Java源码示例:org.apache.xml.security.signature.Reference
示例1
/**
* Validate an instance of {@link SignatureImpl}, which is in turn based on underlying Apache XML Security
* <code>XMLSignature</code> instance.
*
* @param sigImpl the signature implementation object to validate
* @throws ValidationException thrown if the signature is not valid with respect to the profile
*/
protected void validateSignatureImpl(SignatureImpl sigImpl) throws ValidationException {
if (sigImpl.getXMLSignature() == null) {
log.error("SignatureImpl did not contain the an Apache XMLSignature child");
throw new ValidationException("Apache XMLSignature does not exist on SignatureImpl");
}
XMLSignature apacheSig = sigImpl.getXMLSignature();
if (!(sigImpl.getParent() instanceof SignableSAMLObject)) {
log.error("Signature is not an immedidate child of a SignableSAMLObject");
throw new ValidationException("Signature is not an immediate child of a SignableSAMLObject.");
}
SignableSAMLObject signableObject = (SignableSAMLObject) sigImpl.getParent();
Reference ref = validateReference(apacheSig);
String uri = ref.getURI();
validateReferenceURI(uri, signableObject);
validateTransforms(ref);
validateObjectChildren(apacheSig);
}
示例2
/**
* Validate the Signature's SignedInfo Reference.
*
* The SignedInfo must contain exactly 1 Reference.
*
* @param apacheSig the Apache XML Signature instance
* @return the valid Reference contained within the SignedInfo
* @throws ValidationException thrown if the Signature does not contain exactly 1 Reference, or if there is an error
* obtaining the Reference instance
*/
protected Reference validateReference(XMLSignature apacheSig) throws ValidationException {
int numReferences = apacheSig.getSignedInfo().getLength();
if (numReferences != 1) {
log.error("Signature SignedInfo had invalid number of References: " + numReferences);
throw new ValidationException("Signature SignedInfo must have exactly 1 Reference element");
}
Reference ref = null;
try {
ref = apacheSig.getSignedInfo().item(0);
} catch (XMLSecurityException e) {
log.error("Apache XML Security exception obtaining Reference", e);
throw new ValidationException("Could not obtain Reference from Signature/SignedInfo", e);
}
if (ref == null) {
log.error("Signature Reference was null");
throw new ValidationException("Signature Reference was null");
}
return ref;
}
示例3
@Override
public void addReference(Reference r) throws CannotAddDataToDigestInputException
{
if (null == r)
{
throw new NullPointerException();
}
try
{
XMLSignatureInput refData = r.getContentsAfterTransformation();
addToDigestInput(refData, r.getDocument());
} catch (XMLSignatureException ex)
{
throw new CannotAddDataToDigestInputException(ex);
}
}
示例4
/**
* Checks if all the transforms in a ds:Reference are canonicalization transforms.
* @param r the reference
* @return true if all transforms are c14n, false otherwise.
* @throws XMLSecurityException
*/
public static boolean allTransformsAreC14N(Reference r) throws XMLSecurityException
{
Transforms transforms = r.getTransforms();
try
{
for (int i = 0; i < transforms.getLength(); ++i)
{
Canonicalizer.getInstance(transforms.item(i).getURI());
}
return true;
}
catch (InvalidCanonicalizerException ex)
{
return false;
}
}
示例5
@Override
protected BaseXAdESTimeStampData createPropDataObj(
IndividualDataObjsTimeStampProperty prop,
Algorithm c14n,
TimeStampTokenRes tsTknRes,
PropertiesDataGenerationContext ctx)
{
Collection<DataObjectDesc> targetDataObjs = prop.getTargetDataObjects();
Map<DataObjectDesc, Reference> refsMaps = ctx.getReferencesMappings();
List<String> includes = new ArrayList<String>(targetDataObjs.size());
for (DataObjectDesc dataObj : targetDataObjs)
{
Reference r = refsMaps.get(dataObj);
includes.add('#' + r.getId());
}
prop.setTime(tsTknRes.timeStampTime);
return new IndividualDataObjsTimeStampData(c14n, includes, tsTknRes.encodedTimeStampToken);
}
示例6
/**
* A simple constructor to be used when only unsigned signature properties
* will be processed.
