diff options
Diffstat (limited to 'bkucommon/src')
4 files changed, 2266 insertions, 1719 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java index ae4918ce..b64306aa 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java @@ -14,98 +14,105 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.dom.DOMCryptoContext;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.SequenceInputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.URISyntaxException;
-import java.nio.charset.Charset;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
+package at.gv.egiz.bku.slcommands.impl.xsect; + +import iaik.xml.crypto.dom.DOMCryptoContext; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.SequenceInputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.net.URISyntaxException; +import java.nio.charset.Charset; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
-import javax.xml.crypto.dsig.spec.XPathType;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.DOMConfiguration;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-import org.w3c.dom.bootstrap.DOMImplementationRegistry;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSException;
-import org.w3c.dom.ls.LSInput;
-import org.w3c.dom.ls.LSOutput;
-import org.w3c.dom.ls.LSParser;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType;
-import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType;
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dom.DOMStructure; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLObject; +import javax.xml.crypto.dsig.spec.TransformParameterSpec; +import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec; +import javax.xml.crypto.dsig.spec.XPathType; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3._2000._09.xmldsig_.TransformType; +import org.w3._2000._09.xmldsig_.TransformsType; +import org.w3c.dom.DOMConfiguration; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.Text; +import org.w3c.dom.bootstrap.DOMImplementationRegistry; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSException; +import org.w3c.dom.ls.LSInput; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSParser; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType; +import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLRequestException; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.bku.viewer.ValidationException; import at.gv.egiz.bku.viewer.Validator; import at.gv.egiz.bku.viewer.ValidatorFactory; -import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.slbinding.impl.XMLContentType;
-
-/**
- * This class represents a <code>DataObject</code> of an XML-Signature
- * created by the security layer command <code>CreateXMLSignature</code>.
- *
- * @author mcentner
- */
-public class DataObject {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(DataObject.class);
-
- /**
- * DOM Implementation.
- */
- private static final String DOM_LS_3_0 = "LS 3.0";
-
- /**
- * The array of the default preferred MIME type order.
- */
- private static final String[] DEFAULT_PREFFERED_MIME_TYPES =
- new String[] {
+import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.marshal.NamespacePrefix; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; +import at.gv.egiz.slbinding.impl.XMLContentType; +import javax.xml.namespace.NamespaceContext; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +/** + * This class represents a <code>DataObject</code> of an XML-Signature + * created by the security layer command <code>CreateXMLSignature</code>. + * + * @author mcentner + */ +public class DataObject { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(DataObject.class); + + /** + * DOM Implementation. + */ + private static final String DOM_LS_3_0 = "LS 3.0"; + + /** + * The array of the default preferred MIME type order. + */ + private static final String[] DEFAULT_PREFFERED_MIME_TYPES = + new String[] { "text/plain", - "application/xhtml+xml"
+ "application/xhtml+xml" }; /** @@ -149,87 +156,87 @@ public class DataObject { validMimeTypes = mediaTypes; } - /**
- * The DOM implementation used.
- */
- private DOMImplementationLS domImplLS;
-
- /**
- * The signature context.
- */
- private SignatureContext ctx;
-
- /**
- * The Reference for this DataObject.
- */
- private XSECTReference reference;
-
- /**
- * The XMLObject for this DataObject.
- */
- private XMLObject xmlObject;
-
- /**
- * The MIME-Type of the digest input.
- */
- private String mimeType;
-
- /**
- * An optional description of the digest input.
- */
- private String description;
-
- /**
- * Creates a new instance.
- *
- * @param document the document of the target signature
- */
- public DataObject(SignatureContext signatureContext) {
- this.ctx = signatureContext;
-
- DOMImplementationRegistry registry;
- try {
- registry = DOMImplementationRegistry.newInstance();
- } catch (Exception e) {
- log.error("Failed to get DOMImplementationRegistry.", e);
- throw new SLRuntimeException("Failed to get DOMImplementationRegistry.");
- }
-
- domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0);
- if (domImplLS == null) {
- log.error("Failed to get DOMImplementation " + DOM_LS_3_0);
- throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0);
- }
-
- }
-
- /**
- * @return the reference
- */
- public Reference getReference() {
- return reference;
- }
-
- /**
- * @return the xmlObject
- */
- public XMLObject getXmlObject() {
- return xmlObject;
- }
-
- /**
- * @return the mimeType
- */
- public String getMimeType() {
- return mimeType;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
+ /** + * The DOM implementation used. + */ + private DOMImplementationLS domImplLS; + + /** + * The signature context. + */ + private SignatureContext ctx; + + /** + * The Reference for this DataObject. + */ + private XSECTReference reference; + + /** + * The XMLObject for this DataObject. + */ + private XMLObject xmlObject; + + /** + * The MIME-Type of the digest input. + */ + private String mimeType; + + /** + * An optional description of the digest input. + */ + private String description; + + /** + * Creates a new instance. + * + * @param document the document of the target signature + */ + public DataObject(SignatureContext signatureContext) { + this.ctx = signatureContext; + + DOMImplementationRegistry registry; + try { + registry = DOMImplementationRegistry.newInstance(); + } catch (Exception e) { + log.error("Failed to get DOMImplementationRegistry.", e); + throw new SLRuntimeException("Failed to get DOMImplementationRegistry."); + } + + domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0); + if (domImplLS == null) { + log.error("Failed to get DOMImplementation " + DOM_LS_3_0); + throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0); + } + + } + + /** + * @return the reference + */ + public Reference getReference() { + return reference; + } + + /** + * @return the xmlObject + */ + public XMLObject getXmlObject() { + return xmlObject; + } + + /** + * @return the mimeType + */ + public String getMimeType() { + return mimeType; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } public void validateHashDataInput() throws SLViewerException { @@ -293,823 +300,920 @@ public class DataObject { } } -
- /**
- * Configures this DataObject with the information provided within the given
- * <code>sl:DataObjectInfo</code>.
- *
- * @param dataObjectInfo
- * the <code>sl:DataObjectInfo</code>
- *
- * @throws SLCommandException
- * if configuring this DataObject with the information provided in
- * the <code>sl:DataObjectInfo</code> fails.
- * @throws SLRequestException
- * if the information provided in the <code>sl:DataObjectInfo</code>
- * does not conform to the security layer specification.
- * @throws NullPointerException
- * if <code>dataObjectInfo</code> is <code>null</code>
- */
- public void setDataObjectInfo(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException {
-
- Base64XMLLocRefOptRefContentType dataObject = dataObjectInfo.getDataObject();
- String structure = dataObjectInfo.getStructure();
-
- // select and unmarshal an appropriate transformation path if provided
- // and set the final data meta information
- XSECTTransforms transforms = createTransformsAndSetFinalDataMetaInfo(dataObjectInfo.getTransformsInfo());
-
- if ("enveloping".equals(structure)) {
-
- // configure this DataObject as an enveloped DataObject
- setEnvelopedDataObject(dataObject, transforms);
-
- } else if ("detached".equals(structure)) {
-
- // configure this DataObject as an detached DataObject
- setDetachedDataObject(dataObject, transforms);
-
- }
- // other values are not allowed by the schema and are therefore ignored
-
- }
-
- /**
- * Configures this DataObject as an enveloped DataObject with the information
- * provided within the given <code>sl:DataObject</code>.
- *
- * @param dataObject
- * the <code>sl:DataObject</code>
- * @param transforms
- * an optional <code>Transforms</code> element (may be
- * <code>null</code>)
- *
- * @throws SLCommandException
- * if configuring this DataObject with the information provided in
- * the <code>sl:DataObject</code> fails.
- * @throws SLRequestException
- * if the information provided in the <code>sl:DataObject</code>
- * does not conform to the security layer specification.
- * @throws NullPointerException
- * if <code>dataObject</code> is <code>null</code>
- */
- private void setEnvelopedDataObject(
- Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms)
- throws SLCommandException, SLRequestException {
-
- String reference = dataObject.getReference();
- if (reference == null) {
- //
- // case A
- //
- // The Reference attribute is not used; the content of sl:DataObject represents the data object.
- // If the data object is XML-coded (the sl:XMLContent element is used in sl:DataObject), then it
- // must be incorporated in the signature structure as parsed XML.
- //
-
- if (dataObject.getBase64Content() != null) {
-
- log.debug("Adding DataObject (Base64Content) without a reference URI.");
-
- // create XMLObject
- XMLObject xmlObject = createXMLObject(new ByteArrayInputStream(dataObject.getBase64Content()));
-
- setXMLObjectAndReferenceBase64(xmlObject, transforms);
-
- } else if (dataObject.getXMLContent() != null) {
-
- log.debug("Adding DataObject (XMLContent) without a reference URI.");
-
- // create XMLObject
- DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent());
- XMLObject xmlObject = createXMLObject(content);
-
- setXMLObjectAndReferenceXML(xmlObject, transforms);
-
- } else if (dataObject.getLocRefContent() != null) {
-
- log.debug("Adding DataObject (LocRefContent) without a reference URI.");
-
- setEnvelopedDataObject(dataObject.getLocRefContent(), transforms);
-
- } else {
-
- // not allowed
- log.info("XML structure of the command request contains an " +
- "invalid combination of optional elements or attributes. " +
- "DataObject of structure='enveloped' without a reference must contain content.");
- throw new SLRequestException(3003);
-
- }
-
- } else {
-
- if (dataObject.getBase64Content() == null &&
- dataObject.getXMLContent() == null &&
- dataObject.getLocRefContent() == null) {
-
- //
- // case B
- //
- // The Reference attribute contains a URI that must be resolved by the
- // Citizen Card Environment to obtain the data object.
- // The content of sl:DataObject remains empty
- //
-
- log.debug("Adding DataObject from reference URI '" + reference + "'.");
-
- setEnvelopedDataObject(reference, transforms);
-
- } else {
-
- // not allowed
- log.info("XML structure of the command request contains an " +
- "invalid combination of optional elements or attributes. " +
- "DataObject of structure='enveloped' with reference must not contain content.");
- throw new SLRequestException(3003);
-
- }
-
-
- }
-
- }
-
- /**
- * Configures this DataObject as an enveloped DataObject with the content to
- * be dereferenced from the given <code>reference</code>.
- *
- * @param reference
- * the <code>reference</code> URI
- * @param transforms
- * an optional <code>Transforms</code> element (may be
- * <code>null</code>)
- *
- * @throws SLCommandException
- * if dereferencing the given <code>reference</code> fails, or if
- * configuring this DataObject with the data dereferenced from the
- * given <code>reference</code> fails.
