Java Code Examples for org.apache.xml.security.c14n.Canonicalizer#canonicalizeSubtree()

The following examples show how to use org.apache.xml.security.c14n.Canonicalizer#canonicalizeSubtree() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: XAdESCanonicalizationTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up 
@Override
protected void onDocumentSigned(byte[] byteArray) {
	super.onDocumentSigned(byteArray);
	saveDocumentAndDelete(byteArray);

	try {
		Document doc = DomUtils.buildDOM(byteArray);

		checkKeyInfo(doc);
		checkSignedProperties(doc);
		checkOriginalDocument(doc);

		// ------------------------------------ SIGNED INFO
		// -----------------------------------------------------
		// Signed info extraction
		NodeList signedInfoNodeList = DomUtils.getNodeList(doc, AbstractPaths.all(XMLDSigElement.SIGNED_INFO));
		assertNotNull(signedInfoNodeList);
		assertEquals(1, signedInfoNodeList.getLength());

		Node signedInfo = signedInfoNodeList.item(0);

		// ------------------------------------ SIGNATURE VERIFICATION
		// -----------------------------------------------------
		Canonicalizer canonicalizer = Canonicalizer.getInstance(canonicalizationSignedInfo);
		String signatureValueBase64 = DomUtils.getValue(doc, "//ds:Signature/ds:SignatureValue");
		assertNotNull(signatureValueBase64);

		byte[] canonicalized = canonicalizer.canonicalizeSubtree(signedInfo);

		byte[] sigValue = Utils.fromBase64(signatureValueBase64);

		Signature signature = Signature.getInstance("SHA256withRSA");
		signature.initVerify(getSigningCert().getPublicKey());
		signature.update(canonicalized);
		boolean verify = signature.verify(sigValue);
		assertTrue(verify);
	} catch (Exception e) {
		fail(e.getMessage());
	}
}
Example 2
Source File: XAdESCanonicalizationTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up 
private void checkKeyInfo(Document doc) throws InvalidCanonicalizerException, CanonicalizationException {
	// ------------------------------------ KEY INFO
	// -----------------------------------------------------
	// Key info extraction + Verification
	NodeList keyInfoNodeList = DomUtils.getNodeList(doc, AbstractPaths.all(XMLDSigElement.KEY_INFO));
	assertNotNull(keyInfoNodeList);
	assertEquals(1, keyInfoNodeList.getLength());

	Node keyInfo = keyInfoNodeList.item(0);

	NamedNodeMap keyInfoAttributes = keyInfo.getAttributes();
	Node keyInfoId = keyInfoAttributes.getNamedItem("Id");
	assertNotNull(keyInfoId);

	Canonicalizer canonicalizer = Canonicalizer.getInstance(canonicalizationKeyInfo);

	// Verify KeyInfo Canonicalization Algorithm
	NodeList transformNodes = getReferenceTransforms(doc, "#" + keyInfoId.getNodeValue());
	String keyInfoTransformAlgo = getTransformAlgo(transformNodes.item(0));
	assertEquals(canonicalizer.getURI(), keyInfoTransformAlgo);

	// Verify KeyInfo Digest
	String keyInfoDigest = getReferenceDigest(doc, "#" + keyInfoId.getNodeValue());
	byte[] canonicalizedKeyInfo = canonicalizer.canonicalizeSubtree(keyInfo);
	byte[] digestKeyInfo = DSSUtils.digest(DigestAlgorithm.SHA256, canonicalizedKeyInfo);
	String keyInfoBase64 = Base64.getEncoder().encodeToString(digestKeyInfo);
	assertEquals(keyInfoBase64, keyInfoDigest);
}
Example 3
Source File: XAdESCanonicalizationTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up 
private void checkSignedProperties(Document doc) {
	// ------------------------------------ SIGNED PROPERTIES
	// -----------------------------------------------------
	try {
		// Signed properties extraction + verification
		NodeList signedPropertiesNodeList = DomUtils.getNodeList(doc, AbstractPaths.all(XAdES132Element.SIGNED_PROPERTIES));
		assertNotNull(signedPropertiesNodeList);
		assertEquals(1, signedPropertiesNodeList.getLength());

		Node signedProperties = signedPropertiesNodeList.item(0);

		NamedNodeMap signedPropertiesAttributes = signedProperties.getAttributes();
		Node signedPropertiesId = signedPropertiesAttributes.getNamedItem("Id");
		assertNotNull(signedPropertiesId);

		Canonicalizer canonicalizer = Canonicalizer.getInstance(canonicalizationSignedProperties);

		// Verify KeyInfo Canonicalization Algorithm
		NodeList transformNodes = getReferenceTransforms(doc, "#" + signedPropertiesId.getNodeValue());
		String signedPropertiesTransformAlgo = getTransformAlgo(transformNodes.item(0));
		assertEquals(canonicalizer.getURI(), signedPropertiesTransformAlgo);

		// Verify KeyInfo Digest
		String signedPropertiesDigest = getReferenceDigest(doc, "#" + signedPropertiesId.getNodeValue());
		byte[] canonicalizedSignedProperties = canonicalizer.canonicalizeSubtree(signedProperties);
		byte[] digestProperties = DSSUtils.digest(DigestAlgorithm.SHA256, canonicalizedSignedProperties);
		String propertiesBase64 = Base64.getEncoder().encodeToString(digestProperties);
		assertEquals(propertiesBase64, signedPropertiesDigest);
	} catch (Exception e) {
		fail(e.getMessage());
	}
}
Example 4
Source File: DSSXMLUtils.java    From dss with GNU Lesser General Public License v2.1 3 votes vote down vote up 
/**
 * This method canonicalizes the given {@code Node}.
 * If canonicalization method is not provided, the {@code DEFAULT_CANONICALIZATION_METHOD} is being used
 *
 * @param canonicalizationMethod
 *            canonicalization method (can be null)
 * @param node
 *            {@code Node} to canonicalize
 * @return array of canonicalized bytes
 */
public static byte[] canonicalizeSubtree(String canonicalizationMethod, final Node node) {
	try {
		final Canonicalizer c14n = Canonicalizer.getInstance(getCanonicalizationMethod(canonicalizationMethod));
		return c14n.canonicalizeSubtree(node);
	} catch (Exception e) {
		throw new DSSException("Cannot canonicalize the subtree", e);
	}
}