* @param targetXmlSignature the target signature
* @param algorithmsProvider algorithms in use
*/
PropertiesDataGenerationContext(XMLSignature targetXmlSignature) throws XAdES4jXMLSigException
{
this.targetXmlSignature = targetXmlSignature;
this.sigDocument = targetXmlSignature.getDocument();
this.referencesMappings = null;
SignedInfo signedInfo = targetXmlSignature.getSignedInfo();
List<Reference> refs = new ArrayList<Reference>(signedInfo.getLength());
for (int i = 0; i < signedInfo.getLength(); i++)
{
try
{
refs.add(signedInfo.item(i));
} catch (XMLSecurityException ex)
{
throw new XAdES4jXMLSigException(String.format("Cannot process the %dth reference", i), ex);
}
}
this.references = Collections.unmodifiableList(refs);
}
示例7
/**
* @param orderedDataObjs
* @param referencesMappings should be unmodifiable
* @param elemInSigDoc
* @param algorithmsProvider
*/
PropertiesDataGenerationContext(
Collection<DataObjectDesc> orderedDataObjs,
Map<DataObjectDesc, Reference> referencesMappings,
Document sigDocument)
{
this.referencesMappings = referencesMappings;
this.sigDocument = sigDocument;
List<Reference> orderedRefs = new ArrayList<Reference>(orderedDataObjs.size());
for (DataObjectDesc dataObjDesc : orderedDataObjs)
{
orderedRefs.add(referencesMappings.get(dataObjDesc));
}
this.references = Collections.unmodifiableList(orderedRefs);
}
示例8
@Test
public void testAddNullReference() throws Exception
{
System.out.println("addNullReference");
Document doc = SignatureServicesTestBase.getNewDocument();
SignedDataObjects dataObjsDescs = new SignedDataObjects()
.withSignedDataObject(new AnonymousDataObjectReference("data".getBytes()));
XMLSignature xmlSignature = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
xmlSignature.setId("sigId");
SignedDataObjectsProcessor processor = new SignedDataObjectsProcessor(new TestAlgorithmsProvider(), new AllwaysNullAlgsParamsMarshaller());
Map<DataObjectDesc, Reference> result = processor.process(dataObjsDescs, xmlSignature);
assertEquals(1, result.size());
assertEquals(0, xmlSignature.getObjectLength());
assertEquals(1, xmlSignature.getSignedInfo().getLength());
Reference r = xmlSignature.getSignedInfo().item(0);
assertNull(r.getElement().getAttributeNodeNS(Constants.SignatureSpecNS, "URI"));
}
示例9
/**
* Checks if the given {@value reference} is an occurrence of signed object
* @param reference - Reference to check
* @param signature - Signature, containing the given {@value reference}
* @return - TRUE if the given {@value reference} is a signed object, FALSE otherwise
*/
private static boolean isReferenceLinkedToDocument(Reference reference, XAdESSignature signature) {
String referenceType = reference.getType();
// if type is not declared
if (Utils.isStringEmpty(referenceType)) {
String referenceUri = reference.getURI();
referenceUri = DomUtils.getId(referenceUri);
Element element = DomUtils.getElement(signature.getSignatureElement(), "./*" + DomUtils.getXPathByIdAttribute(referenceUri));
if (element == null) { // if element is out of the signature node, it is a document
return true;
} else { // otherwise not a document
return false;
}
// if type refers to object or manifest - it is a document
} else if (DSSXMLUtils.isObjectReferenceType(referenceType) || DSSXMLUtils.isManifestReferenceType(referenceType) ||
DSSXMLUtils.isCounterSignatureReferenceType(referenceType)) {
return true;
// otherwise not a document
} else {
return false;
}
}
示例10
private List<DSSReference> buildReferences(DSSDocument document, List<DSSTransform> transforms) {
DSSReference ref1 = new DSSReference();
ref1.setContents(document);
ref1.setId("r-" + document.getName());
ref1.setTransforms(transforms);
ref1.setType(Reference.OBJECT_URI);
