Menu
▾
▴
[Neuclear-develop] neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec AnyXMLSignature.java,NONE,1.1 DataObjectSignature.java,NONE,1.1 EnvelopedSignature.java,NONE,1.1 InvalidReferencesException.java,NONE,1.1 AbstractXMLSigElement.java,1.3,1.4 InvalidSignatureException.java,1.4,1.5 KeyInfo.java,1.9,1.10 Reference.java,1.16,1.17 SignedElement.java,1.11,1.12 SignedInfo.java,1.4,1.5 XMLSecTools.java,1.13,1.14 XMLSignature.java,1.15,1.16
|
From: Pelle B. <pe...@us...> - 2004-03-19 22:31:43
|
Update of /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19896/src/java/org/neuclear/xml/xmlsec Modified Files: AbstractXMLSigElement.java InvalidSignatureException.java KeyInfo.java Reference.java SignedElement.java SignedInfo.java XMLSecTools.java XMLSignature.java Added Files: AnyXMLSignature.java DataObjectSignature.java EnvelopedSignature.java InvalidReferencesException.java Log Message: Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: - Enveloped - DataObjects - (Enveloping) - Any for interop testing mainly. --- NEW FILE: InvalidReferencesException.java --- package org.neuclear.xml.xmlsec; /** * Created by IntelliJ IDEA. * User: pelleb * Date: Mar 19, 2004 * Time: 2:16:55 PM * To change this template use File | Settings | File Templates. */ public class InvalidReferencesException extends InvalidSignatureException { public InvalidReferencesException(int count) { super("Invalid reference count: " + count); } public InvalidReferencesException() { super("Invalid reference type"); } } Index: Reference.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/Reference.java,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** Reference.java 8 Mar 2004 23:51:03 -0000 1.16 --- Reference.java 19 Mar 2004 22:21:51 -0000 1.17 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.17 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.16 2004/03/08 23:51:03 pelle * More improvements on the XMLSignature. Now uses the Transforms properly, References properly. *************** *** 290,300 **** } else { Node node = refObject; ! final List list = elem.element(XMLSecTools.createQName("Transforms")).elements(XMLSecTools.createQName("Transform")); ! for (int i = 0; i < list.size() - 1; i++) { ! Transform o = TransformerFactory.make((Element) list.get(i)); ! node = (Node) o.transformNode(node); } ! ! dig2 = createDigest((Canonicalizer) TransformerFactory.make((Element) list.get(list.size() - 1)), node); } if (!CryptoTools.equalByteArrays(digest, dig2)) --- 296,314 ---- } else { Node node = refObject; ! final Element trelem = elem.element(XMLSecTools.createQName("Transforms")); ! Canonicalizer canon = null; ! if (trelem != null) { ! final List list = trelem.elements(XMLSecTools.createQName("Transform")); ! for (int i = 0; i < list.size(); i++) { ! Transform o = TransformerFactory.make((Element) list.get(i)); ! if (i == list.size() - 1 && o instanceof Canonicalizer) ! canon = (Canonicalizer) TransformerFactory.make((Element) list.get(list.size() - 1)); ! else ! node = (Node) o.transformNode(node); ! } } ! if (canon == null) ! canon = new Canonicalizer(); ! dig2 = createDigest(canon, node); } if (!CryptoTools.equalByteArrays(digest, dig2)) Index: XMLSecTools.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/XMLSecTools.java,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** XMLSecTools.java 8 Mar 2004 23:51:03 -0000 1.13 --- XMLSecTools.java 19 Mar 2004 22:21:51 -0000 1.14 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.14 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.13 2004/03/08 23:51:03 pelle * More improvements on the XMLSignature. Now uses the Transforms properly, References properly. *************** *** 181,186 **** import org.neuclear.commons.crypto.Base64; import org.neuclear.commons.crypto.CryptoException; - import org.neuclear.commons.crypto.passphraseagents.UserCancellationException; - import org.neuclear.commons.crypto.signers.NonExistingSignerException; import org.neuclear.xml.XMLException; import