- * @throws NullPointerException
- * if <code>reference</code> is <code>null</code>
- */
- private void setEnvelopedDataObject(String reference, XSECTTransforms transforms) throws SLCommandException {
-
- if (reference == null) {
- throw new NullPointerException("Argument 'reference' must not be null.");
- }
-
- // dereference URL
- URLDereferencer dereferencer = URLDereferencer.getInstance();
-
- StreamData streamData;
- try {
- streamData = dereferencer.dereference(reference, ctx.getDereferencerContext());
- } catch (IOException e) {
- log.info("Failed to dereference XMLObject from '" + reference + "'.", e);
- throw new SLCommandException(4110);
- }
-
- Node childNode;
-
- String contentType = streamData.getContentType();
- if (contentType.startsWith("text/xml")) {
-
- // If content type is text/xml parse content.
- String charset = HttpUtil.getCharset(contentType, true);
-
- Document doc = parseDataObject(streamData.getStream(), charset);
-
- childNode = doc.getDocumentElement();
-
- if (childNode == null) {
- log.info("Failed to parse XMLObject from '" + reference + "'.");
- throw new SLCommandException(4111);
- }
-
- XMLObject xmlObject = createXMLObject(childNode);
-
- setXMLObjectAndReferenceXML(xmlObject, transforms);
-
- } else {
-
- // Include content Base64 encoded.
- XMLObject xmlObject = createXMLObject(streamData.getStream());
-
- setXMLObjectAndReferenceBase64(xmlObject, transforms);
-
- }
-
- }
-
- /**
- * Configures this DataObject as an detached DataObject with the information
- * provided in the given <code>sl:DataObject</code> and optionally
- * <code>transforms</code>.
- *
- * @param dataObject
- * the <code>sl:DataObject</code>
- * @param transforms
- * an optional Transforms object, may be <code>null</code>
- *
- * @throws SLCommandException
- * if configuring this DataObject with the information provided in
- * the <code>sl:DataObject</code> fails.
- * @throws SLRequestException
- * if the information provided in the <code>sl:DataObject</code>
- * does not conform to the security layer specification.
- * @throws NullPointerException
- * if <code>dataObject</code> is <code>null</code>
- */
- private void setDetachedDataObject(
- Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms)
- throws SLCommandException, SLRequestException {
-
- String referenceURI = dataObject.getReference();
-
- if (referenceURI == null) {
-
- // not allowed
- log.info("XML structure of the command request contains an " +
- "invalid combination of optional elements or attributes. " +
- "DataObject of structure='detached' must contain a reference.");
- throw new SLRequestException(3003);
-
- } else {
-
- DigestMethod dm;
- try {
- dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
-
- String idValue = ctx.getIdValueFactory().createIdValue("Reference");
-
- reference = new XSECTReference(referenceURI, dm, transforms, null, idValue);
-
- // case D:
- //
- // The Reference attribute contains a URI that is used by the Citizen Card
- // Environment to code the reference to the data object as part of the XML
- // signature (attribute URI in the dsig:Reference) element. The content of
- // sl:DataObject represents the data object.
-
- if (dataObject.getLocRefContent() != null) {
- String locRef = dataObject.getLocRefContent();
- try {
- this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef));
- } catch (URISyntaxException e) {
- log.info("Invalid URI '" + locRef + "' in DataObject.", e);
- throw new SLCommandException(4003);
- } catch (IllegalArgumentException e) {
- log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e);
- throw new SLCommandException(4003);
- }
- } else if (dataObject.getBase64Content() != null) {
- byte[] base64Content = dataObject.getBase64Content();
- this.reference.setDereferencer(new ByteArrayDereferencer(base64Content));
- } else if (dataObject.getXMLContent() != null) {
- XMLContentType xmlContent = (XMLContentType) dataObject.getXMLContent();
- byte[] bytes = xmlContent.getRedirectedStream().toByteArray();
- this.reference.setDereferencer(new ByteArrayDereferencer(bytes));
- } else {
-
- // case C:
- //
- // The Reference attribute contains a URI that must be resolved by the
- // Citizen Card Environment to obtain the data object. The Reference
- // attribute contains a URI that is used by the Citizen Card Environment
- // to code the reference to the data object as part of the XML signature
- // (attribute URI in the dsig:Reference) element. The content of
- // sl:DataObject remains empty.
-
- }
-
- }
- }
-
- /**
- * Returns the preferred <code>sl:TransformInfo</code> from the given list of
- * <code>transformInfos</code>, or <code>null</code> if none of the given
- * <code>transformInfos</code> is preferred over the others.
- *
- * @param transformsInfos
- * a list of <code>sl:TransformInfo</code>s
- *
- * @return the selected <code>sl:TransformInfo</code> or <code>null</code>, if
- * none is preferred over the others
- */
- private TransformsInfoType selectPreferredTransformsInfo(List<TransformsInfoType> transformsInfos) {
-
- Map<String, TransformsInfoType> mimeTypes = new HashMap<String, TransformsInfoType>();
-
- StringBuilder debugString = null;
- if (log.isDebugEnabled()) {
- debugString = new StringBuilder();
- debugString.append("Got " + transformsInfos.size() + " TransformsInfo(s):");
- }
-
- for (TransformsInfoType transformsInfoType : transformsInfos) {
- MetaInfoType finalDataMetaInfo = transformsInfoType.getFinalDataMetaInfo();
- String mimeType = finalDataMetaInfo.getMimeType();
- String description = finalDataMetaInfo.getDescription();
- mimeTypes.put(mimeType, transformsInfoType);
- if (debugString != null) {
- debugString.append("\n FinalDataMetaInfo: MIME-Type=");
- debugString.append(mimeType);
- if (description != null) {
- debugString.append(" ");
- debugString.append(description);
- }
- }
- }
-
- if (debugString != null) {
- log.debug(debugString);
- }
-
- // look for preferred transform
- for (String mimeType : DEFAULT_PREFFERED_MIME_TYPES) {
- if (mimeTypes.containsKey(mimeType)) {
- return mimeTypes.get(mimeType);
- }
- }
-
- // no preferred transform
- return null;
-
- }
-
- /**
- * Create an instance of <code>ds:Transforms</code> from the given
- * <code>sl:TransformsInfo</code>.
- *
- * @param transformsInfo
- * the <code>sl:TransformsInfo</code>
- *
- * @return a corresponding unmarshalled <code>ds:Transforms</code>, or
- * <code>null</code> if the given <code>sl:TransformsInfo</code> does
- * not contain a <code>dsig:Transforms</code> element
- *
- * @throws SLRequestException
- * if the <code>ds:Transforms</code> in the given
- * <code>transformsInfo</code> are not valid or cannot be parsed.
- *
- * @throws MarshalException
- * if the <code>ds:Transforms</code> in the given
- * <code>transformsInfo</code> cannot be unmarshalled.
- */
- private XSECTTransforms createTransforms(TransformsInfoType transformsInfo) throws SLRequestException, MarshalException {
-
- ByteArrayOutputStream redirectedStream = ((at.gv.egiz.slbinding.impl.TransformsInfoType) transformsInfo).getRedirectedStream();
- byte[] transformBytes = (redirectedStream != null) ? redirectedStream.toByteArray() : null;
-
- if (transformBytes != null && transformBytes.length > 0) {
-
- // debug
- if (log.isTraceEnabled()) {
- StringBuilder sb = new StringBuilder();
- sb.append("Trying to parse transforms:\n");
- sb.append(new String(transformBytes, Charset.forName("UTF-8")));
- log.trace(sb);
- }
-
- DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
- LSInput input = domImplLS.createLSInput();
- input.setByteStream(new ByteArrayInputStream(transformBytes));
-
- LSParser parser = domImplLS.createLSParser(
- DOMImplementationLS.MODE_SYNCHRONOUS, null);
- DOMConfiguration domConfig = parser.getDomConfig();
- SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
- domConfig.setParameter("error-handler", errorHandler);
- domConfig.setParameter("validate", Boolean.FALSE);
-
- Document document;
- try {
- document = parser.parse(input);
- } catch (DOMException e) {
- log.info("Failed to parse dsig:Transforms.", e);
- throw new SLRequestException(3002);
- } catch (LSException e) {
- log.info("Failed to parse dsig:Transforms.", e);
- throw new SLRequestException(3002);
- }
-
- // adopt ds:Transforms
- Element documentElement = document.getDocumentElement();
- Node adoptedTransforms = ctx.getDocument().adoptNode(documentElement);
-
- DOMCryptoContext context = new DOMCryptoContext();
-
- // unmarshall ds:Transforms
- return new XSECTTransforms(context, adoptedTransforms);
-
- } else {
- return null;
- }
-
- }
-
- /**
- * Sets the <code>mimeType</code> and the <code>description</code> value
- * for this DataObject.
- *
- * @param metaInfoType the <code>sl:FinalMetaDataInfo</code>
- *
- * @throws NullPointerException if <code>metaInfoType</code> is <code>null</code>
- */
- private void setFinalDataMetaInfo(MetaInfoType metaInfoType) {
-
- this.mimeType = metaInfoType.getMimeType();
- this.description = metaInfoType.getDescription();
-
- }
-
- /**
- * Selects an appropriate transformation path (if present) from the given list
- * of <code>sl:TransformInfos</code>, sets the corresponding final data meta info and
- * returns the corresponding unmarshalled <code>ds:Transforms</code>.
- *
- * @param transformsInfos the <code>sl:TransformInfos</code>
- *
- * @return the unmarshalled <code>ds:Transforms</code>, or <code>null</code> if
- * no transformation path has been selected.
- *
- * @throws SLRequestException if the given list <code>ds:TransformsInfo</code> contains
- * an invalid <code>ds:Transforms</code> element, or no suitable transformation path
- * can be found.
- */
- private XSECTTransforms createTransformsAndSetFinalDataMetaInfo(
- List<TransformsInfoType> transformsInfos) throws SLRequestException {
-
- TransformsInfoType preferredTransformsInfo = selectPreferredTransformsInfo(transformsInfos);
- // try preferred transform
- if (preferredTransformsInfo != null) {
-
- try {
- XSECTTransforms transforms = createTransforms(preferredTransformsInfo);
- setFinalDataMetaInfo(preferredTransformsInfo.getFinalDataMetaInfo());
- return transforms;
- } catch (MarshalException e) {
-
- String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType();
- log.info("Failed to unmarshal preferred transformation path (MIME-Type="
- + mimeType + ").", e);
-
- }
-
- }
-
- // look for another suitable transformation path
- for (TransformsInfoType transformsInfoType : transformsInfos) {
-
- try {
- XSECTTransforms transforms = createTransforms(transformsInfoType);
- setFinalDataMetaInfo(transformsInfoType.getFinalDataMetaInfo());
- return transforms;
- } catch (MarshalException e) {
-
- String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType();
- log.info("Failed to unmarshal transformation path (MIME-Type="
- + mimeType + ").", e);
- }
-
- }
-
- // no suitable transformation path found
- throw new SLRequestException(3003);
-
- }
-
- /**
- * Create an XMLObject with the Base64 encoding of the given
- * <code>content</code>.