ref1.setUri('#' + document.getName());
ref1.setDigestMethodAlgorithm(DigestAlgorithm.SHA256);
List<DSSReference> refs = new ArrayList<>();
refs.add(ref1);
return refs;
}
示例11
@Override
protected void addPropSpecificTimeStampInput(
IndividualDataObjsTimeStampProperty prop,
TimeStampDigestInput digestInput,
PropertiesDataGenerationContext ctx) throws CannotAddDataToDigestInputException
{
Collection<DataObjectDesc> targetDataObjs = prop.getTargetDataObjects();
Map<DataObjectDesc, Reference> refsMaps = ctx.getReferencesMappings();
for (DataObjectDesc dataObj : targetDataObjs)
{
Reference r = refsMaps.get(dataObj);
digestInput.addReference(r);
}
}
示例12
@Override
protected void addPropSpecificTimeStampInput(
AllDataObjsTimeStampProperty prop,
TimeStampDigestInput digestInput,
PropertiesDataGenerationContext ctx) throws CannotAddDataToDigestInputException
{
List<Reference> refs = ctx.getReferences();
for (Reference r : refs)
{
digestInput.addReference(r);
}
}
示例13
@Override
public PropertyDataObject generatePropertyData(
CommitmentTypeProperty prop,
PropertiesDataGenerationContext ctx)
{
CommitmentTypeData commTypeData = new CommitmentTypeData(
prop.getUri(),
prop.getDescription());
/* One ObjectReference element refers to one ds:Reference element of the
* ds:SignedInfo corresponding with one data object qualified by this
* property. If some but not all the signed data objects share the same
* commitment, one ObjectReference element MUST appear for each one of
* them. However, if all the signed data objects share the same commitment,
* the AllSignedDataObjects empty element MUST be present.
*/
Collection<DataObjectDesc> targets = prop.getTargetDataObjects();
Map<DataObjectDesc, Reference> referencesMappings = ctx.getReferencesMappings();
for (DataObjectDesc obj : targets)
{
// The ObjectReference refers the Reference element. This assumes
// that the QualifyingProperties are in the signature's document.
commTypeData.addObjReferences('#' + referencesMappings.get(obj).getId());
}
commTypeData.setQualifiers(prop.getQualifiers());
return commTypeData;
}
示例14
ReferencesRes(
List<RawDataObjectDesc> dataObjsReferences,
Reference signedPropsReference)
{
this.dataObjsReferences = Collections.unmodifiableList(dataObjsReferences);
this.signedPropsReference = signedPropsReference;
}
示例15
static void checkSignedPropertiesIncorporation(Element qualifyingPropsElem, Reference signedPropsRef) throws QualifyingPropertiesIncorporationException
{
Element signedPropsElem = DOMHelper.getFirstChildElement(qualifyingPropsElem);
if (signedPropsElem == null
|| !signedPropsElem.getLocalName().equals(QualifyingProperty.SIGNED_PROPS_TAG)
|| !signedPropsElem.getNamespaceURI().equals(QualifyingProperty.XADES_XMLNS))
{
throw new QualifyingPropertiesIncorporationException("SignedProperties not found as the first child of QualifyingProperties.");
}
DOMHelper.useIdAsXmlId(signedPropsElem);
// Only QualifyingProperties in the signature's document are supported.
// XML-DSIG 4.3.3.2: "a same-document reference is defined as a URI-Reference
// that consists of a hash sign ('#') followed by a fragment"
if (!signedPropsRef.getURI().startsWith("#"))
{
throw new QualifyingPropertiesIncorporationException("Only QualifyingProperties in the signature's document are supported");
}
try
{
Node sPropsNode = signedPropsRef.getNodesetBeforeFirstCanonicalization().getSubNode();
if (sPropsNode == null || sPropsNode.getNodeType() != Node.ELEMENT_NODE)
{
throw new QualifyingPropertiesIncorporationException("The supposed reference over signed properties doesn't cover an element.");
}
// The referenced signed properties element must be the child of qualifying properties.