org.neuclear.xml.c14.Canonicalizer; --- 187,190 ---- *************** *** 189,193 **** import java.io.StringWriter; import java.math.BigInteger; - import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; --- 193,196 ---- *************** *** 217,263 **** /** - * Signs an element with a given keypair and envelopes the signature within. - * - * @param root Element to be signed - * @param keypair RSA/DSA KeyPair - * @throws XMLSecurityException - */ - public static XMLSignature signElement(final Element root, final KeyPair keypair) throws XMLSecurityException, CryptoException {//, KeyStoreException { - final XMLSignature sig = new XMLSignature(keypair, root); - return sig; - } - - - /** - * Signs an element with a given Private Key and "Envelopes" the signature within. - * - * @param root Element to be signed - * @param name Alias of key to be used for signing - * @param signer NeuClear Signer - * @throws XMLSecurityException - */ - public static XMLSignature signElement(final Element root, final String name, final org.neuclear.commons.crypto.signers.Signer signer) throws XMLSecurityException, NonExistingSignerException, UserCancellationException {//, KeyStoreException { - return new XMLSignature(name, signer, root, true); - } - - /** - * Signs an element with a given keypair and embeds the element within the Signature. - * - * @param root Element to be signed - * @param keypair RSA/DSA KeyPair - * @throws XMLSecurityException - */ - public static XMLSignature signElementEnveloping(final Element root, final KeyPair keypair) throws XMLSecurityException, CryptoException {//, KeyStoreException { - final XMLSignature sig = new XMLSignature(keypair, root, false); - return sig; - } - - /** * Creates a KeyInfo Element containing the public key of a key stored in the given keystore. ! * * @param ks KeyStore to use * @param s Identifier of Key * @return Element containg valid KeyInfo ! * @throws KeyStoreException */ public static Element createKeyInfo(final KeyStore ks, final String s) throws KeyStoreException { --- 220,229 ---- /** * Creates a KeyInfo Element containing the public key of a key stored in the given keystore. ! * * @param ks KeyStore to use * @param s Identifier of Key * @return Element containg valid KeyInfo ! * @throws KeyStoreException */ public static Element createKeyInfo(final KeyStore ks, final String s) throws KeyStoreException { *************** *** 305,310 **** * @throws XMLSecurityException */ ! public static XMLSignature getXMLSignature(final Element elem) throws XMLSecurityException, InvalidSignatureException { final QName qname = XMLSecTools.createQName("Signature"); Element xmlSigElement = elem.element(qname); if (xmlSigElement == null || (isInXMLSigNS(xmlSigElement))) { --- 271,278 ---- * @throws XMLSecurityException */ ! public static Element getSignatureElement(final Element elem) throws XMLSecurityException { final QName qname = XMLSecTools.createQName("Signature"); + if (elem.getQName().equals(qname)) + return elem; Element xmlSigElement = elem.element(qname); if (xmlSigElement == null || (isInXMLSigNS(xmlSigElement))) { *************** *** 314,318 **** throw new XMLSecurityException("No Signature Found"); } ! return new XMLSignature(xmlSigElement); } --- 282,286 ---- throw new XMLSecurityException("No Signature Found"); } ! return xmlSigElement; } *************** *** 322,360 **** /** - * Verifies the signature of a given element - * - * @param elem Element to verify - * @param pub Public Key to verify against - * @return true if it verifies - * @throws XMLSecurityException - */ - public static boolean verifySignature(final Element elem, final PublicKey pub) throws XMLSecurityException { - try { - final XMLSignature sig = getXMLSignature(elem); - return true; - } catch (InvalidSignatureException e) { - return false; - } - } - - /** - * Verifies the signature of a given element. Note this requires an embedded KeyInfo part within the - * Signature Element. - * - * @param elem Element to verify - * @return true if it