cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing Metadata signature creation
Date Thu, 18 Sep 2014 20:01:54 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes 17e8c07f3 -> 0d75bd36c


Fixing Metadata signature creation

Conflicts:
	plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0d75bd36
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0d75bd36
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0d75bd36

Branch: refs/heads/1.1.x-fixes
Commit: 0d75bd36c947914a05d90033cf3614351b776be6
Parents: 17e8c07
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 18 20:57:34 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 18 21:01:47 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/metadata/MetadataWriter.java |  4 ++--
 .../cxf/fediz/core/util/SignatureUtils.java     | 16 +++-----------
 .../cxf/fediz/core/FederationMetaDataTest.java  | 22 ++++++++++++++++++--
 .../fediz/service/idp/util/MetadataWriter.java  | 15 ++++++-------
 4 files changed, 31 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index e1579dd..a746757 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -208,10 +208,10 @@ public class MetadataWriter {
                 LOG.info("No signingKey element found in config: " + ex.getMessage());
             }
             if (hasSigningKey) {
-                ByteArrayOutputStream result = SignatureUtils.signMetaInfo(
+                Document result = SignatureUtils.signMetaInfo(
                     config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(),
config.getSigningKey().getKeyPassword(), is, referenceID);
                 if (result != null) {
-                    is = new ByteArrayInputStream(result.toByteArray());
+                    return result;
                 } else {
                     throw new ProcessingException("Failed to sign the metadata document:
result=null");
                 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 74ada3e..12452f4 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.fediz.core.util;
 
-import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
@@ -42,10 +41,6 @@ import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.w3c.dom.Document;
 
@@ -60,13 +55,12 @@ public final class SignatureUtils {
     
     private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
     
     private SignatureUtils() {
     }
     
     
-    public static ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyAlias, String
keyPassword,
+    public static Document signMetaInfo(Crypto crypto, String keyAlias, String keyPassword,
                                               InputStream metaInfo, String referenceID) throws
Exception {
         if (keyAlias == null || "".equals(keyAlias)) {
             keyAlias = crypto.getDefaultX509Identifier();
@@ -164,12 +158,8 @@ public final class SignatureUtils {
 
         // step 4
         // Output the resulting document.
-
-        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
-        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
-        trans.transform(new DOMSource(doc), new StreamResult(os));
-        os.flush();
-        return os;
+        
+        return doc;
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
index cf3353a..3c0b9a3 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
@@ -25,6 +25,8 @@ import java.net.URL;
 import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 import junit.framework.Assert;
 
@@ -34,6 +36,10 @@ import org.apache.cxf.fediz.core.config.FederationContext;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
 import org.junit.AfterClass;
 
 import static org.junit.Assert.fail;
@@ -63,7 +69,7 @@ public class FederationMetaDataTest {
     
 
     @org.junit.Test
-    public void validateMetaDataWithAlias() throws ProcessingException {
+    public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException,
XMLSecurityException {
 
         FederationContext config = loadConfig("ROOT");
 
@@ -71,12 +77,25 @@ public class FederationMetaDataTest {
         Document doc = wfProc.getMetaData(config);
         Assert.assertNotNull(doc);
         
+        Node signatureNode = doc.getElementsByTagName("Signature").item(0);
+        Assert.assertNotNull(signatureNode);
+        
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
         try {
             DOMUtils.writeXml(doc, System.out);
         } catch (TransformerException e) {
             fail("Exception not expected: " + e.getMessage()); 
         }
         
+        // Validate the signature
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+        
     }
 
     @org.junit.Test
@@ -113,6 +132,5 @@ public class FederationMetaDataTest {
         }
         
     }
-   
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
index 16bc05e..c0bcbc0 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
@@ -34,7 +34,6 @@ import javax.xml.stream.XMLStreamWriter;
 import org.w3c.dom.Document;
 
 import org.apache.cxf.fediz.core.util.CertsUtils;
-import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.core.util.SignatureUtils;
 import org.apache.cxf.fediz.service.idp.model.IDPConfig;
 
@@ -45,10 +44,10 @@ import org.apache.ws.security.util.UUIDGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
 
 public class MetadataWriter {
     
@@ -173,14 +172,12 @@ public class MetadataWriter {
             
             InputStream is = new ByteArrayInputStream(bout.toByteArray());
             
-            ByteArrayOutputStream result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
is, referenceID);
+            Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
is, referenceID);
             if (result != null) {
-                is = new ByteArrayInputStream(result.toByteArray());
+                return result;
             } else {
                 throw new RuntimeException("Failed to sign the metadata document: result=null");
             }
-        
-            return DOMUtils.readXml(is);
         } catch (RuntimeException e) {
             throw e;
         } catch (Exception e) {


Mime
View raw message