Element referencedSignedPropsElem = (Element) sPropsNode;
if (referencedSignedPropsElem != signedPropsElem)
{
throw new QualifyingPropertiesIncorporationException("The referenced SignedProperties are not contained by the proper QualifyingProperties element");
}
} catch (XMLSignatureException ex)
{
throw new QualifyingPropertiesIncorporationException("Cannot get the referenced SignedProperties", ex);
}
}
示例16
public DataObjectFormatMismatchException(
String mimeType, String encoding,
Reference ref, ObjectContainer obj)
{
this.mimeType = mimeType;
this.encoding = encoding;
this.reference = ref;
this.object = obj;
}
示例17
@Test
public void testProcess() throws Exception
{
System.out.println("process");
Document doc = getNewDocument();
SignedDataObjects dataObjsDescs = new SignedDataObjects()
.withSignedDataObject(new DataObjectReference("uri").withTransform(new EnvelopedSignatureTransform()))
.withSignedDataObject(new EnvelopedXmlObject(doc.createElement("test1")))
.withSignedDataObject(new EnvelopedXmlObject(doc.createElement("test2"), "text/xml", null));
XMLSignature xmlSignature = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
xmlSignature.setId("sigId");
AllwaysNullAlgsParamsMarshaller algsParamsMarshaller = new AllwaysNullAlgsParamsMarshaller();
SignedDataObjectsProcessor processor = new SignedDataObjectsProcessor(new TestAlgorithmsProvider(), algsParamsMarshaller);
Map<DataObjectDesc, Reference> result = processor.process(dataObjsDescs, xmlSignature);
assertEquals(dataObjsDescs.getDataObjectsDescs().size(), result.size());
assertEquals(2, xmlSignature.getObjectLength());
assertEquals(xmlSignature.getSignedInfo().getLength(), dataObjsDescs.getDataObjectsDescs().size());
assertEquals(1, algsParamsMarshaller.getInvokeCount());
Reference ref = xmlSignature.getSignedInfo().item(0);
assertEquals(1, ref.getTransforms().getLength());
ObjectContainer obj = xmlSignature.getObjectItem(1);
assertEquals("text/xml", obj.getMimeType());
assertTrue(StringUtils.isNullOrEmptyString(obj.getEncoding()));
}
示例18
@Override
public DSSDocument getContentTimestampData(final TimestampToken timestampToken) {
final TimestampType timeStampType = timestampToken.getTimeStampType();
if (!timeStampType.isContentTimestamp()) {
return null;
}
if (!checkTimestampTokenIncludes(timestampToken)) {
throw new DSSException("The Included referencedData attribute is either not present or set to false!");
}
if (references.isEmpty()) {
throw new DSSException("The method 'checkSignatureIntegrity' must be invoked first!");
}
final String canonicalizationMethod = timestampToken.getCanonicalizationMethod();
final List<TimestampInclude> includes = timestampToken.getTimestampIncludes();
try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
for (final Reference reference : references) {
if (isContentTimestampedReference(reference, timeStampType, includes)) {
byte[] referenceBytes = getReferenceBytes(reference, canonicalizationMethod);
outputStream.write(referenceBytes);
}
}
byte[] byteArray = outputStream.toByteArray();
if (LOG.isTraceEnabled()) {
LOG.trace("IndividualDataObjectsTimestampData/AllDataObjectsTimestampData bytes: {}", new String(byteArray));
}
return new InMemoryDocument(byteArray);
} catch (IOException | XMLSecurityException e) {
if (LOG.isDebugEnabled()) {
LOG.warn("Unable to extract IndividualDataObjectsTimestampData/AllDataObjectsTimestampData. Reason : {}", e.getMessage(), e);
} else {
LOG.warn("Unable to extract IndividualDataObjectsTimestampData/AllDataObjectsTimestampData. Reason : {}", e.getMessage());
}
}
return null;
}
示例19
private byte[] getReferenceBytes(final Reference reference, final String canonicalizationMethod) throws XMLSecurityException {
byte[] referencedBytes = reference.getReferencedBytes();
if (DomUtils.isDOM(referencedBytes)) {