verifies - * @throws XMLSecurityException - */ - public static boolean verifySignature(final Element elem) throws XMLSecurityException, CryptoException { - try { - final XMLSignature sig = getXMLSignature(elem); - return true; - } catch (InvalidSignatureException e) { - System.out.println(e.getLocalizedMessage()); - return false; - } - } - - /** * This takes a node and outputs it as a byte array. Note this is not canonicalized * --- 290,293 ---- *************** *** 454,461 **** } - public static void rethrowException(final Throwable e) throws XMLSecurityException { - throw new XMLSecurityException(e); - } - /** * Method decodeBigIntegerFromElement --- 387,390 ---- *************** *** 578,611 **** return base64ToElement(localName, Base64.getBytes(big)); } - /* - public static void main(String args[]){ - SAXReader reader = new SAXReader(); - try { - - reader.setValidation(false); - reader.setStripWhitespaceText(false); - reader.setMergeAdjacentText(false); - reader.setStringInternEnabled(false); - - reader.setIncludeExternalDTDDeclarations(false); - Document document = reader.read(System.in); - // if (reader.getXMLFilter()!=null) - // System.out.println("XMLFilter: "+reader.getXMLFilter().getClass().toString()); - // if (reader.getXMLReader()!=null) - // System.out.println("XMLReader: "+reader.getXMLReader().getClass().toString()); - System.out.println("Original:"); - System.out.println(document.asXML()); - System.out.println("C14n:"); - - System.out.write(getElementBytes(document)); - } catch (DocumentException e) { - System.err.println("There was no input"); - e.printStackTrace(); //To change body of catch statement use Options | File Templates. - } catch (IOException e) { - - e.printStackTrace(); //To change body of catch statement use Options | File Templates. - } - - } - */ } --- 507,509 ---- Index: InvalidSignatureException.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/InvalidSignatureException.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** InvalidSignatureException.java 8 Mar 2004 23:51:03 -0000 1.4 --- InvalidSignatureException.java 19 Mar 2004 22:21:51 -0000 1.5 *************** *** 18,20 **** --- 18,24 ---- super("Public Key: " + pub.toString() + " didnt sign this signature"); } + + protected InvalidSignatureException(String title) { + super(title); + } } Index: KeyInfo.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/KeyInfo.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** KeyInfo.java 14 Jan 2004 17:07:59 -0000 1.9 --- KeyInfo.java 19 Mar 2004 22:21:51 -0000 1.10 *************** *** 67,74 **** } } ! public KeyInfo(final PublicKey pub, final String name){ this(pub); appendKeyName(name); } public KeyInfo(final String name) { super(TAG_NAME); --- 67,76 ---- } } ! ! public KeyInfo(final PublicKey pub, final String name) { this(pub); appendKeyName(name); } + public KeyInfo(final String name) { super(TAG_NAME); *************** *** 85,89 **** super(TAG_NAME); final Element kv = XMLSecTools.createElementInSignatureSpace("X509Data"); ! kv.add(XMLSecTools.base64ToElement("X509Certificate",cert.getEncoded())); addElement(kv); } --- 87,91 ---- super(TAG_NAME); final Element kv = XMLSecTools.createElementInSignatureSpace("X509Data"); ! kv.add(XMLSecTools.base64ToElement("X509Certificate", cert.getEncoded())); addElement(kv); } *************** *** 104,120 **** throws XMLSecurityException { if (pub == null) { ! Iterator iter=getElement().elementIterator(); ! while (iter.hasNext()&&pub==null) { Element element = (Element) iter.next(); ! if(element.getName().equals("KeyName")) return element.getTextTrim(); ! else if(element.getName().equals("X509Data")) ! return "x509v3:"+Base64.encode(extractX509(element).getSerialNumber()); if (element.getName().equals("KeyValue")) ! return "sha1:"+Base64.encode(CryptoTools.digest(parseKeyValue(element).getEncoded())); } } return null; } /** * Method getPublicKey --- 106,123 ---- throws XMLSecurityException { if (pub == null) { ! Iterator iter = getElement().elementIterator(); ! while (iter.hasNext() && pub == null) { Element element = (Element) iter.next(); ! if (element.getName().equals("KeyName")) return element.getTextTrim(); ! else if (element.getName().equals("X509Data")) ! return "x509v3:" + Base64.encode(extractX509(element).getSerialNumber()); if (element.getName().equals("KeyValue")) ! return "sha1:" + Base64.encode(CryptoTools.digest(parseKeyValue(element).getEncoded())); } } return null; } + /** * Method getPublicKey *************** *** 126,156 **** throws XMLSecurityException { if (pub == null) { ! Iterator iter=getElement().elementIterator(); ! while (iter.hasNext()&&pub==null) { Element element = (Element) iter.next(); if (element.getName().equals("KeyValue")) ! pub=parseKeyValue(element); ! else if(element.getName().equals("KeyName")) ! pub=parseKeyName(element); ! else if(element.getName().equals("X509Data")) ! pub=parseX509(element); } } return pub; } ! private PublicKey parseKeyName(final Element element){ ! final String name=element.getTextTrim(); return KeyResolverFactory.getInstance().resolve(name); } private PublicKey parseX509(final Element element) throws XMLSecurityException { return extractX509(element).getPublicKey(); } private X509Certificate extractX509(final Element element) throws XMLSecurityException { ! Element x509Data=element.element("X509Certificate"); ! if (x509Data!=null){ try { ! byte encoded[]=XMLSecTools.decodeBase64Element(x509Data); ! CertificateFactory fact=CertificateFactory.getInstance("X.509"); ! X509Certificate cert=(X509Certificate) fact.generateCertificate(new ByteArrayInputStream(encoded)); return cert; } catch (CertificateException e) { --- 129,162 ---- throws XMLSecurityException { if (pub == null) { ! Iterator iter = getElement().elementIterator(); ! while (iter.hasNext() && pub == null) { Element element = (Element) iter.next(); if (element.getName().equals("KeyValue")) ! pub = parseKeyValue(element); ! else if (element.getName().equals("KeyName")) ! pub = parseKeyName(element); ! else if (element.getName().equals("X509Data")) ! pub = parseX509(element); } } return pub; } ! ! private PublicKey parseKeyName(final Element element) { ! final String name = element.getTextTrim(); return KeyResolverFactory.getInstance().resolve(name); } + private PublicKey parseX509(final Element element) throws XMLSecurityException { return extractX509(element).getPublicKey(); } + private X509Certificate extractX509(final Element element) throws XMLSecurityException { ! Element x509Data = element.element("X509Certificate"); ! if (x509Data != null) { try { ! byte encoded[] = XMLSecTools.decodeBase64Element(x509Data); ! CertificateFactory fact = CertificateFactory.getInstance("X.509"); ! X509Certificate cert = (X509Certificate) fact.generateCertificate(new ByteArrayInputStream(encoded)); return cert; } catch (CertificateException e) { *************** *** 159,164 **** } } ! return null; } private PublicKey parseKeyValue(final Element kvElement) throws XMLSecurityException { try { --- 165,171 ---- } } ! throw new XMLSecurityException("No X509Certificate included"); } + private PublicKey parseKeyValue(final Element kvElement) throws XMLSecurityException { try { *************** *** 183,187 **** final PublicKey pk = keyFactory.generatePublic(rsaKeyspec); ! return pk; } else if (algElement.getName().equalsIgnoreCase("DSAKeyValue")) { keyFactory = KeyFactory.getInstance("DSA"); --- 190,194 ---- final PublicKey pk = keyFactory.generatePublic(rsaKeyspec); ! return pk; } else if (algElement.getName().equalsIgnoreCase("DSAKeyValue")) { keyFactory = KeyFactory.getInstance("DSA"); *************** *** 199,205 **** } } catch (NoSuchAlgorithmException ex) { ! XMLSecTools.rethrowException(ex); } catch (InvalidKeySpecException ex) { ! XMLSecTools.rethrowException(ex); } return null; --- 206,212 ---- } } catch (NoSuchAlgorithmException ex) { ! throw new XMLSecurityException(ex); } catch (InvalidKeySpecException ex) { ! throw new XMLSecurityException(ex); } return null; Index: XMLSignature.