Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:02:56 -0400 (Sat, 29 Aug 2009)
New Revision: 749
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
Log:
fix bug
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-28
00:34:20 UTC (rev 748)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-29
07:02:56 UTC (rev 749)
@@ -22,10 +22,12 @@
package org.jboss.identity.federation.api.util;
import java.io.OutputStream;
+import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
+import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.util.Collections;
import java.util.List;
@@ -58,6 +60,7 @@
import javax.xml.transform.stream.StreamResult;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
@@ -101,7 +104,32 @@
return xsf;
}
+ //Set some system properties
+ static
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty("org.apache.xml.security.ignoreLineBreaks",
"true");
+ return null;
+ }
+ });
+ };
+
/**
+ * Precheck whether the document that will be validated
+ * has the right signedinfo
+ * @param doc
+ * @return
+ */
+ public static boolean preCheckSignedInfo(Document doc)
+ {
+ NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(),
"SignedInfo");
+ return nl != null ? nl.getLength() > 0 : false;
+ }
+
+ /**
* Sign a node in a document
* @param doc Document
* @param parentOfNodeToBeSigned Parent Node of the node to be signed
@@ -161,6 +189,9 @@
log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
}catch (Exception e) {}
}
+
+ Node parentNode = nodeToBeSigned.getParentNode();
+
//Let us create a new Document
Document newDoc = DocumentUtil.createDocument();
//Import the node
@@ -172,7 +203,8 @@
//Now let us import this signed doc into the original document we got in the method
call
Node signedNode = doc.importNode(newDoc.getFirstChild(), true);
- doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
+ parentNode.replaceChild(signedNode, nodeToBeSigned);
+ //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
return doc;
}
@@ -207,7 +239,9 @@
PrivateKey signingKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ dsc.setDefaultNamespacePrefix("dsig");
+
// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
@@ -254,8 +288,10 @@
{
throw new IllegalArgumentException("Cannot find Signature element");
}
+ if(publicKey == null)
+ throw new IllegalArgumentException("Public Key is null");
+
DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
-
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);