- *
- * @param content
- * the to-be Base64 encoded content
- * @return an XMLObject with the Base64 encoded <code>content</code>
- */
- private XMLObject createXMLObject(InputStream content) {
-
- Text textNode;
- try {
- textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument());
- } catch (IOException e) {
- log.error(e);
- throw new SLRuntimeException(e);
- }
-
- DOMStructure structure = new DOMStructure(textNode);
-
- String idValue = ctx.getIdValueFactory().createIdValue("Object");
-
- return ctx.getSignatureFactory().newXMLObject(Collections.singletonList(structure), idValue, null, null);
-
- }
-
- /**
- * Create an XMLObject with the given <code>content</code> node.
- *
- * @param content the content node
- *
- * @return an XMLObject with the given <code>content</code>
- */
- private XMLObject createXMLObject(Node content) {
-
- String idValue = ctx.getIdValueFactory().createIdValue("Object");
-
- List<DOMStructure> structures = Collections.singletonList(new DOMStructure(content));
-
- return ctx.getSignatureFactory().newXMLObject(structures, idValue, null, null);
-
- }
-
- /**
- * Sets the given <code>xmlObject</code> and creates and sets a corresponding
- * <code>Reference</code>.
- * <p>
- * A transform to Base64-decode the xmlObject's content is inserted at the top
- * of to the optional <code>transforms</code> if given, or to a newly created
- * <code>Transforms</code> element if <code>transforms</code> is
- * <code>null</code>.
- *
- * @param xmlObject
- * the XMLObject
- * @param transforms
- * an optional <code>Transforms</code> element (may be
- * <code>null</code>)
- *
- * @throws SLCommandException
- * if creating the Reference fails
- * @throws NullPointerException
- * if <code>xmlObject</code> is <code>null</code>
- */
- private void setXMLObjectAndReferenceBase64(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException {
-
- // create reference URI
- //
- // NOTE: the ds:Object can be referenced directly, as the Base64 transform
- // operates on the text() of the input nodelist.
- //
- String referenceURI = "#" + xmlObject.getId();
-
- // create Base64 Transform
- Transform transform;
- try {
- transform = ctx.getSignatureFactory().newTransform(Transform.BASE64, (TransformParameterSpec) null);
- } catch (NoSuchAlgorithmException e) {
- // algorithm must be present
- throw new SLRuntimeException(e);
- } catch (InvalidAlgorithmParameterException e) {
- // algorithm does not take parameters
- throw new SLRuntimeException(e);
- }
-
- if (transforms == null) {
- transforms = new XSECTTransforms(Collections.singletonList(transform));
- } else {
- transforms.insertTransform(transform);
- }
-
- DigestMethod dm;
- try {
- dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
- String id = ctx.getIdValueFactory().createIdValue("Reference");
-
- this.xmlObject = xmlObject;
- this.reference = new XSECTReference(referenceURI, dm, transforms, null, id);
-
- }
-
- /**
- * Sets the given <code>xmlObject</code> and creates and sets a corresponding
- * <code>Reference</code>.
- * <p>
- * A transform to select the xmlObject's content is inserted at the top of to
- * the optional <code>transforms</code> if given, or to a newly created
- * <code>Transforms</code> element if <code>transforms</code> is
- * <code>null</code>.
- * </p>
- *
- * @param xmlObject
- * the XMLObject
- * @param transforms
- * an optional <code>Transforms</code> element (may be
- * <code>null</code>)
- *
- * @throws SLCommandException
- * if creating the Reference fails
- * @throws NullPointerException
- * if <code>xmlObject</code> is <code>null</code>
- */
- private void setXMLObjectAndReferenceXML(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException {
-
- // create reference URI
- String referenceURI = "#" + xmlObject.getId();
-
- // create Transform to select ds:Object's children
- Transform xpathTransform;
- Transform c14nTransform;
- try {
-
- XPathType xpath = new XPathType("id(\"" + xmlObject.getId() + "\")/node()", XPathType.Filter.INTERSECT);
- List<XPathType> xpaths = Collections.singletonList(xpath);
- XPathFilter2ParameterSpec params = new XPathFilter2ParameterSpec(xpaths);
-
- xpathTransform = ctx.getSignatureFactory().newTransform(Transform.XPATH2, params);
-
- // add exclusive canonicalization to avoid signing the namespace context of the ds:Object
- c14nTransform = ctx.getSignatureFactory().newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null);
-
- } catch (NoSuchAlgorithmException e) {
- // algorithm must be present
- throw new SLRuntimeException(e);
- } catch (InvalidAlgorithmParameterException e) {
- // params must be appropriate
- throw new SLRuntimeException(e);
- }
-
- if (transforms == null) {
- List<Transform> newTransfroms = new ArrayList<Transform>();
- newTransfroms.add(xpathTransform);
- newTransfroms.add(c14nTransform);
- transforms = new XSECTTransforms(newTransfroms);
- } else {
- transforms.insertTransform(xpathTransform);
- }
-
- DigestMethod dm;
- try {
- dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
- String id = ctx.getIdValueFactory().createIdValue("Reference");
-
- this.xmlObject = xmlObject;
- this.reference = new XSECTReference(referenceURI, dm, transforms, null, id);
-
- }
-
- /**
- * Parses the given <code>xmlContent</code> and returns a corresponding
- * document fragment.
- *
- * <p>
- * The to-be parsed content is surrounded by <dummy> ... </dummy> elements to
- * allow for mixed (e.g. Text and Element) content in XMLContent.
- * </p>
- *
- * @param xmlContent
- * the XMLContent to-be parsed
- *
- * @return a document fragment containing the parsed nodes
- *
- * @throws SLCommandException
- * if parsing the given <code>xmlContent</code> fails
- *
- * @throws NullPointerException
- * if <code>xmlContent</code> is <code>null</code>
- */
- private DocumentFragment parseDataObject(XMLContentType xmlContent) throws SLCommandException {
-
- ByteArrayOutputStream redirectedStream = xmlContent.getRedirectedStream();
-
- // Note: We can assume a fixed character encoding of UTF-8 for the
- // content of the redirect stream as the content has already been parsed
- // and serialized again to the redirect stream.
-
- List<InputStream> inputStreams = new ArrayList<InputStream>();
- try {
- // dummy start element
- inputStreams.add(new ByteArrayInputStream("<dummy>".getBytes("UTF-8")));
-
- // content
- inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray()));
-
- // dummy end element
- inputStreams.add(new ByteArrayInputStream("</dummy>".getBytes("UTF-8")));
- } catch (UnsupportedEncodingException e) {
- throw new SLRuntimeException(e);
- }
-
- SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams));
-
- // parse DataObject
- Document doc = parseDataObject(inputStream, "UTF-8");
-
- Element documentElement = doc.getDocumentElement();
-
- if (documentElement == null ||
- !"dummy".equals(documentElement.getLocalName())) {
- log.info("Failed to parse DataObject XMLContent.");
- throw new SLCommandException(4111);
- }
-
- DocumentFragment fragment = doc.createDocumentFragment();
- while (documentElement.getFirstChild() != null) {
- fragment.appendChild(documentElement.getFirstChild());
- }
-
- // log parsed document
- if (log.isTraceEnabled()) {
-
- StringWriter writer = new StringWriter();
-
- writer.write("DataObject:\n");
-
- LSOutput output = domImplLS.createLSOutput();
- output.setCharacterStream(writer);
- output.setEncoding("UTF-8");
- LSSerializer serializer = domImplLS.createLSSerializer();
- serializer.getDomConfig().setParameter("xml-declaration", Boolean.FALSE);
- serializer.write(fragment, output);
-
- log.trace(writer.toString());
- }
-
- return fragment;
-
- }
-
- /**
- * Parses the given <code>inputStream</code> using the given
- * <code>encoding</code> and returns the parsed document.
- *
- * @param inputStream
- * the to-be parsed input
- *
- * @param encoding
- * the encoding to be used for parsing the given
- * <code>inputStream</code>
- *
- * @return the parsed document
- *
- * @throws SLCommandException
- * if parsing the <code>inputStream</code> fails.