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/XMLSignature.java,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** XMLSignature.java 8 Mar 2004 23:51:03 -0000 1.15 --- XMLSignature.java 19 Mar 2004 22:21:51 -0000 1.16 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.16 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.15 2004/03/08 23:51:03 pelle * More improvements on the XMLSignature. Now uses the Transforms properly, References properly. *************** *** 195,199 **** */ - import org.dom4j.DocumentHelper; import org.dom4j.Element; import org.neuclear.commons.crypto.Base64; --- 201,204 ---- *************** *** 213,249 **** * This is the base class of Digital Signatures */ ! public class XMLSignature extends AbstractXMLSigElement { ! /** ! * Creates an Enveloped (Embedded) Signature object based on the given element root ! * ! * @param keypair ! * @param root ! * @throws XMLSecurityException ! */ ! public XMLSignature(final KeyPair keypair, final Element root) throws XMLSecurityException { ! this(keypair, root, true); ! } ! ! ! public XMLSignature(final KeyPair kp, final Element elem, final boolean embedded) throws XMLSecurityException { ! this(kp.getPublic(), new SignedInfo(getSignatureAlgorithm(kp.getPublic()), 1)); ! if (embedded) { ! si.setEnvelopedReference(elem); ! elem.add(getElement()); ! } else ! si.addEnvelopingReference(addDataObject("data", elem)); ! sign(kp); } ! public XMLSignature(final String name, final Signer signer, final Element elem, final boolean embedded) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { this(getPublicKey(name, signer), new SignedInfo(getSignatureAlgorithm(getPublicKey(name, signer)), 1)); - if (embedded) { - si.setEnvelopedReference(elem); - elem.add(getElement()); - } else - si.addEnvelopingReference(addDataObject("data", elem)); - sign(name, signer); - } --- 218,229 ---- * This is the base class of Digital Signatures */ ! abstract public class XMLSignature extends AbstractXMLSigElement { ! protected XMLSignature(final PublicKey pub) throws XMLSecurityException { ! this(pub, new SignedInfo(getSignatureAlgorithm(pub), 1)); } ! protected XMLSignature(final String name, final Signer signer) throws XMLSecurityException, NonExistingSignerException { this(getPublicKey(name, signer), new SignedInfo(getSignatureAlgorithm(getPublicKey(name, signer)), 1)); } *************** *** 257,261 **** } ! public XMLSignature(final KeyPair kp, final SignedInfo si) throws XMLSecurityException, CryptoException { this(kp.getPublic(), si); sign(kp); --- 237,241 ---- } ! protected XMLSignature(final KeyPair kp, final SignedInfo si) throws XMLSecurityException { this(kp.getPublic(), si); sign(kp); *************** *** 263,267 **** ! public XMLSignature(final String name, final Signer signer, final SignedInfo si) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { this(getPublicKey(name, signer), si); sign(name, signer); --- 243,247 ---- ! protected XMLSignature(final String name, final Signer signer, final SignedInfo si) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { this(getPublicKey(name, signer), si); sign(name, signer); *************** *** 276,285 **** * @throws InvalidSignatureException */ ! public XMLSignature(final Element elem) throws XMLSecurityException, InvalidSignatureException { super(elem); final Element siElem = elem.element(XMLSecTools.createQName("SignedInfo")); ! if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); si = new SignedInfo(siElem); KeyInfo key = getKeyInfo(); if (key == null) --- 256,270 ---- * @throws InvalidSignatureException */ ! protected XMLSignature(final Element elem) throws XMLSecurityException, InvalidSignatureException { super(elem); final Element siElem = elem.element(XMLSecTools.createQName("SignedInfo")); ! if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME))) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); + if (siElem == null) + throw new XMLSecurityException("Signature does not contain a SignedInfo element"); si = new