Menu
▾
▴
[Neuclear-develop] neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec InvalidSignatureException.java,1.1,1.2 Reference.java,1.6,1.7 XMLSecTools.java,1.7,1.8
|
From: <pe...@us...> - 2004-01-14 16:34:30
|
Update of /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec
In directory sc8-pr-cvs1:/tmp/cvs-serv7171/src/java/org/neuclear/xml/xmlsec
Modified Files:
InvalidSignatureException.java Reference.java XMLSecTools.java
Log Message:
New model of references and signatures now pretty much works.
I am still not 100% sure on the created enveloping signatures. I need to do more testing.
Index: InvalidSignatureException.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/InvalidSignatureException.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** InvalidSignatureException.java 14 Jan 2004 06:42:38 -0000 1.1
--- InvalidSignatureException.java 14 Jan 2004 16:34:27 -0000 1.2
***************
*** 11,15 ****
*/
public class InvalidSignatureException extends Exception {
! public InvalidSignatureException(String a,String b) {
super("Digest: '"+a+"' not equal to: "+b);
}
--- 11,15 ----
*/
public class InvalidSignatureException extends Exception {
! public InvalidSignatureException(byte a[],byte b[]) {
super("Digest: '"+a+"' not equal to: "+b);
}
Index: Reference.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/Reference.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** Reference.java 14 Jan 2004 06:42:38 -0000 1.6
--- Reference.java 14 Jan 2004 16:34:27 -0000 1.7
***************
*** 1,4 ****
--- 1,8 ----
/* $Id$
* $Log$
+ * Revision 1.7 2004/01/14 16:34:27 pelle
+ * New model of references and signatures now pretty much works.
+ * I am still not 100% sure on the created enveloping signatures. I need to do more testing.
+ *
* Revision 1.6 2004/01/14 06:42:38 pelle
* Got rid of the verifyXXX() methods
***************
*** 124,127 ****
--- 128,132 ----
import org.dom4j.Element;
import org.dom4j.Node;
+ import org.dom4j.DocumentHelper;
import org.neuclear.commons.Utility;
import org.neuclear.commons.crypto.Base64;
***************
*** 132,137 ****
import org.neuclear.xml.c14.CanonicalizerWithoutSignature;
! import java.io.IOException;
import java.util.List;
public final class Reference extends AbstractXMLSigElement {
--- 137,144 ----
import org.neuclear.xml.c14.CanonicalizerWithoutSignature;
! import java.io.*;
import java.util.List;
+ import java.net.URL;
+ import java.net.MalformedURLException;
public final class Reference extends AbstractXMLSigElement {
***************
*** 146,178 ****
* <ul>
*/
! public Reference(Element root, final int sigtype) throws XMLSecurityException {
super(Reference.TAG_NAME);
final Canonicalizer canon;
Element transformsElement = addElement("Transforms");
if (sigtype == XMLSIGTYPE_ENVELOPED){
canon=new CanonicalizerWithoutSignature();
transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/2000/09/xmldsig#enveloped-signature");
! }else {
canon= new Canonicalizer();
}
transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
type=sigtype;
! final String id = root.attributeValue("id");
if (!Utility.isEmpty(id))
createAttribute("URI","#"+id);
! digest=createDigest(canon, root);
! addDigest();
! }
!
! private void addDigest() {
! addElement("DigestMethod").addAttribute(XMLSecTools.createQName("Algorithm"),"http://www.w3.org/2000/09/xmldsig#sha1");
! getElement().add(XMLSecTools.base64ToElement("DigestValue",digest.getBytes()));
}
- private static String createDigest(final Canonicalizer canon, Object root) throws XMLSecurityException {
- return new String(Base64.encode(CryptoTools.digest(canon.canonicalize(root))));
- }
public Reference(final String uri) throws XMLSecurityException {
--- 153,184 ----
* <ul>
*/
! public Reference(final Element root, final int sigtype) throws XMLSecurityException {
super(Reference.TAG_NAME);
final Canonicalizer canon;
Element transformsElement = addElement("Transforms");
+ final Element object;
if (sigtype == XMLSIGTYPE_ENVELOPED){
canon=new CanonicalizerWithoutSignature();
transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/2000/09/xmldsig#enveloped-signature");
! object=root;
! } else if (sigtype == XMLSIGTYPE_ENVELOPING){
!