referencedBytes = DSSXMLUtils.canonicalize(canonicalizationMethod, referencedBytes);
}
if (LOG.isTraceEnabled()) {
LOG.trace("ReferencedBytes : {}", new String(referencedBytes));
}
return referencedBytes;
}
示例20
private boolean isContentTimestampedReference(Reference reference, TimestampType timeStampType, List<TimestampInclude> includes) {
if (TimestampType.ALL_DATA_OBJECTS_TIMESTAMP.equals(timeStampType)) {
// All references are covered except the one referencing the SignedProperties
return !DSSXMLUtils.isSignedProperties(reference, xadesPaths);
} else {
for (TimestampInclude timestampInclude : includes) {
String id = timestampInclude.getURI();
if (reference.getId().equals(id)) {
return true;
}
}
return false;
}
}
示例21
private void writeReferenceBytes(final Reference reference, ByteArrayOutputStream buffer) throws IOException {
try {
final byte[] referencedBytes = reference.getReferencedBytes();
if (referencedBytes != null) {
buffer.write(referencedBytes);
} else {
throw new DSSException(String.format("No binaries found for URI '%s'", reference.getURI()));
}
} catch (XMLSecurityException e) {
throw new DSSException(String.format("Unable to retrieve content for URI '%s' : %s", reference.getURI(), e.getMessage()), e);
}
}
示例22
private void extractReferences() {
references = new ArrayList<>();
final XMLSignature currentSantuarioSignature = getSantuarioSignature();
final SignedInfo signedInfo = currentSantuarioSignature.getSignedInfo();
final int numberOfReferences = signedInfo.getLength();
for (int ii = 0; ii < numberOfReferences; ii++) {
try {
final Reference reference = signedInfo.item(ii);
references.add(reference);
} catch (XMLSecurityException e) {
LOG.warn("Unable to retrieve reference #{} : {}", ii, e.getMessage());
}
}
}
示例23
private void initDetachedSignatureResolvers(List<DSSDocument> detachedContents) {
List<Reference> currentReferences = getReferences();
for (Reference reference : currentReferences) {
try {
DigestAlgorithm digestAlgorithm = DigestAlgorithm.forXML(reference.getMessageDigestAlgorithm().getAlgorithmURI());
santuarioSignature
.addResourceResolver(new DetachedSignatureResolver(detachedContents, digestAlgorithm));
} catch (XMLSignatureException e) {
LOG.warn("Unable to retrieve reference digest algorithm {}", reference.getId(), e);
}
}
}
示例24
@Override
protected List<TimestampedReference> getIndividualContentTimestampedReferences(XAdESAttribute signedAttribute) {
List<TimestampInclude> includes = signedAttribute.getTimestampIncludedReferences();
List<TimestampedReference> timestampReferences = new ArrayList<>();
for (Reference reference : references) {
if (isContentTimestampedReference(reference, includes)) {
for (SignatureScope signatureScope : signatureScopes) {
if (Utils.endsWithIgnoreCase(reference.getURI(), signatureScope.getName())) {
addReference(timestampReferences, new TimestampedReference(signatureScope.getDSSIdAsString(), TimestampedObjectType.SIGNED_DATA));
}
}
}
}
return timestampReferences;
}
示例25
private boolean isContentTimestampedReference(Reference reference, List<TimestampInclude> includes) {
for (TimestampInclude timestampInclude : includes) {
if (reference.getId().equals(timestampInclude.getURI())) {
return true;
}
}
return false;
}
示例26
/**
* Returns list of original signed documents
* @param signature [{@link XAdESSignature} to find signed documents for
* @return list of {@link DSSDocument}s
*/
public static List<DSSDocument> getSignerDocuments(XAdESSignature signature) {
List<DSSDocument> result = new ArrayList<>();
SignatureCryptographicVerification signatureCryptographicVerification = signature.getSignatureCryptographicVerification();
if (!signatureCryptographicVerification.isSignatureValid()) {
return result;
}
List<Reference> references = signature.getReferences();
if (Utils.isCollectionNotEmpty(references)) {