- *
- * @throws NullPointerException
- * if <code>inputStram</code> is <code>null</code>
- */
- private Document parseDataObject(InputStream inputStream, String encoding) throws SLCommandException {
-
- LSInput input = domImplLS.createLSInput();
- input.setByteStream(inputStream);
-
- if (encoding != null) {
- input.setEncoding(encoding);
- }
-
- LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null);
- DOMConfiguration domConfig = parser.getDomConfig();
- SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
- domConfig.setParameter("error-handler", errorHandler);
- domConfig.setParameter("validate", Boolean.FALSE);
-
- Document doc;
- try {
- doc = parser.parse(input);
- } catch (DOMException e) {
- log.info("Existing XML document cannot be parsed.", e);
- throw new SLCommandException(4111);
- } catch (LSException e) {
- log.info("Existing XML document cannot be parsed. ", e);
- throw new SLCommandException(4111);
- }
-
- if (errorHandler.hasErrors()) {
- // log errors
- if (log.isInfoEnabled()) {
- List<String> errorMessages = errorHandler.getErrorMessages();
- StringBuffer sb = new StringBuffer();
- for (String errorMessage : errorMessages) {
- sb.append(" ");
- sb.append(errorMessage);
- }
- log.info("Existing XML document cannot be parsed. " + sb.toString());
- }
- throw new SLCommandException(4111);
- }
-
- return doc;
-
- }
-
-
-}
+ + /** + * Configures this DataObject with the information provided within the given + * <code>sl:DataObjectInfo</code>. + * + * @param dataObjectInfo + * the <code>sl:DataObjectInfo</code> + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the <code>sl:DataObjectInfo</code> fails. + * @throws SLRequestException + * if the information provided in the <code>sl:DataObjectInfo</code> + * does not conform to the security layer specification. + * @throws NullPointerException + * if <code>dataObjectInfo</code> is <code>null</code> + */ + public void setDataObjectInfo(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException { + + Base64XMLLocRefOptRefContentType dataObject = dataObjectInfo.getDataObject(); + String structure = dataObjectInfo.getStructure(); + + // select and unmarshal an appropriate transformation path if provided + // and set the final data meta information + XSECTTransforms transforms = createTransformsAndSetFinalDataMetaInfo(dataObjectInfo.getTransformsInfo()); + + if ("enveloping".equals(structure)) { + + // configure this DataObject as an enveloped DataObject + setEnvelopedDataObject(dataObject, transforms); + + } else if ("detached".equals(structure)) { + + // configure this DataObject as an detached DataObject + setDetachedDataObject(dataObject, transforms); + + } + // other values are not allowed by the schema and are therefore ignored + + } + + private byte[] getTransformsBytes(at.gv.egiz.slbinding.impl.TransformsInfoType ti) { + return ti.getRedirectedStream().toByteArray(); +// byte[] transformsBytes = ti.getRedirectedStream().toByteArray(); +// +// if (transformsBytes == null || transformsBytes.length == 0) { +// return null; +// } +// +// String dsigPrefix = ti.getNamespaceContext().getNamespaceURI("http://www.w3.org/2000/09/xmldsig#"); +// byte[] pre, post; +// if (dsigPrefix == null) { +// log.trace("XMLDSig not declared in outside dsig:Transforms"); +// pre = "<AssureDSigNS>".getBytes(); +// post = "</AssureDSigNS>".getBytes(); +// } else { +// log.trace("XMLDSig bound to prefix " + dsigPrefix); +// pre = ("<AssureDSigNS xmlns:" + dsigPrefix + "=\"http://www.w3.org/2000/09/xmldsig#\">").getBytes(); +// post = "</AssureDSigNS>".getBytes(); +// } +// +// byte[] workaround = new byte[pre.length + transformsBytes.length + post.length]; +// System.arraycopy(pre, 0, workaround, 0, pre.length); +// System.arraycopy(transformsBytes, 0, workaround, pre.length, transformsBytes.length); +// System.arraycopy(post, 0, workaround, pre.length + transformsBytes.length, post.length); +// return workaround; + } + + /** + * Configures this DataObject as an enveloped DataObject with the information + * provided within the given <code>sl:DataObject</code>. + * + * @param dataObject + * the <code>sl:DataObject</code> + * @param transforms + * an optional <code>Transforms</code> element (may be + * <code>null</code>) + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the <code>sl:DataObject</code> fails. + * @throws SLRequestException + * if the information provided in the <code>sl:DataObject</code> + * does not conform to the security layer specification. + * @throws NullPointerException + * if <code>dataObject</code> is <code>null</code> + */ + private void setEnvelopedDataObject( + Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) + throws SLCommandException, SLRequestException { + + String reference = dataObject.getReference(); + if (reference == null) { + // + // case A + // + // The Reference attribute is not used; the content of sl:DataObject represents the data object. + // If the data object is XML-coded (the sl:XMLContent element is used in sl:DataObject), then it + // must be incorporated in the signature structure as parsed XML. + // + + if (dataObject.getBase64Content() != null) { + + log.debug("Adding DataObject (Base64Content) without a reference URI."); + + // create XMLObject + XMLObject xmlObject = createXMLObject(new ByteArrayInputStream(dataObject.getBase64Content())); + + setXMLObjectAndReferenceBase64(xmlObject, transforms); + + } else if (dataObject.getXMLContent() != null) { + + log.debug("Adding DataObject (XMLContent) without a reference URI."); + + // create XMLObject + DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent()); + XMLObject xmlObject = createXMLObject(content); + + setXMLObjectAndReferenceXML(xmlObject, transforms); + + } else if (dataObject.getLocRefContent() != null) { + + log.debug("Adding DataObject (LocRefContent) without a reference URI."); + + setEnvelopedDataObject(dataObject.getLocRefContent(), transforms); + + } else { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='enveloped' without a reference must contain content."); + throw new SLRequestException(3003); + + } + + } else { + + if (dataObject.getBase64Content() == null && + dataObject.getXMLContent() == null && + dataObject.getLocRefContent() == null) { + + // + // case B + // + // The Reference attribute contains a URI that must be resolved by the + // Citizen Card Environment to obtain the data object. + // The content of sl:DataObject remains empty + // + + log.debug("Adding DataObject from reference URI '" + reference + "'."); + + setEnvelopedDataObject(reference, transforms); + + } else { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='enveloped' with reference must not contain content."); + throw new SLRequestException(3003); + + } + + + } + + } + + /** + * Configures this DataObject as an enveloped DataObject with the content to + * be dereferenced from the given <code>reference</code>. + * + * @param reference + * the <code>reference</code> URI + * @param transforms + * an optional <code>Transforms</code> element (may be + * <code>null</code>) + * + * @throws SLCommandException + * if dereferencing the given <code>reference</code> fails, or if + * configuring this DataObject with the data dereferenced from the + * given <code>reference</code> fails. + * @throws NullPointerException + * if <code>reference</code> is <code>null</code> + */ + private void setEnvelopedDataObject(String reference, XSECTTransforms transforms) throws SLCommandException { + + if (reference == null) { + throw new NullPointerException("Argument 'reference' must not be null."); + } + + // dereference URL + URLDereferencer dereferencer = URLDereferencer.getInstance(); + + StreamData streamData; + try { + streamData = dereferencer.dereference(reference, ctx.getDereferencerContext()); + } catch (IOException e) { + log.info("Failed to dereference XMLObject from '" + reference + "'.", e); + throw new SLCommandException(4110); + } + + Node childNode; + + String contentType = streamData.getContentType(); + if (contentType.startsWith("text/xml")) { + + // If content type is text/xml parse content. + String charset = HttpUtil.getCharset(contentType, true); + + Document doc = parseDataObject(streamData.getStream(), charset); + + childNode = doc.getDocumentElement(); + + if (childNode == null) { + log.info("Failed to parse XMLObject from '" + reference + "'."); + throw new SLCommandException(4111); + } + + XMLObject xmlObject = createXMLObject(childNode); + + setXMLObjectAndReferenceXML(xmlObject, transforms); + + } else { + + // Include content Base64 encoded. + XMLObject xmlObject = createXMLObject(streamData.getStream()); + + setXMLObjectAndReferenceBase64(xmlObject, transforms); + + } + + } + + /** + * Configures this DataObject as an detached DataObject with the information + * provided in the given <code>sl:DataObject</code> and optionally + * <code>transforms</code>. + * + * @param dataObject + * the <code>sl:DataObject</code> + * @param transforms + * an optional Transforms object, may be <code>null</code> + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the <code>sl:DataObject</code> fails. + * @throws SLRequestException + * if the information provided in the <code>sl:DataObject</code> + * does not conform to the security layer specification. + * @throws NullPointerException + * if <code>dataObject</code> is <code>null</code> + */ + private void setDetachedDataObject( + Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) + throws SLCommandException, SLRequestException { + + String referenceURI = dataObject.getReference(); + + if (referenceURI == null) { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='detached' must contain a reference."); + throw new SLRequestException(3003); + + } else { + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + + String idValue = ctx.getIdValueFactory().createIdValue("Reference"); + + reference = new XSECTReference(referenceURI, dm, transforms, null, idValue); + + // case D: + // + // The Reference attribute contains a URI that is used by the Citizen Card + // Environment to code the reference to the data object as part of the XML + // signature (attribute URI in the dsig:Reference) element. The content of + // sl:DataObject represents the data object. + + if (dataObject.getLocRefContent() != null) { + String locRef = dataObject.getLocRefContent(); + try { + this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef)); + } catch (URISyntaxException e) { + log.info("Invalid URI '" + locRef + "' in DataObject.", e); + throw new SLCommandException(4003); + } catch (IllegalArgumentException e) { + log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e); + throw new SLCommandException(4003); + } + } else if (dataObject.getBase64Content() != null) { + byte[] base64Content = dataObject.getBase64Content(); + this.reference.setDereferencer(new ByteArrayDereferencer(base64Content)); + } else if (dataObject.getXMLContent() != null) { + XMLContentType xmlContent = (XMLContentType) dataObject.getXMLContent(); + byte[] bytes = xmlContent.getRedirectedStream().toByteArray(); + this.reference.setDereferencer(new ByteArrayDereferencer(bytes)); + } else { + + // case C: + // + // The Reference attribute contains a URI that must be resolved by the + // Citizen Card Environment to obtain the data object. The Reference + // attribute contains a URI that is used by the Citizen Card Environment + // to code the reference to the data object as part of the XML signature + // (attribute URI in the dsig:Reference) element. The content of + // sl:DataObject remains empty. + + } + + } + } + + /** + * Returns the preferred <code>sl:TransformInfo</code> from the given list of + * <code>transformInfos</code>, or <code>null</code> if none of the given + * <code>transformInfos</code> is preferred over the others. + * + * @param transformsInfos + * a list of <code>sl:TransformInfo</code>s + * + * @return the selected <code>sl:TransformInfo</code> or <code>null</code>, if + * none is preferred over the others + */ + private TransformsInfoType selectPreferredTransformsInfo(List<TransformsInfoType> transformsInfos) { + + Map<String, TransformsInfoType> mimeTypes = new HashMap<String, TransformsInfoType>(); + + StringBuilder debugString = null; + if (log.isDebugEnabled()) { + debugString = new StringBuilder(); + debugString.append("Got " + transformsInfos.size() + " TransformsInfo(s):"); + } + + for (TransformsInfoType transformsInfoType : transformsInfos) { + MetaInfoType finalDataMetaInfo = transformsInfoType.getFinalDataMetaInfo(); + String mimeType = finalDataMetaInfo.getMimeType(); + String description = finalDataMetaInfo.getDescription(); + mimeTypes.put(mimeType, transformsInfoType); + if (debugString != null) { + debugString.append("\n FinalDataMetaInfo: MIME-Type="); + debugString.append(mimeType); + if (description != null) { + debugString.append(" "); + debugString.append(description); + } + } + } + + if (debugString != null) { + log.debug(debugString); + } + + // look for preferred transform + for (String mimeType : DEFAULT_PREFFERED_MIME_TYPES) { + if (mimeTypes.containsKey(mimeType)) { + return mimeTypes.get(mimeType); + } + } + + // no preferred transform + return null; + + } + + /** + * Create an instance of <code>ds:Transforms</code> from the given + * <code>sl:TransformsInfo</code>. + * + * @param transformsInfo + * the <code>sl:TransformsInfo</code> + * + * @return a corresponding unmarshalled <code>ds:Transforms</code>, or + * <code>null</code> if the given <code>sl:TransformsInfo</code> does + * not contain a <code>dsig:Transforms</code> element + * + * @throws SLRequestException + * if the <code>ds:Transforms</code> in the given + * <code>transformsInfo</code> are not valid or cannot be parsed. + * + * @throws MarshalException + * if the <code>ds:Transforms</code> in the given + * <code>transformsInfo</code> cannot be unmarshalled. + */ + private XSECTTransforms createTransforms(TransformsInfoType transformsInfo) throws SLRequestException, MarshalException { + + byte[] transforms = getTransformsBytes((at.gv.egiz.slbinding.impl.TransformsInfoType) transformsInfo); + + if (transforms != null && transforms.length > 0) { + // debug + if (log.isTraceEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Trying to parse transforms:\n"); + sb.append(new String(transforms, Charset.forName("UTF-8"))); + log.trace(sb); + } + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSInput input = domImplLS.createLSInput(); + input.setByteStream(new ByteArrayInputStream(transforms)); + + LSParser parser = domImplLS.createLSParser( + DOMImplementationLS.MODE_SYNCHRONOUS, null); + DOMConfiguration domConfig = parser.getDomConfig(); + SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); + domConfig.setParameter("error-handler", errorHandler); + domConfig.setParameter("validate", Boolean.FALSE); + + Document document; + try { + document = parser.parse(input); + } catch (DOMException e) { + log.info("Failed to parse dsig:Transforms.", e); + throw new SLRequestException(3002); + } catch (LSException e) { + log.info("Failed to parse dsig:Transforms.", e); + throw new SLRequestException(3002); + } + + // adopt ds:Transforms + Element transformsElt = document.getDocumentElement(); + Node adoptedTransforms = ctx.getDocument().adoptNode(transformsElt); + + DOMCryptoContext context = new DOMCryptoContext(); + + // unmarshall ds:Transforms + return new XSECTTransforms(context, adoptedTransforms); + + } else { + return null; + } + + +// TransformsType transformsType = transformsInfo.getTransforms(); +// if (transformsType == null) { +// return null; +// } +// List<TransformType> transformList = transformsType.getTransform(); +// +// DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); +//// Document transformsDoc = ((DOMImplementation) domImplLS).createDocument("http://www.w3.org/2000/09/xmldsig#", "Transforms", null); +//// Element transforms = transformsDoc.getDocumentElement(); +// Document transformsDoc = DOMUtils.createDocument(); +// Element transforms = transformsDoc.createElementNS( +// "http://www.w3.org/2000/09/xmldsig#", +// Signature.XMLDSIG_PREFIX + ":Transforms"); +// transformsDoc.appendChild(transforms); +// +// for (TransformType transformType : transformList) { +// log.trace("found " + transformType.getClass().getName()); +// Element transform = transformsDoc.createElementNS( +// "http://www.w3.org/2000/09/xmldsig#", +// Signature.XMLDSIG_PREFIX + ":Transform"); +// String algorithm = transformType.getAlgorithm(); +// if (algorithm != null) { +// log.trace("found algorithm " + algorithm); +// transform.setAttribute("Algorithm", algorithm); +// } +// +// at.gv.egiz.slbinding.impl.TransformType t = (at.gv.egiz.slbinding.impl.TransformType) transformType; +// byte[] redirectedBytes = t.getRedirectedStream().toByteArray(); +// if (redirectedBytes != null && redirectedBytes.length > 0) { +// if (log.isTraceEnabled()) { +// StringBuilder sb = new StringBuilder(); +// sb.append("Trying to parse dsig:Transform:\n"); +// sb.append(new String(redirectedBytes, Charset.forName("UTF-8"))); +// log.trace(sb); +// } +// LSInput input = domImplLS.createLSInput(); +// input.setByteStream(new ByteArrayInputStream(redirectedBytes)); +// +// LSParser parser = domImplLS.createLSParser( +// DOMImplementationLS.MODE_SYNCHRONOUS, null); +// DOMConfiguration domConfig = parser.getDomConfig(); +// SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); +// domConfig.setParameter("error-handler", errorHandler); +// domConfig.setParameter("validate", Boolean.FALSE); +// +// try { +// Document redirectedDoc = parser.parse(input); +// Node redirected = transformsDoc.adoptNode(redirectedDoc.getDocumentElement()); +// transform.appendChild(redirected); +// +// //not supported by Xerces2.9.1 +//// Node redirected = parser.parseWithContext(input, transform, LSParser.ACTION_APPEND_AS_CHILDREN); +// +// } catch (DOMException e) { +// log.info("Failed to parse dsig:Transform.", e); +// throw new SLRequestException(3002); +// } catch (LSException e) { +// log.info("Failed to parse dsig:Transform.", e); +// throw new SLRequestException(3002); +// } +// } +// transforms.appendChild(transform); +// } +// +// //adopt ds:Transforms +// Node adoptedTransforms = ctx.getDocument().adoptNode(transforms); +// DOMCryptoContext context = new DOMCryptoContext(); +// +// // unmarshall ds:Transforms +// return new XSECTTransforms(context, adoptedTransforms); + + } + + /** + * Sets the <code>mimeType</code> and the <code>description</code> value + * for this DataObject. + * + * @param metaInfoType the <code>sl:FinalMetaDataInfo</code> + * + * @throws NullPointerException if <code>metaInfoType</code> is <code>null</code> + */ + private void setFinalDataMetaInfo(MetaInfoType metaInfoType) { + + this.mimeType = metaInfoType.getMimeType(); + this.description = metaInfoType.getDescription(); + + } + + /** + * Selects an appropriate transformation path (if present) from the given list + * of <code>sl:TransformInfos</code>, sets the corresponding final data meta info and + * returns the corresponding unmarshalled <code>ds:Transforms</code>. + * + * @param transformsInfos the <code>sl:TransformInfos</code> + * + * @return the unmarshalled <code>ds:Transforms</code>, or <code>null</code> if + * no transformation path has been selected. + * + * @throws SLRequestException if the given list <code>ds:TransformsInfo</code> contains + * an invalid <code>ds:Transforms</code> element, or no suitable transformation path + * can be found. + */ + private XSECTTransforms createTransformsAndSetFinalDataMetaInfo( + List<TransformsInfoType> transformsInfos) throws SLRequestException { + + TransformsInfoType preferredTransformsInfo = selectPreferredTransformsInfo(transformsInfos); + // try preferred transform + if (preferredTransformsInfo != null) { + + try { + XSECTTransforms transforms = createTransforms(preferredTransformsInfo); + setFinalDataMetaInfo(preferredTransformsInfo.getFinalDataMetaInfo()); + return transforms; + } catch (MarshalException e) { + + String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType(); + log.info("Failed to unmarshal preferred transformation path (MIME-Type=" + + mimeType + ").", e); + + } + + } + + // look for another suitable transformation path + for (TransformsInfoType transformsInfoType : transformsInfos) { + + try { + XSECTTransforms transforms = createTransforms(transformsInfoType); + setFinalDataMetaInfo(transformsInfoType.getFinalDataMetaInfo()); + return transforms; + } catch (MarshalException e) { + + String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType(); + log.info("Failed to unmarshal transformation path (MIME-Type=" + + mimeType + ").", e); + } + + } + + // no suitable transformation path found + throw new SLRequestException(3003); + + } + + /** + * Create an XMLObject with the Base64 encoding of the given + * <code>content</code>. + * + * @param content + * the to-be Base64 encoded content + * @return an XMLObject with the Base64 encoded <code>content</code> + */ + private XMLObject createXMLObject(InputStream content) { + + Text textNode; + try { + textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument()); + } catch (IOException e) { + log.error(e); + throw new SLRuntimeException(e); + } + + DOMStructure structure = new DOMStructure(textNode); + + String idValue = ctx.getIdValueFactory().createIdValue("Object"); + + return ctx.getSignatureFactory().newXMLObject(Collections.singletonList(structure), idValue, null, null); + + } + + /** + * Create an XMLObject with the given <code>content</code> node. + * + * @param content the content node + * + * @return an XMLObject with the given <code>content</code> + */ + private XMLObject createXMLObject(Node content) { + + String idValue = ctx.getIdValueFactory().createIdValue("Object"); + + List<DOMStructure> structures = Collections.singletonList(new DOMStructure(content)); + + return ctx.getSignatureFactory().newXMLObject(structures, idValue, null, null); + + } + + /** + * Sets the given <code>xmlObject</code> and creates and sets a corresponding + * <code>Reference</code>. + * <p> + * A transform to Base64-decode the xmlObject's content is inserted at the top + * of to the optional <code>transforms</code> if given, or to a newly created + * <code>Transforms</code> element if <code>transforms</code> is + * <code>null</code>. + * + * @param xmlObject + * the XMLObject + * @param transforms + * an optional <code>Transforms</code> element (may be + * <code>null</code>) + * + * @throws SLCommandException + * if creating the Reference fails + * @throws NullPointerException + * if <code>xmlObject</code> is <code>null</code> + */ + private void setXMLObjectAndReferenceBase64(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { + + // create reference URI + // + // NOTE: the ds:Object can be referenced directly, as the Base64 transform + // operates on the text() of the input nodelist. + // + String referenceURI = "#" + xmlObject.getId(); + + // create Base64 Transform + Transform transform; + try { + transform = ctx.getSignatureFactory().newTransform(Transform.BASE64, (TransformParameterSpec) null); + } catch (NoSuchAlgorithmException e) { + // algorithm must be present + throw new SLRuntimeException(e); + } catch (InvalidAlgorithmParameterException e) { + // algorithm does not take parameters + throw new SLRuntimeException(e); + } + + if (transforms == null) { + transforms = new XSECTTransforms(Collections.singletonList(transform)); + } else { + transforms.insertTransform(transform); + } + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + String id = ctx.getIdValueFactory().createIdValue("Reference"); + + this.xmlObject = xmlObject; + this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); + + } + + /** + * Sets the given <code>xmlObject</code> and creates and sets a corresponding + * <code>Reference</code>. + * <p> + * A transform to select the xmlObject's content is inserted at the top of to + * the optional <code>transforms</code> if given, or to a newly created + * <code>Transforms</code> element if <code>transforms</code> is + * <code>null</code>. + * </p> + * + * @param xmlObject + * the XMLObject + * @param transforms + * an optional <code>Transforms</code> element (may be + * <code>null</code>) + * + * @throws SLCommandException + * if creating the Reference fails + * @throws NullPointerException + * if <code>xmlObject</code> is <code>null</code> + */ + private void setXMLObjectAndReferenceXML(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { + + // create reference URI + String referenceURI = "#" + xmlObject.getId(); + + // create Transform to select ds:Object's children + Transform xpathTransform; + Transform c14nTransform; + try { + + XPathType xpath = new XPathType("id(\"" + xmlObject.getId() + "\")/node()", XPathType.Filter.INTERSECT); + List<XPathType> xpaths = Collections.singletonList(xpath); + XPathFilter2ParameterSpec params = new XPathFilter2ParameterSpec(xpaths); + + xpathTransform = ctx.getSignatureFactory().newTransform(Transform.XPATH2, params); + + // add exclusive canonicalization to avoid signing the namespace context of the ds:Object + c14nTransform = ctx.getSignatureFactory().newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); + + } catch (NoSuchAlgorithmException e) { + // algorithm must be present + throw new SLRuntimeException(e); + } catch (InvalidAlgorithmParameterException e) { + // params must be appropriate + throw new SLRuntimeException(e); + } + + if (transforms == null) { + List<Transform> newTransfroms = new ArrayList<Transform>(); + newTransfroms.add(xpathTransform); + newTransfroms.add(c14nTransform); + transforms = new XSECTTransforms(newTransfroms); + } else { + transforms.insertTransform(xpathTransform); + } + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + String id = ctx.getIdValueFactory().createIdValue("Reference"); + + this.xmlObject = xmlObject; + this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); + + } + + /** + * Parses the given <code>xmlContent</code> and returns a corresponding + * document fragment. + * + * <p> + * The to-be parsed content is surrounded by <dummy> ... </dummy> elements to + * allow for mixed (e.g. Text and Element) content in XMLContent. + * </p> + * + * @param xmlContent + * the XMLContent to-be parsed + * + * @return a document fragment containing the parsed nodes + * + * @throws SLCommandException + * if parsing the given <code>xmlContent</code> fails + * + * @throws NullPointerException + * if <code>xmlContent</code> is <code>null</code> + */ + private DocumentFragment parseDataObject(XMLContentType xmlContent) throws SLCommandException { + + ByteArrayOutputStream redirectedStream = xmlContent.getRedirectedStream(); + + // Note: We can assume a fixed character encoding of UTF-8 for the + // content of the redirect stream as the content has already been parsed + // and serialized again to the redirect stream. + + List<InputStream> inputStreams = new ArrayList<InputStream>(); + try { + // dummy start element + inputStreams.add(new ByteArrayInputStream("<dummy>".getBytes("UTF-8"))); + + // content + inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray())); + + // dummy end element + inputStreams.add(new ByteArrayInputStream("</dummy>".getBytes("UTF-8"))); + } catch (UnsupportedEncodingException e) { + throw new SLRuntimeException(e); + } + + SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams)); + + // parse DataObject + Document doc = parseDataObject(inputStream, "UTF-8"); + + Element documentElement = doc.getDocumentElement(); + + if (documentElement == null || + !"dummy".equals(documentElement.getLocalName())) { + log.info("Failed to parse DataObject XMLContent."); + throw new SLCommandException(4111); + } + + DocumentFragment fragment = doc.createDocumentFragment(); + while (documentElement.getFirstChild() != null) { + fragment.appendChild(documentElement.getFirstChild()); + } + + // log parsed document + if (log.isTraceEnabled()) { + + StringWriter writer = new StringWriter(); + + writer.write("DataObject:\n"); + + LSOutput output = domImplLS.createLSOutput(); + output.setCharacterStream(writer); + output.setEncoding("UTF-8"); + LSSerializer serializer = domImplLS.createLSSerializer(); + serializer.getDomConfig().setParameter("xml-declaration", Boolean.FALSE); + serializer.write(fragment, output); + + log.trace(writer.toString()); + } + + return fragment; + + } + + /** + * Parses the given <code>inputStream</code> using the given + * <code>encoding</code> and returns the parsed document. + * + * @param inputStream + * the to-be parsed input + * + * @param encoding + * the encoding to be used for parsing the given + * <code>inputStream</code> + * + * @return the parsed document + * + * @throws SLCommandException + * if parsing the <code>inputStream</code> fails. + * + * @throws NullPointerException + * if <code>inputStram</code> is <code>null</code> + */ + private Document parseDataObject(InputStream inputStream, String encoding) throws SLCommandException { + + LSInput input = domImplLS.createLSInput(); + input.setByteStream(inputStream); + + if (encoding != null) { + input.setEncoding(encoding); + } + + LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null); + DOMConfiguration domConfig = parser.getDomConfig(); + SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); + domConfig.setParameter("error-handler", errorHandler); + domConfig.setParameter("validate", Boolean.FALSE); + + Document doc; + try { + doc = parser.parse(input); + } catch (DOMException e) { + log.info("Existing XML document cannot be parsed.", e); + throw new SLCommandException(4111); + } catch (LSException e) { + log.info("Existing XML document cannot be parsed. ", e); + throw new SLCommandException(4111); + } + + if (errorHandler.hasErrors()) { + // log errors + if (log.isInfoEnabled()) { + List<String> errorMessages = errorHandler.getErrorMessages(); + StringBuffer sb = new StringBuffer(); + for (String errorMessage : errorMessages) { + sb.append(" "); + sb.append(errorMessage); + } + log.info("Existing XML document cannot be parsed. " + sb.toString()); + } + throw new SLCommandException(4111); + } + + return doc; + + } + + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java index 8baa0137..9182e824 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java @@ -87,6 +87,8 @@ import at.gv.egiz.bku.utils.urldereferencer.StreamData; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.marshal.NamespacePrefix; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; import at.gv.egiz.slbinding.impl.XMLContentType; import at.gv.egiz.stal.STAL; import at.gv.egiz.xades.QualifyingPropertiesException; @@ -99,6 +101,7 @@ import at.gv.egiz.xades.QualifyingPropertiesFactory; * @author mcentner */ public class Signature { + public static final String XMLDSIG_PREFIX = "dsig"; /** * Logging facility. @@ -407,7 +410,7 @@ public class Signature { signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); - signContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig"); + signContext.putNamespacePrefix(XMLSignature.XMLNS,XMLDSIG_PREFIX); signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext())); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 78172dcb..7ce7b42d 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -14,185 +14,186 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import iaik.xml.crypto.XSecProvider;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
+package at.gv.egiz.bku.slcommands.impl.xsect; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.List; + import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; -import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
-import javax.xml.stream.XMLEventReader;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamException;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSOutput;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
-import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
+import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLObject; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.XMLSignatureFactory; +import javax.xml.crypto.dsig.dom.DOMSignContext; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamException; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; +import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-import at.gv.egiz.bku.utils.urldereferencer.URLProtocolHandler;
-import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.slbinding.RedirectEventFilter;
-import at.gv.egiz.slbinding.RedirectUnmarshallerListener;
-
-public class SignatureTest {
-
- private class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
-
- @Override
- public CanonicalizationMethod createCanonicalizationMethod(
- SignatureContext signatureContext) {
-
- XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory();
-
- try {
- return signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public DigestMethod createDigestMethod(SignatureContext signatureContext) {
-
- XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory();
-
- try {
- return signatureFactory.newDigestMethod(DigestMethod.SHA1, (DigestMethodParameterSpec) null);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public SignatureMethod createSignatureMethod(
- SignatureContext signatureContext) {
-
- XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory();
-
- try {
- return signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, (SignatureMethodParameterSpec) null);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
-
- }
-
- }
-
- private static final String RESOURCE_PREFIX = "at/gv/egiz/bku/slcommands/impl/";
-
- private static Unmarshaller unmarshaller;
-
- private static PrivateKey privateKey;
-
- private static X509Certificate certificate;
-
- @BeforeClass
- public static void setUpClass() throws JAXBException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
-
- XSecProvider.addAsProvider(true);
-
- String packageName = ObjectFactory.class.getPackage().getName();
- packageName += ":"
- + org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName();
- JAXBContext jaxbContext = JAXBContext.newInstance(packageName);
-
- unmarshaller = jaxbContext.createUnmarshaller();
-
- initURLDereferencer();
-
- ClassLoader classLoader = SignatureTest.class.getClassLoader();
- InputStream certStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + "Cert.p12");
- assertNotNull("Certificate not found.", certStream);
-
- char[] passwd = "1622".toCharArray();
-
- KeyStore keystore = KeyStore.getInstance("PKCS12");
- keystore.load(certStream, passwd);
- String firstAlias = keystore.aliases().nextElement();
- certificate = (X509Certificate) keystore.getCertificate(firstAlias);
- privateKey = (PrivateKey) keystore.getKey(firstAlias, passwd);
-
- }
-
- private static void initURLDereferencer() {
-
- URLDereferencer.getInstance().registerHandler("testlocal", new URLProtocolHandler() {
-
- @Override
- public StreamData dereference(String url, URLDereferencerContext context)
- throws IOException {
-
- ClassLoader classLoader = SignatureTest.class.getClassLoader();
-
- String filename = url.split(":", 2)[1];
-
- InputStream stream = classLoader.getResourceAsStream(RESOURCE_PREFIX + filename);
-
- if (stream == null) {
-
- throw new IOException("Failed to resolve resource '" + url + "'.");
-
- } else {
-
- String contentType;
- if (filename.endsWith(".xml")) {
- contentType = "text/xml";
- } else if (filename.endsWith(".txt")) {
- contentType = "text/plain";
- } else {
- contentType = "";
- }
-
- return new StreamData(url, contentType, stream);
-
- }
-
+import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; +import at.gv.egiz.bku.utils.urldereferencer.URLProtocolHandler; +import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.slbinding.RedirectEventFilter; +import at.gv.egiz.slbinding.RedirectUnmarshallerListener; +import org.junit.Ignore; + +public class SignatureTest { + + private class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { + + @Override + public CanonicalizationMethod createCanonicalizationMethod( + SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public DigestMethod createDigestMethod(SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newDigestMethod(DigestMethod.SHA1, (DigestMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public SignatureMethod createSignatureMethod( + SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, (SignatureMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + + } + + } + + private static final String RESOURCE_PREFIX = "at/gv/egiz/bku/slcommands/impl/"; + + private static Unmarshaller unmarshaller; + + private static PrivateKey privateKey; + + private static X509Certificate certificate; + + @BeforeClass + public static void setUpClass() throws JAXBException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { + + XSecProvider.addAsProvider(true); + + String packageName = ObjectFactory.class.getPackage().getName(); + packageName += ":" + + org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); + JAXBContext jaxbContext = JAXBContext.newInstance(packageName); + + unmarshaller = jaxbContext.createUnmarshaller(); + + initURLDereferencer(); + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + InputStream certStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + "Cert.p12"); + assertNotNull("Certificate not found.", certStream); + + char[] passwd = "1622".toCharArray(); + + KeyStore keystore = KeyStore.getInstance("PKCS12"); + keystore.load(certStream, passwd); + String firstAlias = keystore.aliases().nextElement(); + certificate = (X509Certificate) keystore.getCertificate(firstAlias); + privateKey = (PrivateKey) keystore.getKey(firstAlias, passwd); + + } + + private static void initURLDereferencer() { + + URLDereferencer.getInstance().registerHandler("testlocal", new URLProtocolHandler() { + + @Override + public StreamData dereference(String url, URLDereferencerContext context) + throws IOException { + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + + String filename = url.split(":", 2)[1]; + + InputStream stream = classLoader.getResourceAsStream(RESOURCE_PREFIX + filename); + + if (stream == null) { + + throw new IOException("Failed to resolve resource '" + url + "'."); + + } else { + + String contentType; + if (filename.endsWith(".xml")) { + contentType = "text/xml"; + } else if (filename.endsWith(".txt")) { + contentType = "text/plain"; + } else { + contentType = ""; + } + + return new StreamData(url, contentType, stream); + + } + } @Override @@ -205,558 +206,600 @@ public class SignatureTest { public void setSSLSocketFactory(SSLSocketFactory socketFactory) { // TODO Auto-generated method stub - }
