blautenb 2003/11/16 01:20:32
Modified: src/org/apache/xml/security/encryption CipherReference.java
Transforms.java XMLCipher.java XMLCipherInput.java
src/org/apache/xml/security/transforms/implementations
TransformBase64Decode.java
src_unitTests/org/apache/xml/security/test/encryption
BaltimoreEncTest.java XMLCipherTester.java
Log:
Implemented support for CipherReference logic
Revision Changes Path
1.8 +8 -0
xml-security/src/org/apache/xml/security/encryption/CipherReference.java
Index: CipherReference.java
===================================================================
RCS file:
/home/cvs/xml-security/src/org/apache/xml/security/encryption/CipherReference.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- CipherReference.java 18 Mar 2003 22:47:44 -0000 1.7
+++ CipherReference.java 16 Nov 2003 09:20:32 -0000 1.8
@@ -58,6 +58,7 @@
*/
package org.apache.xml.security.encryption;
+import org.w3c.dom.Attr;
/**
@@ -101,6 +102,13 @@
* dereferenced.
*/
String getURI();
+
+ /**
+ * Gets the URI as an Attribute node. Used to meld the CipherREference
+ * with the XMLSignature ResourceResolvers
+ */
+
+ public Attr getURIAsAttr();
/**
* Returns the <code>Transforms</code> that specifies how to transform
the
1.6 +14 -3
xml-security/src/org/apache/xml/security/encryption/Transforms.java
Index: Transforms.java
===================================================================
RCS file:
/home/cvs/xml-security/src/org/apache/xml/security/encryption/Transforms.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Transforms.java 18 Mar 2003 22:51:23 -0000 1.5
+++ Transforms.java 16 Nov 2003 09:20:32 -0000 1.6
@@ -85,19 +85,30 @@
*
* @return all transforms.
*/
- Iterator getTransforms();
+ /* Iterator getTransforms(); */
/**
* Adds a <code>ds:Transform</code> to the list of transforms.
*
* @param transform.
*/
- void addTransform(Transform transform);
+ /* void addTransform(Transform transform); */
/**
* Removes the specified transform.
*
* @param transform.
*/
- void removeTransform(Transform transform);
+ /* void removeTransform(Transform transform); */
+
+ /**
+ * Temporary method to turn the XMLEncryption Transforms class
+ * into a DS class. The main logic is currently implemented in the
+ * DS class, so we need to get to get the base class.
+ * <p>
+ * <b>Note</b> This will be removed in future versions
+ */
+
+ org.apache.xml.security.transforms.Transforms getDSTransforms();
+
}
1.14 +268 -65
xml-security/src/org/apache/xml/security/encryption/XMLCipher.java
Index: XMLCipher.java
===================================================================
RCS file:
/home/cvs/xml-security/src/org/apache/xml/security/encryption/XMLCipher.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- XMLCipher.java 15 Nov 2003 08:48:21 -0000 1.13
+++ XMLCipher.java 16 Nov 2003 09:20:32 -0000 1.14
@@ -93,6 +93,9 @@
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.transforms.InvalidTransformException;
+import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
import org.apache.xml.utils.URI;
@@ -101,6 +104,7 @@
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.Attr;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
@@ -533,6 +537,9 @@
*
* Takes an EncryptedData object and returns a DOM Element that
* represents the appropriate <code>EncryptedData</code>
+ * <p>
+ * <b>Note:</b> This should only be used in cases where the context
+ * document has been passed in via a call to doFinal.
*
* @param encryptedData EncryptedData object to martial
* @return the DOM <code>Element</code> representing the passed in
@@ -551,6 +558,10 @@
* Takes an EncryptedKey object and returns a DOM Element that
* represents the appropriate <code>EncryptedKey</code>
*
+ * <p>
+ * <b>Note:</b> This should only be used in cases where the context
+ * document has been passed in via a call to doFinal.