SignedInfo(siElem); + + verifyReferencesStructure(); + KeyInfo key = getKeyInfo(); if (key == null) *************** *** 288,292 **** final byte[] sig = getSignature(); final byte[] cansi = si.canonicalize(); ! // System.out.println("Canonicalized:"); // System.out.println(new String(cansi)); // System.out.println("------"); --- 273,277 ---- final byte[] sig = getSignature(); final byte[] cansi = si.canonicalize(); ! // System.out.println("Verifying Canonicalized: "); // System.out.println(new String(cansi)); // System.out.println("------"); *************** *** 300,312 **** } ! public XMLSignature(final Element elem, PublicKey pub) throws XMLSecurityException, InvalidSignatureException { ! super(elem); ! final Element siElem = elem.element(XMLSecTools.createQName("SignedInfo")); ! if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames ! throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! si = new SignedInfo(siElem); ! final byte[] sig = getSignature(); ! if (!si.verify(pub, sig)) ! throw new InvalidSignatureException(pub); } --- 285,295 ---- } ! ! /** ! * This will be called by the constructor with Element parameter ! * Override this for specific Signature models. ! */ ! protected void verifyReferencesStructure() throws InvalidReferencesException { ! ; } *************** *** 315,334 **** } ! private void sign(final KeyPair kp) throws XMLSecurityException { sigval.setText(Base64.encode(si.sign(kp.getPrivate()))); } ! private void sign(final String name, final Signer signer) throws XMLSecurityException, NonExistingSignerException, UserCancellationException { sigval.setText(Base64.encode(si.sign(name, signer))); } - private Element addDataObject(final String id, final Element root) { - final Element objElem = XMLSecTools.createElementInSignatureSpace("Object"); - objElem.addAttribute("Id", id); - DocumentHelper.createDocument(getElement());//As Signature Element is parent we will now add a doc - objElem.add(root); - getElement().add(objElem); - return objElem; - } private static PublicKey getPublicKey(final String name, final Signer signer) throws XMLSecurityException, NonExistingSignerException { --- 298,309 ---- } ! protected void sign(final KeyPair kp) throws XMLSecurityException { sigval.setText(Base64.encode(si.sign(kp.getPrivate()))); } ! protected void sign(final String name, final Signer signer) throws XMLSecurityException, NonExistingSignerException, UserCancellationException { sigval.setText(Base64.encode(si.sign(name, signer))); } private static PublicKey getPublicKey(final String name, final Signer signer) throws XMLSecurityException, NonExistingSignerException { *************** *** 376,380 **** } ! private SignedInfo si; private Element sigval; private KeyInfo ki; --- 351,359 ---- } ! public final Element getPrimaryReferenceElement() { ! return si.getPrimaryReferenceElement(); ! } ! ! protected SignedInfo si; private Element sigval; private KeyInfo ki; --- NEW FILE: AnyXMLSignature.java --- package org.neuclear.xml.xmlsec; import org.dom4j.Element; /** * This is the most general form of a XMLSignature. It doesnt check for the references it only checks to see if a * the signature is valid. As such this should NEVER be used in anything but applications that check for interoperabiity. */ public class AnyXMLSignature extends XMLSignature { public AnyXMLSignature(Element elem) throws XMLSecurityException, InvalidSignatureException { super(XMLSecTools.getSignatureElement(elem)); } } Index: AbstractXMLSigElement.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/AbstractXMLSigElement.