-
- });
-
- }
-
- private Object unmarshal(String file) throws XMLStreamException, JAXBException {
-
- ClassLoader classLoader = SignatureTest.class.getClassLoader();
- InputStream resourceStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + file);
- assertNotNull(resourceStream);
-
- XMLInputFactory inputFactory = XMLInputFactory.newInstance();
- XMLEventReader eventReader = inputFactory.createXMLEventReader(resourceStream);
- RedirectEventFilter redirectEventFilter = new RedirectEventFilter();
- XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter);
-
- unmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter));
-
- return unmarshaller.unmarshal(filteredReader);
-
- }
-
- //
- //
- // SignatureInfo
- //
- //
-
- @SuppressWarnings("unchecked")
- private SignatureInfoCreationType unmarshalSignatureInfo(String file) throws JAXBException, XMLStreamException {
-
- Object object = unmarshal(file);
-
- Object requestType = ((JAXBElement) object).getValue();
-
- assertTrue(requestType instanceof CreateXMLSignatureRequestType);
-
- SignatureInfoCreationType signatureInfo = ((CreateXMLSignatureRequestType) requestType).getSignatureInfo();
-
- assertNotNull(signatureInfo);
-
- return signatureInfo;
-
- }
-
- @Test
- public void testSetSignatureInfo_Base64_1() throws JAXBException, SLCommandException, XMLStreamException {
-
- SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), null);
-
- signature.setSignatureInfo(signatureInfo);
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- assertNotNull(parent);
- assertTrue("urn:document".equals(parent.getNamespaceURI()));
- assertTrue("XMLDocument".equals(parent.getLocalName()));
-
- assertNotNull(nextSibling);
- assertTrue("urn:document".equals(nextSibling.getNamespaceURI()));
- assertTrue("Paragraph".equals(nextSibling.getLocalName()));
-
- }
-
- @Test
- public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException {
-
- SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), null);
-
- signature.setSignatureInfo(signatureInfo);
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- assertNotNull(parent);
- assertTrue("XMLDocument".equals(parent.getLocalName()));
-
- assertNotNull(nextSibling);
- assertTrue("Paragraph".equals(nextSibling.getLocalName()));
-
- }
-
- @Test
- public void testSetSignature_Base64_3() throws JAXBException, SLCommandException, XMLStreamException {
-
- SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_3.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), null);
-
- signature.setSignatureInfo(signatureInfo);
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- assertNotNull(parent);
- assertTrue("XMLDocument".equals(parent.getLocalName()));
-
- assertNotNull(nextSibling);
- assertTrue("Paragraph".equals(nextSibling.getLocalName()));
-
- }
-
- @Test
- public void testSetSignatureInfo_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException {
-
- SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_XMLContent_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), null);
-
- signature.setSignatureInfo(signatureInfo);
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- assertNotNull(parent);
- assertTrue("urn:document".equals(parent.getNamespaceURI()));
- assertTrue("Whole".equals(parent.getLocalName()));
-
- assertNull(nextSibling);
-
- }
-
- @Test
- public void testSetSignature_Reference_1() throws JAXBException, SLCommandException, XMLStreamException {
-
- SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Reference_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), null);
-
- signature.setSignatureInfo(signatureInfo);
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- assertNotNull(parent);
- assertTrue("urn:document".equals(parent.getNamespaceURI()));
- assertTrue("Paragraph".equals(parent.getLocalName()));
-
- assertNull(nextSibling);
-
- }
-
- //
- //
- // DataObject
- //
- //
-
- @SuppressWarnings("unchecked")
- private List<DataObjectInfoType> unmarshalDataObjectInfo(String file) throws JAXBException, XMLStreamException {
-
- Object object = unmarshal(file);
-
- Object requestType = ((JAXBElement) object).getValue();
-
- assertTrue(requestType instanceof CreateXMLSignatureRequestType);
-
- List<DataObjectInfoType> dataObjectInfos = ((CreateXMLSignatureRequestType) requestType).getDataObjectInfo();
-
- assertNotNull(dataObjectInfos);
-
- return dataObjectInfos;
-
- }
-
- private void signAndMarshalSignature(Signature signature) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
-
- Node parent = signature.getParent();
- Node nextSibling = signature.getNextSibling();
-
- DOMSignContext signContext = (nextSibling == null)
- ? new DOMSignContext(privateKey, parent)
- : new DOMSignContext(privateKey, parent, nextSibling);
-
- signature.sign(signContext);
-
- Document document = signature.getDocument();
-
- DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
- LSOutput output = domImplLS.createLSOutput();
- output.setByteStream(System.out);
-
- LSSerializer serializer = domImplLS.createLSSerializer();
-// serializer.getDomConfig().setParameter("format-pretty-print", Boolean.TRUE);
- serializer.getDomConfig().setParameter("namespaces", Boolean.FALSE);
- serializer.write(document, output);
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_Base64Content_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Base64Content_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.setSignerCeritifcate(certificate);
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 1);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.BASE64.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.setSignerCeritifcate(certificate);
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 2);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.XPATH2.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_XMLContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_2.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.setSignerCeritifcate(certificate);
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 2);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.XPATH2.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_LocRefContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 2);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.XPATH2.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_LocRefContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_2.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 1);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.BASE64.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_Reference_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Reference_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 1);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.BASE64.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2);
-
- XMLObject object = objects.get(0);
-
- assertTrue(("#" + object.getId()).equals(reference.getURI()));
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_Detached_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 0);
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue(objects.size() == 1);
-
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testDataObject_Detached_Base64Content() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_Base64Content.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue(transforms.size() == 0);
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue(objects.size() == 1);
-
- }
-
- //
- //
- // TransformsInfo
- //
- //
-
- @SuppressWarnings("unchecked")
- private CreateXMLSignatureRequestType unmarshalCreateXMLSignatureRequest(String file) throws JAXBException, XMLStreamException {
-
- Object object = unmarshal(file);
-
- Object requestType = ((JAXBElement) object).getValue();
-
- assertTrue(requestType instanceof CreateXMLSignatureRequestType);
-
- return (CreateXMLSignatureRequestType) requestType;
-
- }
-
-
- @SuppressWarnings("unchecked")
- @Test
- public void testTransformsInfo_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException {
-
- CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_1.xml");
-
- Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl());
-
-
- signature.setSignatureInfo(requestType.getSignatureInfo());
-
- List<DataObjectInfoType> dataObjectInfos = requestType.getDataObjectInfo();
-
- for (DataObjectInfoType dataObjectInfo : dataObjectInfos) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.setSignerCeritifcate(certificate);
-
- signature.buildXMLSignature();
-
- signAndMarshalSignature(signature);
-
- List<Reference> references = signature.getReferences();
- assertTrue(references.size() == 2);
-
- Reference reference = references.get(0);
- assertNotNull(reference.getId());
-
- List<Transform> transforms = reference.getTransforms();
- assertTrue("Size " + transforms.size() + "", transforms.size() == 3);
-
- Transform transform = transforms.get(0);
- assertTrue(Transform.ENVELOPED.equals(transform.getAlgorithm()));
-
- List<XMLObject> objects = signature.getXMLObjects();
- assertNotNull(objects);
- assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1);
-
- }
-
-
-}
+ } + + }); + + } + + private Object unmarshal(String file) throws XMLStreamException, JAXBException { + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + InputStream resourceStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + file); + assertNotNull(resourceStream); + + XMLInputFactory inputFactory = XMLInputFactory.newInstance(); + XMLEventReader eventReader = inputFactory.createXMLEventReader(resourceStream); + RedirectEventFilter redirectEventFilter = new RedirectEventFilter(); + XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter); + + unmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter)); + + return unmarshaller.unmarshal(filteredReader); + + } + + // + // + // SignatureInfo + // + // + + @SuppressWarnings("unchecked") + private SignatureInfoCreationType unmarshalSignatureInfo(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + SignatureInfoCreationType signatureInfo = ((CreateXMLSignatureRequestType) requestType).getSignatureInfo(); + + assertNotNull(signatureInfo); + + return signatureInfo; + + } + + @Test + public void testSetSignatureInfo_Base64_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("urn:document".equals(nextSibling.getNamespaceURI())); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignature_Base64_3() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_3.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignatureInfo_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_XMLContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("Whole".equals(parent.getLocalName())); + + assertNull(nextSibling); + + } + + @Test + public void testSetSignature_Reference_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Reference_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("Paragraph".equals(parent.getLocalName())); + + assertNull(nextSibling); + + } + + // + // + // DataObject + // + // + + @SuppressWarnings("unchecked") + private List<DataObjectInfoType> unmarshalDataObjectInfo(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + List<DataObjectInfoType> dataObjectInfos = ((CreateXMLSignatureRequestType) requestType).getDataObjectInfo(); + + assertNotNull(dataObjectInfos); + + return dataObjectInfos; + + } + + private void signAndMarshalSignature(Signature signature) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + DOMSignContext signContext = (nextSibling == null) + ? new DOMSignContext(privateKey, parent) + : new DOMSignContext(privateKey, parent, nextSibling); + + signature.sign(signContext); + + Document document = signature.getDocument(); + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSOutput output = domImplLS.createLSOutput(); + output.setByteStream(System.out); + + LSSerializer serializer = domImplLS.createLSSerializer(); +// serializer.getDomConfig().setParameter("format-pretty-print", Boolean.TRUE); + serializer.getDomConfig().setParameter("namespaces", Boolean.FALSE); + serializer.write(document, output); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Base64Content_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Base64Content_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_XMLContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_LocRefContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_LocRefContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Reference_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Reference_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Detached_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 0); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue(objects.size() == 1); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Detached_Base64Content() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List<DataObjectInfoType> dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_Base64Content.