+ *
* @param encryptedKey EncryptedKey object to martial
* @return the DOM <code>Element</code> representing the passed in
* object */
@@ -562,6 +573,44 @@
}
+ /**
+ * Martial an EncryptedData
+ *
+ * Takes an EncryptedData object and returns a DOM Element that
+ * represents the appropriate <code>EncryptedData</code>
+ *
+ * @param context The document that will own the returned nodes
+ * @param encryptedData EncryptedData object to martial
+ * @return the DOM <code>Element</code> representing the passed in
+ * object */
+
+ public Element martial(Document context, EncryptedData encryptedData)
+ throws XMLEncryptionException {
+
+ _contextDocument = context;
+ return (_factory.toElement (encryptedData));
+
+ }
+
+ /**
+ * Martial an EncryptedKey
+ *
+ * Takes an EncryptedKey object and returns a DOM Element that
+ * represents the appropriate <code>EncryptedKey</code>
+ *
+ * @param context The document that will own the created nodes
+ * @param encryptedKey EncryptedKey object to martial
+ * @return the DOM <code>Element</code> representing the passed in
+ * object */
+
+ public Element martial(Document context, EncryptedKey encryptedKey)
+ throws XMLEncryptionException {
+
+ _contextDocument = context;
+ return (_factory.toElement (encryptedKey));
+
+ }
+
/**
* Encrypts an <code>Element</code> and replaces it with its encrypted
* counterpart in the context <code>Document</code>, that is, the
@@ -1391,13 +1440,22 @@
return (plainBytes);
}
-
+ /*
+ * Expose the interface for creating XML Encryption objects
+ */
/**
* Creates an <code>EncryptedData</code> <code>Element</code>.
*
+ * The newEncryptedData and newEncryptedKey methods create fairly
complete
+ * elements that are immediately useable. All the other create* methods
+ * return bare elements that still need to be built upon.
+ *
+ * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind
of
+ * CipherData this EncryptedData will contain.
* @param text the Base 64 encoded, encrypted text to wrap in the
- * <code>EncryptedData</code>.
+ * <code>EncryptedData</code> or the URI to set in the CipherReference
+ * (usage will depend on the <code>type</code>
* @return the <code>EncryptedData</code> <code>Element</code>.
*
* <!--
@@ -1418,24 +1476,19 @@
* -->
*/
- private EncryptedData createEncryptedData(int type, String value) throws
+ public EncryptedData createEncryptedData(int type, String value) throws
XMLEncryptionException {
EncryptedData result = null;
CipherData data = null;
switch (type) {
case CipherData.REFERENCE_TYPE:
- String referenceUri = null;
- try {
- referenceUri = new URI(value).toString();
- } catch (URI.MalformedURIException mfue) {
- throw new XMLEncryptionException("empty", mfue);
- }
CipherReference cipherReference =
_factory.newCipherReference(
- referenceUri);
+ value);
data = _factory.newCipherData(type);
data.setCipherReference(cipherReference);
result = _factory.newEncryptedData(data);
+ break;
case CipherData.VALUE_TYPE:
CipherValue cipherValue = _factory.newCipherValue(value);
data = _factory.newCipherData(type);
@@ -1445,15 +1498,23 @@
return (result);
}
+
/**
- * Creates an <code>EncryptedData</code> <code>Element</code>.
+ * Creates an <code>EncryptedKey</code> <code>Element</code>.
*
+ * The newEncryptedData and newEncryptedKey methods create fairly
complete
+ * elements that are immediately useable. All the other create* methods
+ * return bare elements that still need to be built upon.
+ *
+ * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind
of
+ * CipherData this EncryptedData will contain.
* @param text the Base 64 encoded, encrypted text to wrap in the
- * <code>EncryptedData</code>.
- * @return the <code>EncryptedData</code> <code>Element</code>.
+ * <code>EncryptedKey</code> or the URI to set in the CipherReference
+ * (usage will depend on the <code>type</code>
+ * @return the <code>EncryptedKey</code> <code>Element</code>.
