Example usage for javax.xml.crypto.dsig Reference getTransforms

List of usage examples for javax.xml.crypto.dsig Reference getTransforms

  1. HOME
  2. Java
  3. javax
  4. javax.xml.crypto.dsig.*
  5. Reference
  6. getTransforms

Introduction

In this page you can find the example usage for javax.xml.crypto.dsig Reference getTransforms.

Prototype

List<Transform> getTransforms();

Source Link

Document

Returns an java.util.Collections#unmodifiableList unmodifiable list of Transform s that are contained in this Reference.

Usage

From source file:com.vmware.identity.sts.ws.SignatureValidator.java

/**
 * Validate the signature reference transforms are as expected.
 * (Only the exclusive canonicalization transform is supported).
 *
 * @param reference signature reference to validate the transforms of.
 * @throws XMLSignatureException when validation fails.
 *///from   w w  w.  j  av a 2  s .  c  om
private void validateReferenceTransforms(Reference reference) throws XMLSignatureException {
    assert reference != null;

    List<Transform> transforms = reference.getTransforms();
    if ((transforms != null) && (transforms.size() > 1)) {
        throw new XMLSignatureException(
                "Unexpected number of transforms. Only an exclusive canonicalization is supported.");
    } else if ((transforms != null) && (transforms.size() > 0)
            && (!CanonicalizationMethod.EXCLUSIVE.equals(transforms.get(0).getAlgorithm()))) {
        throw new XMLSignatureException(
                String.format("Unexpected Transform '%s'. Only an exclusive canonicalization is supported.",
                        transforms.get(0).getAlgorithm()));
    }
}

From source file:org.apache.jcp.xml.dsig.internal.dom.DOMReference.java

@Override
public boolean equals(Object o) {
    if (this == o) {
        return true;
    }//from  w ww. j  a  v a 2s. co  m

    if (!(o instanceof Reference)) {
        return false;
    }
    Reference oref = (Reference) o;

    boolean idsEqual = (id == null ? oref.getId() == null : id.equals(oref.getId()));
    boolean urisEqual = (uri == null ? oref.getURI() == null : uri.equals(oref.getURI()));
    boolean typesEqual = (type == null ? oref.getType() == null : type.equals(oref.getType()));
    boolean digestValuesEqual = Arrays.equals(digestValue, oref.getDigestValue());

    return digestMethod.equals(oref.getDigestMethod()) && idsEqual && urisEqual && typesEqual
            && allTransforms.equals(oref.getTransforms()) && digestValuesEqual;
}

From source file:org.apache.juddi.v3.client.cryptor.DigSigUtil.java

private boolean verifySignature(Element element, PublicKey validatingKey,
        AtomicReference<String> OutReadableErrorMessage) {
    if (OutReadableErrorMessage == null) {
        OutReadableErrorMessage = new AtomicReference<String>();
    }//from   w  w w. j a  va2s  .c o m
    XMLSignatureFactory fac = initXMLSigFactory();
    NodeList nl = element.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    if (nl.getLength() == 0) {
        throw new RuntimeException("Cannot find Signature element");
    }
    DOMValidateContext valContext = new DOMValidateContext(validatingKey, nl.item(0));
    try {
        valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        XMLSignature signature = fac.unmarshalXMLSignature(valContext);
        boolean coreValidity = signature.validate(valContext);
        // Check core validation status.
        if (coreValidity == false) {
            logger.warn("Signature failed core validation");
            boolean sv = signature.getSignatureValue().validate(valContext);
            logger.debug("signature validation status: " + sv);
            OutReadableErrorMessage
                    .set("signature validation failed: " + sv + "." + OutReadableErrorMessage.get());
            // Check the validation status of each Reference.
            @SuppressWarnings("unchecked")
            Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
            //System.out.println("---------------------------------------------");
            for (int j = 0; i.hasNext(); j++) {
                Reference ref = (Reference) i.next();
                boolean refValid = ref.validate(valContext);
                logger.debug(j);
                logger.debug("ref[" + j + "] validity status: " + refValid);
                if (!refValid) {
                    OutReadableErrorMessage
                            .set("signature reference " + j + " invalid. " + OutReadableErrorMessage.get());
                }
                logger.debug("Ref type: " + ref.getType() + ", URI: " + ref.getURI());
                for (Object xform : ref.getTransforms()) {
                    logger.debug("Transform: " + xform);
                }
                String calcDigValStr = digestToString(ref.getCalculatedDigestValue());
                String expectedDigValStr = digestToString(ref.getDigestValue());
                logger.warn("    Calc Digest: " + calcDigValStr);
                logger.warn("Expected Digest: " + expectedDigValStr);
                if (!calcDigValStr.equalsIgnoreCase(expectedDigValStr)) {
                    OutReadableErrorMessage.set(
                            "digest mismatch for signature ref " + j + "." + OutReadableErrorMessage.get());
                }
            }
        } else {
            logger.info("Signature passed core validation");
        }
        return coreValidity;
    } catch (Exception e) {
        OutReadableErrorMessage
                .set("signature validation failed: " + e.getMessage() + OutReadableErrorMessage.get());
        logger.fatal(e);
        return false;
    }
}

From source file:org.apache.ws.security.components.crypto.AlgorithmSuiteValidator.java

/**
 * Check the Signature Algorithms/*from w  w w. j a va 2  s  .c  o m*/
 */
public void checkSignatureAlgorithms(XMLSignature xmlSignature) throws WSSecurityException {
    // Signature Algorithm
    String signatureMethod = xmlSignature.getSignedInfo().getSignatureMethod().getAlgorithm();
    checkSignatureMethod(signatureMethod);

    // C14n Algorithm
    String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
    checkC14nAlgorithm(c14nMethod);

    for (Object refObject : xmlSignature.getSignedInfo().getReferences()) {
        Reference reference = (Reference) refObject;
        // Digest Algorithm
        String digestMethod = reference.getDigestMethod().getAlgorithm();
        Set<String> allowedDigestAlgorithms = algorithmSuite.getDigestAlgorithms();
        if (!allowedDigestAlgorithms.isEmpty() && !allowedDigestAlgorithms.contains(digestMethod)) {
            LOG.debug("DigestMethod " + digestMethod + " does not match required value");
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
        }

        // Transform Algorithms
        for (int i = 0; i < reference.getTransforms().size(); i++) {
            Transform transform = (Transform) reference.getTransforms().get(i);
            String algorithm = transform.getAlgorithm();
            Set<String> allowedTransformAlgorithms = algorithmSuite.getTransformAlgorithms();
            if (!allowedTransformAlgorithms.isEmpty() && !allowedTransformAlgorithms.contains(algorithm)) {
                LOG.debug("Transform method " + algorithm + " does not match required value");
                throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
            }
        }
    }
}