canon= new Canonicalizer();
+ object=DocumentHelper.createElement("Object");
+ object.addAttribute("Id","data");
+ object.add(root.createCopy());
+ } else {
+ throw new XMLSecurityException("Unsupported Signature Method");
}
transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
type=sigtype;
! final String id = Utility.denullString(root.attributeValue("Id"),root.attributeValue("ID"));
if (!Utility.isEmpty(id))
createAttribute("URI","#"+id);
! addDigest(canon,object);
}
public Reference(final String uri) throws XMLSecurityException {
***************
*** 180,185 ****
type=XMLSIGTYPE_DETACHED;
createAttribute("URI",uri);
! digest=createDigest(new Canonicalizer(),loadReference(uri));
! addDigest();
}
/**
--- 186,190 ----
type=XMLSIGTYPE_DETACHED;
createAttribute("URI",uri);
! addDigest(new Canonicalizer(),loadReference(uri));
}
/**
***************
*** 194,200 ****
type=findSignatureType(elem);
! digest=new String(XMLSecTools.decodeBase64Element(getElement().element(XMLSecTools.createQName("DigestValue"))));
! final Object object=findRefElement(type,elem);
final Canonicalizer canon;
if (type==XMLSIGTYPE_ENVELOPED)
--- 199,207 ----
type=findSignatureType(elem);
! byte digest[]=XMLSecTools.decodeBase64Element(getElement().element(XMLSecTools.createQName("DigestValue")));
! final Object object=findRefElement(elem);
! if (object==null)
! throw new XMLSecurityException("Couldnt Dereference Object:\n "+elem.asXML());
final Canonicalizer canon;
if (type==XMLSIGTYPE_ENVELOPED)
***************
*** 203,243 ****
canon=new Canonicalizer();
! final String dig2 = createDigest(canon, object);
! if (!digest.equals(dig2))
throw new InvalidSignatureException(digest,dig2);
}
! private static int findSignatureType(Element elem) throws XMLSecurityException {
! if (elem.getParent() != null&&elem.getParent().getParent() != null&&elem.getParent().getParent().getParent() != null) { // Enveloped
! return XMLSIGTYPE_ENVELOPED;
! } else if (elem.getParent() != null&&elem.getParent().getParent() != null&&elem.getParent().getParent().element("Object") != null) { // Enveloped
! return XMLSIGTYPE_ENVELOPING;
! } else {// Detached
! return XMLSIGTYPE_DETACHED;
! }
}
! private static Object findRefElement(int type,Element elem) throws XMLSecurityException {
final String id=elem.attributeValue("URI");
! if (!Utility.isEmpty(id)){
! if (id.startsWith("#")&&id.length()>2){
! Node node= elem.getDocument().elementByID(id.substring(1));
! if (node!=null)
! return node;
}
}
! switch (type){
! case XMLSIGTYPE_ENVELOPED:
! return elem.getDocument();
! case XMLSIGTYPE_ENVELOPING:
! final List contents = elem.getParent().getParent().element("Object").content();
! if (contents.size() == 1)
! return contents.get(0);
! else
! return contents;
! case XMLSIGTYPE_DETACHED:
! return loadReference(id);
! }
! throw new XMLSecurityException("Confused Stated. Dont know what Signature Type we have");
}
--- 210,253 ----
canon=new Canonicalizer();
! final byte dig2[] = createDigest(canon, object);
! if (!CryptoTools.equalByteArrays(digest,dig2))
throw new InvalidSignatureException(digest,dig2);
}
+ private void addDigest(final Canonicalizer canon, Object root) throws XMLSecurityException {
+ addElement("DigestMethod").addAttribute(XMLSecTools.createQName("Algorithm"),"http://www.w3.org/2000/09/xmldsig#sha1");
+ getElement().add(XMLSecTools.base64ToElement("DigestValue",createDigest(canon,root)));
+ }
! private static byte[] createDigest(final Canonicalizer canon, Object root) throws XMLSecurityException {
! final byte[] value = canon.canonicalize(root);
! // System.out.println("Canonicalized:");
! // System.out.println(new String(value));
! // System.out.println("------");
! return CryptoTools.digest(value);
}
! private static int findSignatureType(Element elem) {
final String id=elem.attributeValue("URI");
! if (!Utility.isEmpty(id)&&id.length()>1){
! if (id.startsWith("#"))
! return XMLSIGTYPE_ENVELOPING;
! return XMLSIGTYPE_DETACHED;
! }
! return XMLSIGTYPE_ENVELOPED;
! }
!