*
* <!--
- * <EncryptedData Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
+ * <EncryptedKey Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
* <EncryptionMethod/>[OPT]
* <ds:KeyInfo>[OPT]
* <EncryptedKey/>[OPT]
@@ -1470,24 +1531,19 @@
* -->
*/
- private EncryptedKey createEncryptedKey(int type, String value) throws
+ public EncryptedKey createEncryptedKey(int type, String value) throws
XMLEncryptionException {
EncryptedKey result = null;
CipherData data = null;
switch (type) {
case CipherData.REFERENCE_TYPE:
- String referenceUri = null;
- try {
- referenceUri = new URI(value).toString();
- } catch (URI.MalformedURIException mfue) {
- throw new XMLEncryptionException("empty", mfue);
- }
CipherReference cipherReference =
_factory.newCipherReference(
- referenceUri);
+ value);
data = _factory.newCipherData(type);
data.setCipherReference(cipherReference);
result = _factory.newEncryptedKey(data);
+ break;
case CipherData.VALUE_TYPE:
CipherValue cipherValue = _factory.newCipherValue(value);
data = _factory.newCipherData(type);
@@ -1498,6 +1554,106 @@
return (result);
}
+ /**
+ * Create an AgreementMethod object
+ *
+ * @param algorithm Algorithm of the agreement method
+ */
+
+ public AgreementMethod createAgreementMethod(String algorithm) throws
+ XMLEncryptionException {
+ return (_factory.newAgreementMethod(algorithm));
+ }
+
+ /**
+ * Create a CipherData object
+ *
+ * @param type Type of this CipherData (either VALUE_TUPE or
+ * REFERENCE_TYPE)
+ */
+
+ public CipherData createCipherData(int type) {
+ return (_factory.newCipherData(type));
+ }
+
+ /**
+ * Create a CipherReference object
+ *
+ * @param uri The URI that the reference will refer to
+ */
+
+ public CipherReference createCipherReference(String uri) throws
+ XMLEncryptionException {
+ return (_factory.newCipherReference(uri));
+ }
+
+ /**
+ * Create a CipherValue element
+ *
+ * @param value The value to set the ciphertext to
+ */
+
+ public CipherValue createCipherValue(String value) {
+ return (_factory.newCipherValue(value));
+ }
+
+ /**
+ * Create an EncryptedMethod object
+ *
+ * @param algorithm Algorithm for the encryption
+ */
+ public EncryptionMethod createEncryptionMethod(String algorithm) throws
+ XMLEncryptionException {
+ return (_factory.newEncryptionMethod(algorithm));
+ }
+
+ /**
+ * Create an EncryptedProperties element
+ *
+ */
+ public EncryptionProperties createEncryptionProperties() {
+ return (_factory.newEncryptionProperties());
+ }
+
+ /**
+ * Create a new EncryptionProperty element
+ */
+ public EncryptionProperty createEncryptionProperty() {
+ return (_factory.newEncryptionProperty());
+ }
+
+ /**
+ * Create a new ReferenceList object
+ */
+ public ReferenceList createReferenceList(int type) {
+ return (new ReferenceList(type));
+ }
+
+ /**
+ * Create a new Transforms object
+ * <p>
+ * <b>Note</b>: A context document <i>must</i> have been set
+ * elsewhere (possibly via a call to doFinal). If not, use the
+ * createTransforms(Document) method.
+ */
+
+ public Transforms createTransforms() {
+ return (_factory.newTransforms());
+ }
+
+ /**
+ * Create a new Transforms object
+ *
+ * Because the handling of Transforms is currently done in the signature
+ * code, the creation of a Transforms object <b>requires</b> a
+ * context document.
+ *
+ * @param doc Document that will own the created Transforms node
+ */
+ public Transforms createTransforms(Document doc) {
+ return (_factory.newTransforms(doc));
+ }
+
/**
* Converts <code>String</code>s into <code>Node</code>s and visa versa.
