! } else if (algElement.getName().equalsIgnoreCase("DSAKeyValue")) {
! keyFactory = KeyFactory.getInstance("DSA");
! final Element p = algElement.element(XMLSecTools.createQName("P"));
! final Element q = algElement.element(XMLSecTools.createQName("Q"));
! final Element g = algElement.element(XMLSecTools.createQName("G"));
! final Element y = algElement.element(XMLSecTools.createQName("Y"));
! if (p == null || q == null || g == null || y == null)
! throw new XMLSecurityException("KeyInfo didn't contain a valid DSA Key");
! final DSAPublicKeySpec dsaPublicKeySpec = new DSAPublicKeySpec(XMLSecTools.decodeBigIntegerFromElement(y),
! XMLSecTools.decodeBigIntegerFromElement(p),
! XMLSecTools.decodeBigIntegerFromElement(q),
! XMLSecTools.decodeBigIntegerFromElement(g));
! final PublicKey pk = keyFactory.generatePublic(dsaPublicKeySpec);
! pub = pk;
! }
! } catch (NoSuchAlgorithmException ex) {
! XMLSecTools.rethrowException(ex);
! } catch (InvalidKeySpecException ex) {
! XMLSecTools.rethrowException(ex);
}
}
! return pub;
}
--- 96,175 ----
throws XMLSecurityException {
if (pub == null) {
+ Iterator iter=getElement().elementIterator();
+ while (iter.hasNext()&&pub==null) {
+ Element element = (Element) iter.next();
+ if (element.getName().equals("KeyValue"))
+ pub=parseKeyValue(element);
+ else if(element.getName().equals("KeyName"))
+ pub=parseKeyName(element);
+ else if(element.getName().equals("X509Data"))
+ pub=parseX509(element);
+ }
+ }
+ return pub;
+ }
+ private PublicKey parseKeyName(final Element element){
+ final String name=element.getTextTrim();
+ return KeyResolverFactory.getInstance().resolve(name);
+ }
+ private PublicKey parseX509(final Element element){
+ Element x509Data=element.element("X509Data");
+ if (x509Data!=null){
try {
! byte encoded[]=XMLSecTools.decodeBase64Element(x509Data);
! CertificateFactory fact=CertificateFactory.getInstance("X509v3");
! Certificate cert=fact.generateCertificate(new ByteArrayInputStream(encoded));
! return cert.getPublicKey();
! } catch (XMLSecurityException e) {
! return null;
! } catch (CertificateException e) {
! return null;
! }
! }
! return null;
! }
! private PublicKey parseKeyValue(final Element kvElement) throws XMLSecurityException {
! try {
! final KeyFactory keyFactory;
! Element algElement = kvElement.element(XMLSecTools.createQName("RSAKeyValue"));
! if (algElement == null) {
! algElement = kvElement.element(XMLSecTools.createQName("DSAKeyValue"));
! if (algElement == null)
! throw new XMLSecurityException("KeyInfo doesn't contains a [DSA|RSA]KeyValue element. " +
! "Sorry, we currently only support RSA and DSA keys");
! }
! if (algElement.getName().equalsIgnoreCase("RSAKeyValue")) {
! keyFactory = KeyFactory.getInstance("RSA");
! final Element mod = algElement.element(XMLSecTools.createQName("Modulus"));
! final Element exp = algElement.element(XMLSecTools.createQName("Exponent"));
! if ((mod == null) || (exp == null))
! throw new XMLSecurityException("KeyInfo Didn't contain a valid RSA Key");
! final RSAPublicKeySpec rsaKeyspec =
! new RSAPublicKeySpec(XMLSecTools.decodeBigIntegerFromElement(mod), XMLSecTools.decodeBigIntegerFromElement(exp));
! final PublicKey pk = keyFactory.generatePublic(rsaKeyspec);
! return pk;
! } else if (algElement.getName().equalsIgnoreCase("DSAKeyValue")) {
! keyFactory = KeyFactory.getInstance("DSA");
! final Element p = algElement.element(XMLSecTools.createQName("P"));
! final Element q = algElement.element(XMLSecTools.createQName("Q"));
! final Element g = algElement.element(XMLSecTools.createQName("G"));
! final Element y = algElement.element(XMLSecTools.createQName("Y"));
! if (p == null || q == null || g == null || y == null)
! throw new XMLSecurityException("KeyInfo didn't contain a valid DSA Key");
! final DSAPublicKeySpec dsaPublicKeySpec = new DSAPublicKeySpec(XMLSecTools.decodeBigIntegerFromElement(y),
! XMLSecTools.decodeBigIntegerFromElement(p),
! XMLSecTools.decodeBigIntegerFromElement(q),
! XMLSecTools.decodeBigIntegerFromElement(g));
! return keyFactory.generatePublic(dsaPublicKeySpec);
}
+ } catch (NoSuchAlgorithmException ex) {
+ XMLSecTools.rethrowException(ex);
+ } catch (InvalidKeySpecException ex) {
+ XMLSecTools.rethrowException(ex);
}
! return null;
}
Index: QuickEmbeddedSignature.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/QuickEmbeddedSignature.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** QuickEmbeddedSignature.java 19 Dec 2003 18:03:07 -0000 1.4
--- QuickEmbeddedSignature.java 7 Jan 2004 23:11:51 -0000 1.5
***************
*** 8,11 ****
--- 8,18 ----
* $Id$
* $Log$
+ * Revision 1.5 2004/01/07 23:11:51 pelle
+ * XMLSig now has various added features:
+ * - KeyInfo supports X509v3 (untested)
+ * - KeyInfo supports KeyName
+ * - When creating a XMLSignature and signing it with a Signer, it adds the alias to the KeyName
+ * Added KeyResolver interface and KeyResolverFactory Class. At the moment no implementations.