for (Reference reference : references) {
try {
if (isReferenceLinkedToDocument(reference, signature)) {
DSSDocument referenceDocument = getReferenceDocument(reference, signature);
if (referenceDocument != null) {
result.add(referenceDocument);
}
}
} catch (DSSException e) {
LOG.warn("Not able to extract an original content for a reference with name '{}' and URI '{}'. "
+ "Reason : {}", reference.getId(), reference.getURI(), e.getMessage());
}
}
}
return result;
}
示例27
private static DSSDocument getReferenceDocument(Reference reference, XAdESSignature signature) {
if (reference.typeIsReferenceToObject()) {
List<Element> signatureObjects = signature.getSignatureObjects();
for (Element sigObject : signatureObjects) {
Node referencedObject = sigObject;
String objectId = sigObject.getAttribute("Id");
if (Utils.endsWithIgnoreCase(reference.getURI(), objectId)) {
if (reference.typeIsReferenceToObject() && sigObject.hasChildNodes()) {
referencedObject = sigObject.getFirstChild();
}
byte[] bytes = DSSXMLUtils.getNodeBytes(referencedObject);
if (bytes != null) {
return new InMemoryDocument(bytes, objectId);
}
}
}
}
// if not an object or object has not been found
try {
byte[] referencedBytes = reference.getReferencedBytes();
if (referencedBytes != null) {
return new InMemoryDocument(referencedBytes, reference.getURI());
}
LOG.warn("Reference bytes returned null value : {}", reference.getId());
} catch (Exception e) {
LOG.warn("Unable to retrieve reference {}. Reason : {}", reference.getId(), e.getMessage(), e);
}
if (LOG.isDebugEnabled()) {
LOG.debug("A referenced document not found for a reference with Id : [{}]", reference.getId());
}
return null;
}
示例28
/**
* Returns bytes of the original referenced data
* @param reference {@link Reference} to get bytes from
* @return byte array containing original data
*/
public static byte[] getReferenceOriginalContentBytes(Reference reference) {
try {
// returns bytes after transformation in case of enveloped signature
Transforms transforms = reference.getTransforms();
if (transforms != null) {
Element transformsElement = transforms.getElement();
NodeList transformChildNodes = transformsElement.getChildNodes();
if (transformChildNodes != null && transformChildNodes.getLength() > 0) {
for (int i = 0; i < transformChildNodes.getLength(); i++) {
Node transformation = transformChildNodes.item(i);
if (isEnvelopedTransform(transformation)) {
return reference.getReferencedBytes();
}
// if enveloped transformations are not applied to the signature go further and
// return bytes before transformation
}
}
}
} catch (XMLSecurityException | XMLSecurityRuntimeException e) {
// if exception occurs during the transformations
LOG.warn("Signature reference with id [{}] is corrupted or has an invalid format. "
+ "Original data cannot be obtained. Reason: [{}]", reference.getId(), e.getMessage());
}
// otherwise bytes before transformation
return getBytesBeforeTransformation(reference);
}
示例29
/**
* Checks if the given reference is linked to a KeyInfo element
*
* @param reference
* the {@link Reference} to check
* @param signature
* the {@link Element} signature the given reference belongs to
* @return TRUE if the reference is a KeyInfo reference, FALSE otherwise
*/
public static boolean isKeyInfoReference(final Reference reference, final Element signature) {
String uri = reference.getURI();
uri = DomUtils.getId(uri);
Element element = DomUtils.getElement(signature, XMLDSigPaths.KEY_INFO_PATH + DomUtils.getXPathByIdAttribute(uri));
if (element != null) {
return true;
}
return false;
}
示例30
private String extractUri(Reference reference) {
if (reference != null) {
Element element = reference.getElement();
if (element != null) {
return DSSXMLUtils.getAttribute(element, XMLDSigAttribute.URI.getAttributeName());
}
}
return null;
}