* <p>
@@ -1505,6 +1661,7 @@
*
* @author Axl Mattheus
*/
+
private class Serializer {
private OutputFormat format;
private XMLSerializer _serializer;
@@ -1691,6 +1848,7 @@
}
}
+
/**
*
* @author Axl Mattheus
@@ -1786,6 +1944,13 @@
/**
*
*/
+ Transforms newTransforms(Document doc) {
+ return (new TransformsImpl(doc));
+ }
+
+ /**
+ *
+ */
// <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
// <complexType name="AgreementMethodType" mixed="true">
// <sequence>
@@ -1878,7 +2043,7 @@
if (type == CipherData.VALUE_TYPE) {
result.setCipherValue(newCipherValue(e));
} else if (type == CipherData.REFERENCE_TYPE) {
- //
+ result.setCipherReference(newCipherReference(e));
}
return (result);
@@ -1896,14 +2061,35 @@
// </complexType>
CipherReference newCipherReference(Element element) throws
XMLEncryptionException {
- // NOTE:
///////////////////////////////////////////////////////////
- //
- // This operation will be implemented during November 2002. Until
- //then, complain.
- // TODO: Implement.
- String uo = "This operation is not implemented in this release.";
- throw new XMLEncryptionException("empty",
- new UnsupportedOperationException(uo));
+
+ Attr URIAttr =
+ element.getAttributeNodeNS(null,
EncryptionConstants._ATT_URI);
+ CipherReference result = new
CipherReferenceImpl(URIAttr);
+
+ // Find any Transforms
+
+ NodeList transformsElements =
element.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_TRANSFORMS);
+ Element transformsElement =
+ (Element) transformsElements.item(0);
+
+ if (transformsElement != null) {
+ logger.debug("Creating a DSIG based Transforms
element");
+ try {
+ result.setTransforms(new
TransformsImpl(transformsElement));
+ }
+ catch (XMLSignatureException xse) {
+ throw new
XMLEncryptionException("empty", xse);
+ } catch (InvalidTransformException ite) {
+ throw new
XMLEncryptionException("empty", ite);
+ } catch (XMLSecurityException xse) {
+ throw new
XMLEncryptionException("empty", xse);
+ }
+
+ }
+
+ return result;
}
/**
@@ -2515,6 +2701,7 @@
public void setCipherValue(CipherValue value) throws
XMLEncryptionException {
+
if (cipherType == REFERENCE_TYPE) {
throw new XMLEncryptionException("empty",
new UnsupportedOperationException(valueMessage));
@@ -2577,21 +2764,27 @@
private class CipherReferenceImpl implements CipherReference {
private String referenceURI = null;
private Transforms referenceTransforms = null;
+ private Attr referenceNode = null;
public CipherReferenceImpl(String uri) {
- URI tmpReferenceURI = null;
- try {
- tmpReferenceURI = new URI(uri);
- } catch (URI.MalformedURIException mfue) {
- // complain
- }
- referenceURI = tmpReferenceURI.toString();
+ /* Don't check validity of URI as may be "" */
+ referenceURI = uri;
+ referenceNode = null;
}
+ public CipherReferenceImpl(Attr uri) {
+ referenceURI = uri.getNodeValue();
+ referenceNode = uri;
+ }
+
public String getURI() {
return (referenceURI);
}
+ public Attr getURIAsAttr() {
+ return (referenceNode);
+ }
+
public Transforms getTransforms() {
return (referenceTransforms);
}
@@ -3221,40 +3414,50 @@
// <element ref='ds:Transform' maxOccurs='unbounded'/>
// </sequence>
// </complexType>
- private class TransformsImpl implements Transforms {
- private List transforms = null;
+ private class TransformsImpl extends
+ org.apache.xml.security.transforms.Transforms
+ implements Transforms {
+
+ /**
+ * Construct Transforms
+ */
- public TransformsImpl() {
- transforms = new LinkedList();
- }
+ public TransformsImpl() {
+ super(_contextDocument);
+ }
- public Iterator getTransforms() {
- return (transforms.iterator());
- }
+ public TransformsImpl(Document doc) {
+ super(doc);
+ }
- public void addTransform(Transform transform) {
- transforms.add(transform);
- }
+ public TransformsImpl(Element element)
+ throws XMLSignatureException,
+ InvalidTransformException,
+ XMLSecurityException,
+ TransformationException {
- public void removeTransform(Transform transform) {
- transforms.remove(transform);
- }
+ super(element, "");
+
+ }
- // <complexType name='TransformsType'>
- // <sequence>
- // <element ref='ds:Transform' maxOccurs='unbounded'/>
- // </sequence>
- // </complexType>
- Element toElement() {
- Element result = null;
+ public Element toElement() {
- result =
ElementProxy.createElementForFamily(_contextDocument,
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_TRANSFORMS);
- // TODO: figure out how to do this ...
