cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing Metadata signature creation
Date Thu, 18 Sep 2014 19:57:53 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 2a5b457ea -> 3f0b480d0


Fixing Metadata signature creation


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3f0b480d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3f0b480d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3f0b480d

Branch: refs/heads/master
Commit: 3f0b480d0cd901df28582cd762291b1b14eebef3
Parents: 2a5b457
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 18 20:57:34 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 18 20:57:34 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/metadata/MetadataWriter.java |  5 +++--
 .../cxf/fediz/core/util/SignatureUtils.java     | 16 +++-----------
 .../core/federation/FederationMetaDataTest.java | 22 ++++++++++++++++++--
 .../fediz/service/idp/util/MetadataWriter.java  | 16 +++++++-------
 4 files changed, 33 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index fe5efc3..1f647b9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -34,6 +34,7 @@ import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamWriter;
 
 import org.w3c.dom.Document;
+
 import org.apache.cxf.fediz.core.config.Claim;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -124,10 +125,10 @@ public class MetadataWriter {
                 LOG.info("No signingKey element found in config: " + ex.getMessage());
             }
             if (hasSigningKey) {
-                ByteArrayOutputStream result = SignatureUtils.signMetaInfo(
+                Document result = SignatureUtils.signMetaInfo(
                     config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(),
config.getSigningKey().getKeyPassword(), is, referenceID);
                 if (result != null) {
-                    is = new ByteArrayInputStream(result.toByteArray());
+                    return result;
                 } else {
                     throw new ProcessingException("Failed to sign the metadata document:
result=null");
                 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index ba2e1d9..ab4d211 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.fediz.core.util;
 
-import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
@@ -42,10 +41,6 @@ import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.w3c.dom.Document;
 
@@ -59,13 +54,12 @@ public final class SignatureUtils {
     
     private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
     
     private SignatureUtils() {
     }
     
     
-    public static ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyAlias, String
keyPassword,
+    public static Document signMetaInfo(Crypto crypto, String keyAlias, String keyPassword,
                                               InputStream metaInfo, String referenceID) throws
Exception {
         if (keyAlias == null || "".equals(keyAlias)) {
             keyAlias = crypto.getDefaultX509Identifier();
@@ -163,12 +157,8 @@ public final class SignatureUtils {
 
         // step 4
         // Output the resulting document.
-
-        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
-        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
-        trans.transform(new DOMSource(doc), new StreamResult(os));
-        os.flush();
-        return os;
+        
+        return doc;
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
index 211df13..f49c90d 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
@@ -25,6 +25,8 @@ import java.net.URL;
 import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -32,6 +34,10 @@ import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
 import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
 import org.junit.AfterClass;
 import org.junit.Assert;
 
@@ -62,7 +68,7 @@ public class FederationMetaDataTest {
     
 
     @org.junit.Test
-    public void validateMetaDataWithAlias() throws ProcessingException {
+    public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException,
XMLSecurityException {
 
         FedizContext config = loadConfig("ROOT");
 
@@ -70,12 +76,25 @@ public class FederationMetaDataTest {
         Document doc = wfProc.getMetaData(config);
         Assert.assertNotNull(doc);
         
+        Node signatureNode = doc.getElementsByTagName("Signature").item(0);
+        Assert.assertNotNull(signatureNode);
+        
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
         try {
             DOMUtils.writeXml(doc, System.out);
         } catch (TransformerException e) {
             fail("Exception not expected: " + e.getMessage()); 
         }
         
+        // Validate the signature
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+        
     }
 
     @org.junit.Test
@@ -112,6 +131,5 @@ public class FederationMetaDataTest {
         }
         
     }
-   
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
index 237b32c..b50961b 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
@@ -31,8 +31,8 @@ import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLStreamWriter;
 
 import org.w3c.dom.Document;
+
 import org.apache.cxf.fediz.core.util.CertsUtils;
-import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.core.util.SignatureUtils;
 import org.apache.cxf.fediz.service.idp.domain.Claim;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
@@ -42,10 +42,10 @@ import org.apache.xml.security.utils.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
 
 public class MetadataWriter {
     
@@ -170,14 +170,12 @@ public class MetadataWriter {
             
             InputStream is = new ByteArrayInputStream(bout.toByteArray());
             
-            ByteArrayOutputStream result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
is, referenceID);
+            Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
is, referenceID);
             if (result != null) {
-                is = new ByteArrayInputStream(result.toByteArray());
+                return result;
             } else {
                 throw new RuntimeException("Failed to sign the metadata document: result=null");
             }
-        
-            return DOMUtils.readXml(is);
         } catch (RuntimeException e) {
             throw e;
         } catch (Exception e) {


Mime
View raw message