santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40921] - XML <X509Certificate> contents modified and signature normallly validated.
Date Mon, 13 Nov 2006 15:02:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40921>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40921





------- Additional Comments From fillipelima@gmail.com  2006-11-13 07:02 -------
(In reply to comment #12)
> >   I would like so much that it was an instance of KeyInfo. however it is an
> > instance of KeyValue. when i call keyInfo.getContent() it returns the content of
> > the KeyValue...and when i call KeyInfo.getClass() it returns a DOMKeyValue
> instance
> 
> Can you post the code that demonstrates this?
> 
> Thanks.

The code:

package br.unit.certificacao;

import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;

import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;

import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.w3c.dom.Element;


public class ValidacaoXmlEnveloped {

  static public XMLSignature validar(Document documento) throws
ValidacaoXmlEnvelopedException {
    boolean      ok        = false;
    XMLSignature signature = null;
    try {
      NodeList listaNos = documento.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
      if (listaNos.getLength() == 0) {
          throw new ValidacaoXmlEnvelopedException("Assinatura não está presente.");
      }
      String              nomeProvider = System.getProperty("jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
      XMLSignatureFactory xmlSigFac    = XMLSignatureFactory.getInstance("DOM",
 (Provider) Class.forName(nomeProvider).newInstance());
      // Cria o DOMValidateContext, especifica o Selector que
      // será usado e o contexto do documento.
      DOMValidateContext valCont      = new DOMValidateContext(new
KeyValueKeySelector(), listaNos.item(0));
      // Instancia o XMLSignature para verificação.
      signature          = xmlSigFac.unmarshalXMLSignature(valCont);
      // Valida o XMLSignature
      ok = signature.validate(valCont);
    } catch( Exception ex ) {
        ex.printStackTrace();
        throw new ValidacaoXmlEnvelopedException(ex.getMessage());
    }
    if (ok) {
        return signature;
    } else
        return null;
  }
//===================================================
// HERE IS WHERE I RECEIVE THE KEYINFO OBJECT
//===================================================

  private static class KeyValueKeySelector extends KeySelector {
    public KeySelectorResult select(KeyInfo keyInfo,  KeySelector.Purpose
purpose, AlgorithmMethod method, XMLCryptoContext context) throws
KeySelectorException {
      if (keyInfo == null) {
        throw new KeySelectorException("Objeto KeyInfo null!");
      }
      SignatureMethod sm   = (SignatureMethod) method;
      List            list = keyInfo.getContent();
      for (int i = 0; i < list.size(); i++) {
        PublicKey pk = null;
        XMLStructure xmlStructure = (XMLStructure) list.get(i);

        if( xmlStructure instanceof X509Data) {
          List lst = ((X509Data)xmlStructure).getContent();
          X509Certificate cert = (X509Certificate)lst.get(0);
          pk = cert.getPublicKey();
        }

        if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
          return new SimpleKeySelectorResult(pk);
        }
      }
      throw new KeySelectorException("Nenhum elemento KeyValue encontrado!");
    }

    static boolean algEquals(String algURI, String algName) {
      if (algName.equalsIgnoreCase("DSA") &&
algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
        return true;
      } else if (algName.equalsIgnoreCase("RSA") &&
algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
          return true;
        } else {
            return false;
        }
    }
  }

  private static class SimpleKeySelectorResult implements KeySelectorResult {
    private PublicKey pk;
    SimpleKeySelectorResult(PublicKey pk) {
      this.pk = pk;
    }
    public Key getKey() {
      return pk;
    }
  }

}



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message