+ if (_doc == null)
+ _doc = _contextDocument;
+
+ return getElement();
+ }
+
+ public org.apache.xml.security.transforms.Transforms
getDSTransforms() {
+ return
((org.apache.xml.security.transforms.Transforms) this);
+ }
+
+
+ // Over-ride the namespace
+ public String getBaseNamespace() {
+ return EncryptionConstants.EncryptionSpecNS;
+ }
- return (result);
- }
}
}
}
1.2 +63 -35
xml-security/src/org/apache/xml/security/encryption/XMLCipherInput.java
Index: XMLCipherInput.java
===================================================================
RCS file:
/home/cvs/xml-security/src/org/apache/xml/security/encryption/XMLCipherInput.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- XMLCipherInput.java 15 Nov 2003 08:48:21 -0000 1.1
+++ XMLCipherInput.java 16 Nov 2003 09:20:32 -0000 1.2
@@ -59,43 +59,20 @@
package org.apache.xml.security.encryption;
-//import java.io.IOException;
-//import java.io.StringReader;
-//import java.io.StringWriter;
-//import java.io.UnsupportedEncodingException;
-//import java.io.ByteArrayOutputStream;
-//import java.lang.Integer;
-//import java.security.InvalidKeyException;
-//import java.security.Key;
-//import java.security.InvalidAlgorithmParameterException;
-//import java.security.NoSuchAlgorithmException;
-//import java.security.NoSuchProviderException;
-//import java.util.HashMap;
-//import java.util.Iterator;
-//import java.util.LinkedList;
-//import java.util.List;
-//import java.util.Map;
-//import javax.crypto.BadPaddingException;
-//import javax.crypto.Cipher;
-//import javax.crypto.IllegalBlockSizeException;
-//import javax.crypto.NoSuchPaddingException;
-//import javax.crypto.spec.IvParameterSpec;
-//import javax.xml.parsers.DocumentBuilder;
-//import javax.xml.parsers.DocumentBuilderFactory;
-//import javax.xml.parsers.ParserConfigurationException;
-//import org.apache.xml.security.keys.KeyInfo;
-//import org.apache.xml.security.utils.Constants;
-//import org.apache.xml.security.utils.EncryptionConstants;
-//import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-//import org.apache.xml.security.algorithms.JCEMapper;
-//import org.apache.xml.security.c14n.Canonicalizer;
-//import org.apache.xml.security.transforms.Transform;
-//import org.apache.xml.security.utils.ElementProxy;
+import java.io.IOException;
+
+import org.apache.xml.security.c14n.CanonicalizationException;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.exceptions.Base64DecodingException;
-//import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.transforms.TransformationException;
//import org.apache.xml.serialize.OutputFormat;
//import org.apache.xml.serialize.XMLSerializer;
//import org.apache.xml.utils.URI;
+import org.w3c.dom.Attr;
//import org.w3c.dom.Document;
//import org.w3c.dom.DocumentFragment;
//import org.w3c.dom.NamedNodeMap;
@@ -191,10 +168,61 @@
String base64EncodedEncryptedOctets = null;
if (_cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
+ // Fun time!