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** AbstractXMLSigElement.java 11 Dec 2003 23:56:53 -0000 1.3 --- AbstractXMLSigElement.java 19 Mar 2004 22:21:51 -0000 1.4 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.4 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.3 2003/12/11 23:56:53 pelle * Trying to test the ReceiverServlet with cactus. Still no luck. Need to return a ElementProxy of some sort. *************** *** 52,55 **** --- 58,63 ---- protected AbstractXMLSigElement(final Element elem) throws XMLSecurityException { super(elem); + if (elem == null) + throw new XMLSecurityException("Null Element Passed"); if (!elem.getNamespaceURI().equalsIgnoreCase(XMLSecTools.NS_DS.getURI())) throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not part of XML NS: " + XMLSecTools.NS_DS.getURI()); --- NEW FILE: EnvelopedSignature.java --- package org.neuclear.xml.xmlsec; import org.dom4j.Element; import org.neuclear.commons.Utility; import org.neuclear.commons.crypto.passphraseagents.UserCancellationException; import org.neuclear.commons.crypto.signers.NonExistingSignerException; import org.neuclear.commons.crypto.signers.Signer; import java.security.KeyPair; import java.util.List; /** * This is a standard Enveloped Signature with only one Reference object. */ public class EnvelopedSignature extends XMLSignature { public EnvelopedSignature(Element elem) throws XMLSecurityException, InvalidSignatureException { super(XMLSecTools.getSignatureElement(elem)); } public EnvelopedSignature(String name, Signer signer, Element elem) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { super(name, signer); si.setEnvelopedReference(elem); elem.add(getElement()); sign(name, signer); } public EnvelopedSignature(KeyPair kp, Element elem) throws XMLSecurityException { super(kp.getPublic()); si.setEnvelopedReference(elem); elem.add(getElement()); sign(kp); } protected void verifyReferencesStructure() throws InvalidReferencesException { List refs = si.getReferences(); if (refs.size() != 1) throw new InvalidReferencesException(refs.size()); if (!Utility.isEmpty(si.getPrimaryReference().getUri())) throw new InvalidReferencesException(); } } Index: SignedElement.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/SignedElement.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** SignedElement.java 8 Mar 2004 23:51:03 -0000 1.11 --- SignedElement.java 19 Mar 2004 22:21:51 -0000 1.12 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.12 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.11 2004/03/08 23:51:03 pelle * More improvements on the XMLSignature. Now uses the Transforms properly, References properly. *************** *** 158,162 **** public abstract class SignedElement extends AbstractElementProxy { ! private XMLSignature sig; public SignedElement(final QName qname) { --- 164,168 ---- public abstract class SignedElement extends AbstractElementProxy { ! private EnvelopedSignature sig; public SignedElement(final QName qname) { *************** *** 169,173 **** if (sigElement != null) try { ! sig = new XMLSignature(sigElement); } catch (XMLException e) { throw new XMLSecurityException(e); --- 175,179 ---- if (sigElement != null) try { ! sig = new EnvelopedSignature(sigElement); } catch (XMLException e) { throw new XMLSecurityException(e); *************** *** 223,228 **** public boolean verify() throws XMLSecurityException { try { ! sig = new XMLSignature(getElement().element(XMLSecTools.createQName("Signature"))); return true; } catch (InvalidSignatureException e) { return false; --- 229,237 ---- public boolean verify() throws XMLSecurityException { try { ! if (sig == null) ; ! sig = new EnvelopedSignature(getElement()); ! return true; + } catch (InvalidSignatureException e) { return false; *************** *** 232,236 **** public final void sign(final String name, final Signer signer) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { preSign(); ! sig = new XMLSignature(name, signer, getElement(), true); postSign(); } --- 241,245 ---- public final void sign(final String name, final Signer signer) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { preSign(); ! sig = new EnvelopedSignature(name, signer, getElement()); postSign(); } Index: SignedInfo.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/SignedInfo.