! private static Object findRefElement(Element elem) throws XMLSecurityException {
! final String id=elem.attributeValue("URI");
! if (!Utility.isEmpty(id)&&id.length()>1){
! if (id.startsWith("#")){
! // System.out.println("Ref: "+id.substring(1));
! return XMLTools.getByID(elem,id.substring(1));
}
+ // Non Local URI, we need to load it
+ return loadReference(id);
+
}
! // if URI is null or "" the data object is the root element
! return elem.getDocument().getRootElement();
}
***************
*** 246,296 ****
throw new XMLSecurityException("XMLSignature is not linked to Document");
try {
! return XMLTools.loadDocument(refuri).getRootElement();
} catch (XMLException e) {
throw new XMLSecurityException(e);
}
}
- /**
- * Method getEncoded
- * This returns the Digest
- *
- * @return
- */
- public final String getDigest() {
- return digest;
- }
- private Canonicalizer getCanonicalizer() {
- /*
- if (getSigType() == Reference.XMLSIGTYPE_ENVELOPED)
- return new CanonicalizerWithoutSignature();
- else if (c14nType == Canonicalizer.C14NTYPE_WITH_COMMENTS)
- return new CanonicalizerWithComments();
- */
- return new Canonicalizer();
- }
-
-
-
- /*
- protected final byte[] canonicalizeReference() {
- return XMLSecTools.canonicalize(getCanonicalizer(), getReferenceElement());
- }
-
- protected final byte[] generateRefenceDigest() {
- return CryptoTools.digest(canonicalizeReference());
- }
-
- public final boolean verifyReferences() throws XMLSecurityException, CryptoException {
- return CryptoTools.equalByteArrays(generateRefenceDigest(), getDigest());
- }
-
- */
public String getUri(){
return getElement().attributeValue("URI");
}
- private final String digest;
private final int type;
--- 256,286 ----
throw new XMLSecurityException("XMLSignature is not linked to Document");
try {
! URL url= new URL(refuri);
! String ref=url.getRef();
! if (ref!=null) // If we have a reference part it is XML
! return XMLTools.loadDocument(url).getRootElement().elementByID(ref);
! BufferedInputStream is=new BufferedInputStream(url.openStream());
! ByteArrayOutputStream os=new ByteArrayOutputStream(is.available());
! byte input[]=new byte[is.available()];
! int count=0;
! while((count=is.read(input))>=0){
! os.write(input,0,count);
! }
! is.close();
! return new String(os.toByteArray());
} catch (XMLException e) {
throw new XMLSecurityException(e);
+ } catch (MalformedURLException e) {
+ throw new XMLSecurityException(e);
+ } catch (IOException e) {
+ throw new XMLSecurityException(e);
}
}
public String getUri(){
return getElement().attributeValue("URI");
}
private final int type;
Index: XMLSecTools.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/XMLSecTools.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** XMLSecTools.java 14 Jan 2004 06:42:38 -0000 1.7
--- XMLSecTools.java 14 Jan 2004 16:34:27 -0000 1.8
***************
*** 1,4 ****
--- 1,8 ----
/* $Id$
* $Log$
+ * Revision 1.8 2004/01/14 16:34:27 pelle
+ * New model of references and signatures now pretty much works.
+ * I am still not 100% sure on the created enveloping signatures. I need to do more testing.
+ *
* Revision 1.7 2004/01/14 06:42:38 pelle
* Got rid of the verifyXXX() methods
***************
*** 334,337 ****
--- 338,342 ----
return true;
} catch (InvalidSignatureException e) {
+ System.out.println(e.getLocalizedMessage());
return false;
}
|