+ logger.debug("Found a reference type CipherData");
+ CipherReference cr = _cipherData.getCipherReference();
+
+ // Need to wrap the uri in an Attribute node so that we
can
+ // Pass to the resource resolvers
+
+ Attr uriAttr = cr.getURIAsAttr();
+ XMLSignatureInput input = null;
+
+ try {
+ ResourceResolver resolver =
+ ResourceResolver.getInstance(uriAttr,
null);
+ input = resolver.resolve(uriAttr, null);
+ } catch (ResourceResolverException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ } catch (XMLSecurityException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+
+ if (input != null) {
+ logger.debug("Managed to resolve URI \"" +
cr.getURI() + "\"");
+ }
+ else {
+ logger.debug("Failed to resolve URI \"" +
cr.getURI() + "\"");
+ }
+
+ // Lets see if there are any transforms
+ Transforms transforms = cr.getTransforms();
+ if (transforms != null) {
+ logger.debug ("Have transforms in cipher
reference");
+ try {
+
org.apache.xml.security.transforms.Transforms dsTransforms =
+ transforms.getDSTransforms();
+ input =
dsTransforms.performTransforms(input);
+ } catch (TransformationException ex) {
+ throw new
XMLEncryptionException("empty", ex);
+ }
+ }
+
+ try {
+ return input.getBytes();
+ }
+ catch (IOException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ } catch (InvalidCanonicalizerException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ } catch (CanonicalizationException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+
// retrieve the cipher text
} else if (_cipherData.getDataType() == CipherData.VALUE_TYPE) {
- CipherValue cipherValue = _cipherData.getCipherValue();
- base64EncodedEncryptedOctets = new
String(cipherValue.getValue());
+ CipherValue cv = _cipherData.getCipherValue();
+ base64EncodedEncryptedOctets = new String(cv.getValue());
} else {
throw new
XMLEncryptionException("CipherData.getDataType() returned unexpected value");
}
1.13 +39 -12
xml-security/src/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
Index: TransformBase64Decode.java
===================================================================
RCS file:
/home/cvs/xml-security/src/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- TransformBase64Decode.java 11 Feb 2003 16:02:52 -0000 1.12
+++ TransformBase64Decode.java 16 Nov 2003 09:20:32 -0000 1.13
@@ -63,6 +63,8 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -146,7 +148,8 @@
throws IOException, CanonicalizationException,
TransformationException, InvalidCanonicalizerException {
- if (input.isOctetStream()) {
+ try {
+ if (input.isOctetStream() || isTextNodeSet(input.getNodeSet())) {
try {
byte[] base64Bytes = input.getBytes();
byte[] decodedBytes = Base64.decode(base64Bytes);
@@ -157,7 +160,7 @@
throw new TransformationException("empty", ex);
}
} else {
- try {
+ try {
Document doc =
DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(
input.getOctetStream());
@@ -174,19 +177,24 @@
process(treewalker, sb);
byte[] decodedBytes = Base64.decode(sb.toString());
-
+
return new XMLSignatureInput(
new ByteArrayInputStream(decodedBytes));
- } catch (ParserConfigurationException e) {
- throw new TransformationException("c14n.Canonicalizer.Exception",
- e);
- } catch (SAXException e) {
- throw new TransformationException("c14n.Canonicalizer.Exception",
- e);
- } catch (Base64DecodingException ex) {
- throw new TransformationException("empty", ex);
- }
+ } catch (ParserConfigurationException e) {
+ throw new
TransformationException("c14n.Canonicalizer.Exception",
+
e);
+ } catch (SAXException e) {
