Repository: cxf-fediz
Updated Branches:
refs/heads/1.1.x-fixes 17e8c07f3 -> 0d75bd36c
Fixing Metadata signature creation
Conflicts:
plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0d75bd36
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0d75bd36
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0d75bd36
Branch: refs/heads/1.1.x-fixes
Commit: 0d75bd36c947914a05d90033cf3614351b776be6
Parents: 17e8c07
Author: Colm O hEigeartaigh <[email protected]>
Authored: Thu Sep 18 20:57:34 2014 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Thu Sep 18 21:01:47 2014 +0100
----------------------------------------------------------------------
.../cxf/fediz/core/metadata/MetadataWriter.java | 4 ++--
.../cxf/fediz/core/util/SignatureUtils.java | 16 +++-----------
.../cxf/fediz/core/FederationMetaDataTest.java | 22 ++++++++++++++++++--
.../fediz/service/idp/util/MetadataWriter.java | 15 ++++++-------
4 files changed, 31 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index e1579dd..a746757 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -208,10 +208,10 @@ public class MetadataWriter {
LOG.info("No signingKey element found in config: " +
ex.getMessage());
}
if (hasSigningKey) {
- ByteArrayOutputStream result = SignatureUtils.signMetaInfo(
+ Document result = SignatureUtils.signMetaInfo(
config.getSigningKey().getCrypto(),
config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(),
is, referenceID);
if (result != null) {
- is = new ByteArrayInputStream(result.toByteArray());
+ return result;
} else {
throw new ProcessingException("Failed to sign the metadata
document: result=null");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 74ada3e..12452f4 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -19,7 +19,6 @@
package org.apache.cxf.fediz.core.util;
-import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
@@ -42,10 +41,6 @@ import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
@@ -60,13 +55,12 @@ public final class SignatureUtils {
private static final XMLSignatureFactory XML_SIGNATURE_FACTORY =
XMLSignatureFactory.getInstance("DOM");
private static final DocumentBuilderFactory DOC_BUILDER_FACTORY =
DocumentBuilderFactory.newInstance();
- private static final TransformerFactory TRANSFORMER_FACTORY =
TransformerFactory.newInstance();
private SignatureUtils() {
}
- public static ByteArrayOutputStream signMetaInfo(Crypto crypto, String
keyAlias, String keyPassword,
+ public static Document signMetaInfo(Crypto crypto, String keyAlias, String
keyPassword,
InputStream metaInfo, String
referenceID) throws Exception {
if (keyAlias == null || "".equals(keyAlias)) {
keyAlias = crypto.getDefaultX509Identifier();
@@ -164,12 +158,8 @@ public final class SignatureUtils {
// step 4
// Output the resulting document.
-
- ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
- Transformer trans = TRANSFORMER_FACTORY.newTransformer();
- trans.transform(new DOMSource(doc), new StreamResult(os));
- os.flush();
- return os;
+
+ return doc;
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
----------------------------------------------------------------------
diff --git
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
index cf3353a..3c0b9a3 100644
---
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
+++
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
@@ -25,6 +25,8 @@ import java.net.URL;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import junit.framework.Assert;
@@ -34,6 +36,10 @@ import org.apache.cxf.fediz.core.config.FederationContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
import org.junit.AfterClass;
import static org.junit.Assert.fail;
@@ -63,7 +69,7 @@ public class FederationMetaDataTest {
@org.junit.Test
- public void validateMetaDataWithAlias() throws ProcessingException {
+ public void validateMetaDataWithAlias() throws ProcessingException,
XMLSignatureException, XMLSecurityException {
FederationContext config = loadConfig("ROOT");
@@ -71,12 +77,25 @@ public class FederationMetaDataTest {
Document doc = wfProc.getMetaData(config);
Assert.assertNotNull(doc);
+ Node signatureNode = doc.getElementsByTagName("Signature").item(0);
+ Assert.assertNotNull(signatureNode);
+
+ doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
fail("Exception not expected: " + e.getMessage());
}
+ // Validate the signature
+ XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ Assert.assertNotNull(ki.getX509Certificate());
+
+
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
}
@org.junit.Test
@@ -113,6 +132,5 @@ public class FederationMetaDataTest {
}
}
-
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d75bd36/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
----------------------------------------------------------------------
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
index 16bc05e..c0bcbc0 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
@@ -34,7 +34,6 @@ import javax.xml.stream.XMLStreamWriter;
import org.w3c.dom.Document;
import org.apache.cxf.fediz.core.util.CertsUtils;
-import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.cxf.fediz.core.util.SignatureUtils;
import org.apache.cxf.fediz.service.idp.model.IDPConfig;
@@ -45,10 +44,10 @@ import org.apache.ws.security.util.UUIDGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
public class MetadataWriter {
@@ -173,14 +172,12 @@ public class MetadataWriter {
InputStream is = new ByteArrayInputStream(bout.toByteArray());
- ByteArrayOutputStream result = SignatureUtils.signMetaInfo(crypto,
null, config.getCertificatePassword(), is, referenceID);
+ Document result = SignatureUtils.signMetaInfo(crypto, null,
config.getCertificatePassword(), is, referenceID);
if (result != null) {
- is = new ByteArrayInputStream(result.toByteArray());
+ return result;
} else {
throw new RuntimeException("Failed to sign the metadata
document: result=null");
}
-
- return DOMUtils.readXml(is);
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