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** SignedInfo.java 18 Mar 2004 21:31:33 -0000 1.4 --- SignedInfo.java 19 Mar 2004 22:21:51 -0000 1.5 *************** *** 1,4 **** --- 1,10 ---- /* $Id$ * $Log$ + * Revision 1.5 2004/03/19 22:21:51 pelle + * Changes in the XMLSignature class, which is now Abstract there are currently 3 implementations for: + * - Enveloped + * - DataObjects - (Enveloping) + * - Any for interop testing mainly. + * * Revision 1.4 2004/03/18 21:31:33 pelle * Some fixups in SignedInfo *************** *** 208,214 **** * * @return - * @throws XMLSecurityException */ ! public final List getReferences() throws XMLSecurityException { return Collections.unmodifiableList(refs); } --- 214,219 ---- * * @return */ ! public final List getReferences() { return Collections.unmodifiableList(refs); } *************** *** 219,226 **** * @return */ ! public final Element getPrimaryReference() { return ((Reference) refs.get(0)).getReferencedElement(); } final Canonicalizer getCanonicalizer() { final Element c14elem = getElement().element(XMLSecTools.createQName("CanonicalizationMethod")); --- 224,240 ---- * @return */ ! public final Element getPrimaryReferenceElement() { return ((Reference) refs.get(0)).getReferencedElement(); } + /** + * Returns the first Reference + * + * @return + */ + public final Reference getPrimaryReference() { + return ((Reference) refs.get(0)); + } + final Canonicalizer getCanonicalizer() { final Element c14elem = getElement().element(XMLSecTools.createQName("CanonicalizationMethod")); *************** *** 252,257 **** public final byte[] canonicalize() throws XMLSecurityException { ! return XMLSecTools.canonicalize(getCanonicalizer(), getElement()); ! } /** --- 266,271 ---- public final byte[] canonicalize() throws XMLSecurityException { ! return getCanonicalizer().canonicalize(getElement()); ! }; /** *************** *** 264,268 **** public final byte[] sign(PrivateKey key) throws XMLSecurityException { try { ! return CryptoTools.sign(key, canonicalize()); } catch (CryptoException e) { throw new XMLSecurityException(e); --- 278,287 ---- public final byte[] sign(PrivateKey key) throws XMLSecurityException { try { ! final byte[] cansi = canonicalize(); ! System.out.println("Signing Canonicalized:"); ! System.out.println(new String(cansi)); ! System.out.println("------"); ! ! return CryptoTools.sign(key, cansi); } catch (CryptoException e) { throw new XMLSecurityException(e); --- NEW FILE: DataObjectSignature.java --- package org.neuclear.xml.xmlsec; import org.dom4j.DocumentHelper; import org.dom4j.Element; import org.neuclear.commons.Utility; import org.neuclear.commons.crypto.passphraseagents.UserCancellationException; import org.neuclear.commons.crypto.signers.NonExistingSignerException; import org.neuclear.commons.crypto.signers.Signer; import java.security.KeyPair; import java.util.List; /** * This is a standard Enveloped Signature with only one Reference object. */ public class DataObjectSignature extends XMLSignature { public DataObjectSignature(Element elem) throws XMLSecurityException, InvalidSignatureException { super(elem); } public DataObjectSignature(String name, Signer signer, Element elem) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { super(name, signer); si.addEnvelopingReference(addDataObject("data", elem)); sign(name, signer); } public DataObjectSignature(KeyPair kp, Element elem) throws XMLSecurityException { super(kp.getPublic()); si.addEnvelopingReference(addDataObject("data", elem)); sign(kp); } protected void verifyReferencesStructure() throws InvalidReferencesException { List refs = si.getReferences(); if (refs.size() != 1) throw new InvalidReferencesException(refs.size()); if (Utility.isEmpty(si.getPrimaryReference().getUri())) throw new InvalidReferencesException(); } private Element addDataObject(final String id, final Element root) { final Element objElem = XMLSecTools.createElementInSignatureSpace("Object"); objElem.addAttribute("Id", id); DocumentHelper.createDocument(getElement());//As Signature Element is parent we will now add a doc objElem.add(root); getElement().add(objElem); return objElem; } } |