+ throw new TransformationException("SAX exception", e);
+ } catch (Base64DecodingException ex) {
+ throw new TransformationException("empty", ex);
+ }
}
+ } catch (ParserConfigurationException e) {
+ throw new
TransformationException("c14n.Canonicalizer.Exception",
+
e);
+ } catch (SAXException e) {
+ throw new TransformationException("SAX exception", e);
+ }
}
/**
@@ -209,6 +217,25 @@
}
treewalker.setCurrentNode(currentNode);
+ }
+
+ /**
+ * Method to take a set of nodes and check whether any are "non-text"
+ */
+
+ private boolean isTextNodeSet(Set s) {
+
+ boolean isText = true;
+
+ Iterator it = s.iterator();
+ while (it.hasNext() && isText) {
+
+ Node n = (Node) it.next();
+ if (n.getNodeType() != Node.TEXT_NODE)
+ isText = false;
+ }
+
+ return isText;
}
/**
1.8 +29 -11
xml-security/src_unitTests/org/apache/xml/security/test/encryption/BaltimoreEncTest.java
Index: BaltimoreEncTest.java
===================================================================
RCS file:
/home/cvs/xml-security/src_unitTests/org/apache/xml/security/test/encryption/BaltimoreEncTest.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- BaltimoreEncTest.java 15 Nov 2003 08:51:08 -0000 1.7
+++ BaltimoreEncTest.java 16 Nov 2003 09:20:32 -0000 1.8
@@ -112,7 +112,6 @@
decryption-transform.xml
encrypt-content-aes192-cbc-dh-sha512.xml
encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
-encrypt-element-aes192-cbc-ref.xml
encrypt-element-aes256-cbc-carried-kw-aes256.xml
encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
encrypt-element-aes256-cbc-retrieved-kw-aes256.xml
@@ -256,7 +255,7 @@
* Check that the document has the correct number of nodes
*/
- private void checkDecryptedDoc(Document d) throws Exception {
+ private void checkDecryptedDoc(Document d, boolean doNodeCheck) throws
Exception {
String cc = retrieveCCNumber(d);
log.debug("Retrieved Credit Card : " + cc);
@@ -264,11 +263,12 @@
// Test cc numbers
- int myNodeCount = countNodes(d);
-
- assertTrue("Node count mismatches",
- ((myNodeCount > 0) && myNodeCount ==
nodeCount));
+ if (doNodeCheck) {
+ int myNodeCount = countNodes(d);
+ assertTrue("Node count mismatches",
+ ((myNodeCount > 0) && myNodeCount ==
nodeCount));
+ }
}
/**
@@ -294,7 +294,7 @@
String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml";
Document dd = decryptElement(filename);
- checkDecryptedDoc(dd);
+ checkDecryptedDoc(dd, true);
}
/**
@@ -309,7 +309,7 @@
String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml";
Document dd = decryptElement(filename);
- checkDecryptedDoc(dd);
+ checkDecryptedDoc(dd, true);
}
/**
@@ -325,7 +325,7 @@
String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml";
Document dd = decryptElement(filename);
- checkDecryptedDoc(dd);
+ checkDecryptedDoc(dd, true);
}
@@ -342,7 +342,7 @@
String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml";
Document dd = decryptElement(filename);
- checkDecryptedDoc(dd);
+ checkDecryptedDoc(dd, true);
}
@@ -359,8 +359,26 @@
String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml";
Document dd = decryptElement(filename);
- checkDecryptedDoc(dd);
+ checkDecryptedDoc(dd, true);
+
+ }
+ /**
+ * Method test_five_element_aes192_cbc_ref
+ *
+ * Check the merlin-enc-five element data test for AES192 with
+ * a CipherReference element
+ *
+ */
+
+ public void test_five_element_aes192_cbc_ref() throws Exception {
+
+ String filename =
"data/ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml";
+
+ Document dd = decryptElement(filename);
+ // Note - we don't check the node count, as it will be different