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue(transforms.size() == 0); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue(objects.size() == 1); + + } + + // + // + // TransformsInfo + // + // + + @SuppressWarnings("unchecked") + private CreateXMLSignatureRequestType unmarshalCreateXMLSignatureRequest(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + return (CreateXMLSignatureRequestType) requestType; + + } + + + @SuppressWarnings("unchecked") + @Test + public void testTransformsInfo_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + + signature.setSignatureInfo(requestType.getSignatureInfo()); + + List<DataObjectInfoType> dataObjectInfos = requestType.getDataObjectInfo(); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue("Size " + transforms.size() + "", transforms.size() == 3); + + Transform transform = transforms.get(0); + assertTrue(Transform.ENVELOPED.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1); + + } + + @SuppressWarnings("unchecked") + @Test + @Ignore + public void testTransformsInfo_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + + signature.setSignatureInfo(requestType.getSignatureInfo()); + + List<DataObjectInfoType> dataObjectInfos = requestType.getDataObjectInfo(); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List<Reference> references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List<Transform> transforms = reference.getTransforms(); + assertTrue("Size " + transforms.size() + "", transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XSLT.equals(transform.getAlgorithm())); + + List<XMLObject> objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1); + + } + + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml new file mode 100644 index 00000000..f43dc61a --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml @@ -0,0 +1,397 @@ +<?xml version="1.0" encoding="UTF-8" ?>
+<sl:CreateXMLSignatureRequest xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
+ <sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>
+ <sl:DataObjectInfo Structure="detached">
+ <sl:DataObject Reference=""/>
+ <sl:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .boldstyle { font-weight: bold; }
+ .italicstyle { font-style: italic; }
+ .annotationstyle { font-size: 0.8em; }
+ </style>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <span
+ class="boldstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </span>, geboren am <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"
+ />, <xsl:if
+ test="//saml:Attribute[@AttributeName='OIDTextualDescription']"
+ > in der Rolle als <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"
+ /> (OID***= <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"
+ />), </xsl:if> den Zugang zur gesicherten Anwendung. </h4>
+ <p/>
+ <h4>Datum und Uhrzeit: <xsl:value-of
+ select="substring(//@IssueInstant,9,2)"/>. <xsl:value-of
+ select="substring(//@IssueInstant,6,2)"/>. <xsl:value-of
+ select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of
+ select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"
+ />: <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <h4>HPI(**): <xsl:value-of
+ select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"
+ /></h4>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of
+ select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"
+ /></h4>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <h4>Ich bin weiters ermächtigt als <xsl:value-of
+ select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"
+ /> von <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']"
+ >, geboren am <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"
+ />
+ </xsl:if>
+ <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']"
+ >, <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"
+ />
+ </xsl:if>, in deren Auftrag zu handeln. <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"
+ /></h4>
+ </xsl:if>
+ </h4>
+ <p/>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="//saml:Attribute[@AttributeName='OID']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ <xsl:when test="//saml:Attribute[@AttributeName='HPI']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ <xsl:when test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ </xsl:choose>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <div class="annotationstyle">(*) wbPK: Das <span
+ class="italicstyle">wirtschaftsbereichsspezifische
+ Personenkennzeichen</span> wird aus den jeweiligen
+ Stammzahlen des Bürgers und des Wirtschaftsunternehmens
+ berechnet und ermöglicht eine eindeutige Zuordnung des
+ Bürgers zum Wirtschaftsunternehmen.</div>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <div class="annotationstyle">(**) HPI: Der <span
+ class="italicstyle">eHealth Professional
+ Identifier</span> wird aus den jeweiligen Stammzahlen
+ der Gesundheitsdiensteanbieterinnen /
+ Gesundheitsdiensteanbieter berechnet und ermöglicht eine
+ eindeutige Zuordnung der Gesundheitsdiensteanbieterin /
+ des Gesundheitsdiensteanbieters im
+ Gesundheitsbereich.</div>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OID']">
+ <div class="annotationstyle">(***) OID: <span
+ class="italicstyle">Object Identifier</span> sind
+ standardisierte Objekt-Bezeichner und beschreiben
+ eindeutig die Rollen des GDA-Token Inhabers.</div>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform
+ Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl:FinalDataMetaInfo>
+ <sl:MimeType>application/xhtml+xml</sl:MimeType>
+ </sl:FinalDataMetaInfo>
+ </sl:TransformsInfo>
+ <sl:TransformsInfo>
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <b>
+ <xsl:value-of select="//@Issuer"/>
+ </b>, geboren am <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"
+ />, <xsl:if
+ test="//saml:Attribute[@AttributeName='OIDTextualDescription']"
+ > in der Rolle als <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"
+ /> (OID***= <xsl:value-of
+ select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"
+ />), </xsl:if> den Zugang zur gesicherten Anwendung. </h4>
+ <p/>
+ <h4>Datum und Uhrzeit: <xsl:value-of
+ select="substring(//@IssueInstant,9,2)"/>. <xsl:value-of
+ select="substring(//@IssueInstant,6,2)"/>. <xsl:value-of
+ select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of
+ select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"
+ />: <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <h4>HPI(**): <xsl:value-of
+ select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"
+ /></h4>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of
+ select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"
+ /></h4>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <hr/>
+ <h4>Ich bin weiters ermächtigt als <xsl:value-of
+ select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"
+ /> von <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']"
+ >, geboren am <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"
+ />. <xsl:value-of
+ select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"
+ />
+ </xsl:if>
+ <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']"
+ >, <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"
+ />
+ </xsl:if>, in deren Auftrag zu handeln. <xsl:if
+ test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of
+ select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"
+ /></h4>
+ </xsl:if>
+ </h4>
+ <p/>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="//saml:Attribute[@AttributeName='OID']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ <xsl:when test="//saml:Attribute[@AttributeName='HPI']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ <xsl:when test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ </xsl:when>
+ </xsl:choose>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische
+ Personenkennzeichen</i> wird aus den jeweiligen
+ Stammzahlen des Bürgers und des Wirtschaftsunternehmens
+ berechnet und ermöglicht eine eindeutige Zuordnung des
+ Bürgers zum Wirtschaftsunternehmen.</h6>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <h6>(**) HPI: Der <i>eHealth Professional Identifier</i>
+ wird aus den jeweiligen Stammzahlen der
+ Gesundheitsdiensteanbieterinnen /
+ Gesundheitsdiensteanbieter berechnet und ermöglicht eine
+ eindeutige Zuordnung der Gesundheitsdiensteanbieterin /
+ des Gesundheitsdiensteanbieters im
+ Gesundheitsbereich.</h6>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OID']">
+ <h6>(***) OID: <i>Object Identifier</i> sind standardisierte
+ Objekt-Bezeichner und beschreiben eindeutig die Rollen
+ des GDA-Token Inhabers.</h6>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform
+ Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl:FinalDataMetaInfo>
+ <sl:MimeType>text/html</sl:MimeType>
+ </sl:FinalDataMetaInfo>
+ </sl:TransformsInfo>
+ <sl:TransformsInfo>
+ <dsig:Transforms> <!-- xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"-->
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+ <xsl:output method="xml" xml:space="default"/>
+ <xsl:template match="/" xmlns="">
+ <text>
+ <xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
+ <xsl:value-of select="//@Issuer"/>
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ <xsl:text>, </xsl:text>
+ <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+ <xsl:text>in der Rolle als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+ <xsl:text>(OID***= </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>)
+ <xsl:text>, </xsl:text>
+ </xsl:if>
+ <xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
+ <xsl:text>

Datum und Uhrzeit: </xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ <xsl:text>, </xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+ <xsl:text>:</xsl:text>
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <xsl:text>

HPI(**): </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+ </xsl:if>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <xsl:text>

wbPK(*): </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </xsl:if>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+ <xsl:text>

Ich bin weiters ermächtigt als </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+ <xsl:text>von </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+ <xsl:text>, geboren am </xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+ <xsl:text>.</xsl:text>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+ <xsl:text>,</xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+ <xsl:text>

wbPK(*) des Vollmachtgebers: </xsl:text>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+ </xsl:if>
+ </xsl:if>
+
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <xsl:text>

(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</xsl:text>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+ <xsl:text>

(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</xsl:text>
+ </xsl:if>
+ <xsl:if test="//saml:Attribute[@AttributeName='OID']">
+ <xsl:text>

(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers.</xsl:text>
+ </xsl:if>
+ </text>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(text())</dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <sl:FinalDataMetaInfo>
+ <sl:MimeType>text/plain</sl:MimeType>
+ </sl:FinalDataMetaInfo>
+ </sl:TransformsInfo>
+ </sl:DataObjectInfo>
+ <sl:SignatureInfo>
+ <sl:SignatureEnvironment>
+ <sl:XMLContent>
+ <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+ xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+ MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Klämens Örthäçké"
+ IssueInstant="2008-06-05T11:26:10+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://demo.egiz.gv.at/exchange-moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="wbPK"
+ AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>
+ <pr:Identification>
+ <pr:Value>LTpz8VYzns2jrx0J8Gm/R/nAhxA=</pr:Value>
+ <pr:Type>urn:publicid:gv.at:wbpk+FN+TODO</pr:Type>
+ </pr:Identification>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA"
+ AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://apps.egiz.gv.at/urlaubsschein-frontend/moaid-login</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="Geburtsdatum"
+ AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>1971-11-10</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ </saml:Assertion>
+ </sl:XMLContent>
+ </sl:SignatureEnvironment>
+ <sl:SignatureLocation Index="2" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">/saml:Assertion</sl:SignatureLocation>
+ </sl:SignatureInfo>
+</sl:CreateXMLSignatureRequest>
|