+ *
* Revision 1.4 2003/12/19 18:03:07 pelle
* Revamped a lot of exception handling throughout the framework, it has been simplified in most places:
***************
*** 145,148 ****
--- 152,156 ----
super(getSignatureElement(root,signer.getKeyType(name)));
final Element sig = getElement();
+ addElement(new KeyInfo(name)); // Add the signers name
getSi().getReference().setDigest();
***************
*** 195,218 ****
private static Element SIGNATURETEMPLATE;
! private static final String SIGNATURETEMPLATE_TEXT = "<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" +
! "<ds:SignedInfo>" +
! "<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
! "<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
! "<ds:Reference URI=\"\">" +
! "<ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
! "</ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
! "</ds:Reference>" +
! "</ds:SignedInfo></ds:Signature>";
private static Element DSASIGNATURETEMPLATE;
! private static final String DSASIGNATURETEMPLATE_TEXT = "<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" +
! "<ds:SignedInfo>" +
! "<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
! "<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\"/>" +
! "<ds:Reference URI=\"\">" +
! "<ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
! "</ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
! "</ds:Reference>" +
! "</ds:SignedInfo></ds:Signature>";
--- 203,226 ----
private static Element SIGNATURETEMPLATE;
! private static final String SIGNATURETEMPLATE_TEXT = "\n<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" +
! "\n<ds:SignedInfo>" +
! "\n<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
! "\n<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
! "\n<ds:Reference URI=\"\">" +
! "\n<ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
! "\n</ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
! "\n</ds:Reference>" +
! "\n</ds:SignedInfo>\n</ds:Signature>";
private static Element DSASIGNATURETEMPLATE;
! private static final String DSASIGNATURETEMPLATE_TEXT = "\n<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" +
! "\n<ds:SignedInfo>" +
! "\n<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
! "\n<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\"/>" +
! "\n<ds:Reference URI=\"\">" +
! "\n<ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
! "\n</ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
! "\n</ds:Reference>" +
! "\n</ds:SignedInfo>\n</ds:Signature>";
Index: XMLSignature.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/XMLSignature.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** XMLSignature.java 19 Dec 2003 18:03:07 -0000 1.6
--- XMLSignature.java 7 Jan 2004 23:11:51 -0000 1.7
***************
*** 1,4 ****
--- 1,11 ----
/* $Id$
* $Log$
+ * Revision 1.7 2004/01/07 23:11:51 pelle
+ * XMLSig now has various added features:
+ * - KeyInfo supports X509v3 (untested)
+ * - KeyInfo supports KeyName
+ * - When creating a XMLSignature and signing it with a Signer, it adds the alias to the KeyName
+ * Added KeyResolver interface and KeyResolverFactory Class. At the moment no implementations.
+ *
* Revision 1.6 2003/12/19 18:03:07 pelle
* Revamped a lot of exception handling throughout the framework, it has been simplified in most places:
***************
*** 167,182 ****
*/
public class XMLSignature extends AbstractXMLSigElement {
- /**
- * Creates an Enveloped (Embedded) Signature object based on the given element root
- *
- * @param key
- * @param root
- * @param uri
- * @throws XMLSecurityException
- */
- public XMLSignature(final PrivateKey key, final Element root, final String uri) throws XMLSecurityException, CryptoException {
- this(key, null, root, uri);
- }
-
/**
* Creates an Enveloped (Embedded) Signature object based on the given element root
--- 174,177 ----
|