+ // due to the encrypted text remainin in the reference nodes
+ checkDecryptedDoc(dd, false);
}
/**
1.7 +74 -0
xml-security/src_unitTests/org/apache/xml/security/test/encryption/XMLCipherTester.java
Index: XMLCipherTester.java
===================================================================
RCS file:
/home/cvs/xml-security/src_unitTests/org/apache/xml/security/test/encryption/XMLCipherTester.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- XMLCipherTester.java 14 Nov 2003 09:23:20 -0000 1.6
+++ XMLCipherTester.java 16 Nov 2003 09:20:32 -0000 1.7
@@ -80,6 +80,10 @@
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
+import org.apache.xml.security.encryption.EncryptionMethod;
+import org.apache.xml.security.encryption.CipherData;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.serialize.DOMSerializer;
import org.apache.xml.serialize.Method;
@@ -100,6 +104,8 @@
private String elementIndex;
private XMLCipher cipher;
+ private String tstBase64EncodedString;
+
public XMLCipherTester(String test) {
super(test);
}
@@ -111,6 +117,8 @@
"path");
elementIndex = System.getProperty("org.apache.xml.enc.test.idx",
"0");
+
+ tstBase64EncodedString = new
String("YmNkZWZnaGlqa2xtbm9wcRrPXjQ1hvhDFT+EdesMAPE4F6vlT+y0HPXe0+nAGLQ8");
}
protected void tearDown() {
@@ -452,6 +460,72 @@
Assert.assertEquals(source, target);
}
+
+ /*
+ * Test a Cipher Reference
+ */
+
+ public void testSameDocumentCipherReference() throws Exception {
+
+ DocumentBuilderFactory dbf =
DocumentBuilderFactory.newInstance();
+ DocumentBuilder db = dbf.newDocumentBuilder();
+
+ Document d = db.newDocument();
+
+ Element docElement = d.createElement("EncryptedDoc");
+ d.appendChild(docElement);
+
+ // Create the XMLCipher object
+ XMLCipher cipher = XMLCipher.getInstance();
+
+ EncryptedData ed =
+ cipher.createEncryptedData(CipherData.REFERENCE_TYPE,
+
"#CipherTextId");
+ EncryptionMethod em =
+ cipher.createEncryptionMethod(XMLCipher.AES_128);
+
+ ed.setEncryptionMethod(em);
+
+ org.apache.xml.security.encryption.Transforms xencTransforms =
+ cipher.createTransforms(d);
+
ed.getCipherData().getCipherReference().setTransforms(xencTransforms);
+ org.apache.xml.security.transforms.Transforms dsTransforms =
+ xencTransforms.getDSTransforms();
+
+ // An XPath transform
+ XPathContainer xpc = new XPathContainer(d);
+ xpc.setXPath("self::text()[parent::[EMAIL
PROTECTED]"CipherTextId\"]]");
+
dsTransforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_XPATH,
+
xpc.getElementPlusReturns());
+
+ // Add a Base64 Transforms
+ dsTransforms.addTransform(
+
org.apache.xml.security.transforms.Transforms.TRANSFORM_BASE64_DECODE);
+
+ Element ee = cipher.martial(d, ed);
+
+ docElement.appendChild(ee);
+
+ // Add the cipher text
+ Element encryptedElement = d.createElement("CipherText");
+ encryptedElement.setAttributeNS(null, "Id", "CipherTextId");
+ IdResolver.registerElementById(encryptedElement,
"CipherTextId");
+
encryptedElement.appendChild(d.createTextNode(tstBase64EncodedString));
+ docElement.appendChild(encryptedElement);
+ // dump(d);
+
+ // Now the decrypt, with a brand new cipher
+ XMLCipher cipherDecrypt = XMLCipher.getInstance();
+ Key key =
+ new SecretKeySpec("abcdefghijklmnop".getBytes("ASCII"),
"AES");
+
+ cipherDecrypt.init(XMLCipher.DECRYPT_MODE, key);
+ byte[] decryptBytes = cipherDecrypt.decryptToByteArray(ee);
+
+ Assert.assertEquals(new String(decryptBytes, "ASCII"),
+ new String("A test
encrypted secret"));
+
+ }
private void dump(Element element) {
OutputFormat of = new OutputFormat();
