List of usage examples for java.security Signature getAlgorithm
public final String getAlgorithm()
From source file:com.alfaariss.oa.util.saml2.crypto.SAML2CryptoUtils.java
/** * Retrieve the XML Signature specification URI based on OA Crypto. * * @param crypto The OA crypto manager.// w ww . j a va 2 s . c om * @return The SAML2 signature URI * @throws OAException If OA signing is disabled or protocol is invalid. * @see SignatureConstants */ public static String getXMLSignatureURI(CryptoManager crypto) throws OAException { String sUri = null; Signature signature = crypto.getSignature(); if (signature == null) { _logger.warn("OA Signing is disabled"); throw new OAException(SystemErrors.ERROR_INTERNAL); } String algorithm = signature.getAlgorithm(); if ("SHA1withRSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA; } else if ("SHA1withDSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_DSA; } else if ("SHA256withRSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; } else if ("SHA384withRSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384; } else if ("SHA512withRSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512; } else if ("MD5withRSA".equals(algorithm)) { sUri = SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5; } else { //DD Only a limited number of signing algorithms are supported in OA SAML2 _logger.error("Unsupported digital signature algorithm: " + algorithm); throw new OAException(SystemErrors.ERROR_INTERNAL); } return sUri; }
From source file:de.schlichtherle.xml.GenericCertificate.java
/** * Encodes and signs the given <tt>content</tt> in this certificate and * locks it./*from ww w.ja va 2 s . c om*/ * <p> * Please note the following: * <ul> * <li>This method will throw a <tt>PropertyVetoException</tt> if this * certificate is already locked, i.e. if it has been signed or * verified before.</li> * <li>Because this method locks this certificate, a subsequent call to * {@link #sign(Object, PrivateKey, Signature)} or * {@link #verify(PublicKey, Signature)} is redundant * and will throw a <tt>PropertyVetoException</tt>. * Use {@link #isLocked()} to detect whether a * generic certificate has been successfuly signed or verified before * or call {@link #getContent()} and expect an * Exception to be thrown if it hasn't.</li> * <li>There is no way to unlock this certificate. * Call the copy constructor of {@link GenericCertificate} if you * need an unlocked copy of the certificate.</li> * </ul> * * @param content The object to sign. This must either be a JavaBean or an * instance of any other class which is supported by * <tt>{@link PersistenceService}</tt> * - maybe <tt>null</tt>. * @param signingKey The private key for signing * - may <em>not</em> be <tt>null</tt>. * @param signingEngine The signature signing engine * - may <em>not</em> be <tt>null</tt>. * * @throws NullPointerException If the preconditions for the parameters * do not hold. * @throws GenericCertificateIsLockedException If this certificate is * already locked by signing or verifying it before. * Note that this is actually a subclass of * {@link PropertyVetoException}. * @throws PropertyVetoException If locking the certifificate (and thus * signing the object) is vetoed by any listener. * @throws PersistenceServiceException If the object cannot be serialised. * @throws InvalidKeyException If the verification key is invalid. */ public synchronized final void sign(final Object content, final PrivateKey signingKey, final Signature signingEngine) throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException, PersistenceServiceException, InvalidKeyException { // Check parameters. if (signingKey == null) throw new NullPointerException("signingKey"); if (signingEngine == null) throw new NullPointerException("signingEngine"); // Check lock status. final PropertyChangeEvent evt = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()), Boolean.TRUE); // NOI18N if (isLocked()) throw new GenericCertificateIsLockedException(evt); // Notify vetoable listeners and give them a chance to veto. fireVetoableChange(evt); try { // Encode the object. final byte[] beo = PersistenceService.store2ByteArray(content); // Sign the byte encoded object. signingEngine.initSign(signingKey); signingEngine.update(beo); final byte[] b64es = Base64.encodeBase64(signingEngine.sign()); // the base64 encoded signature final String signature = new String(b64es, 0, b64es.length, BASE64_CHARSET); // Store results. setEncoded(new String(beo, XML_CHARSET)); setSignature(signature); setSignatureAlgorithm(signingEngine.getAlgorithm()); setSignatureEncoding(SIGNATURE_ENCODING); // NOI18N } catch (UnsupportedEncodingException cannotHappen) { throw new AssertionError(cannotHappen); } catch (SignatureException cannotHappen) { throw new AssertionError(cannotHappen); } // Lock this certificate and notify property change listeners. this.locked = true; firePropertyChange(evt); }
From source file:de.schlichtherle.xml.GenericCertificate.java
/** * //from w w w . j a v a2s . c o m * Verifies the digital signature of the encoded content in this * certificate and locks it. * <p> * Please note the following: * <ul> * <li>This method will throw a <tt>PropertyVetoException</tt> if this * certificate is already locked, i.e. if it has been signed or * verified before.</li> * <li>Because this method locks this certificate, a subsequent call to * {@link #sign(Object, PrivateKey, Signature)} or * {@link #verify(PublicKey, Signature)} is redundant * and will throw a <tt>PropertyVetoException</tt>. * Use {@link #isLocked()} to detect whether a * generic certificate has been successfuly signed or verified before * or call {@link #getContent()} and expect an * Exception to be thrown if it hasn't.</li> * <li>There is no way to unlock this certificate. * Call the copy constructor of {@link GenericCertificate} if you * need an unlocked copy of the certificate.</li> * </ul> * * @param verificationKey The public key for verification * - may <em>not</em> be <tt>null</tt>. * @param verificationEngine The signature verification engine * - may <em>not</em> be <tt>null</tt>. * * @throws NullPointerException If the preconditions for the parameters * do not hold. * @throws GenericCertificateIsLockedException If this certificate is * already locked by signing or verifying it before. * Note that this is actually a subclass of * {@link PropertyVetoException}. * @throws PropertyVetoException If locking the certifificate (and thus * verifying the object) is vetoed by any listener. * @throws InvalidKeyException If the verification key is invalid. * @throws SignatureException If signature verification failed. * @throws GenericCertificateIntegrityException If the integrity of this * certificate has been compromised. */ public synchronized final void verify(final PublicKey verificationKey, final Signature verificationEngine) throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException, InvalidKeyException, SignatureException, GenericCertificateIntegrityException { // Check parameters. if (verificationKey == null) throw new NullPointerException("verificationKey"); if (verificationEngine == null) throw new NullPointerException("verificationEngine"); // Check lock status. final PropertyChangeEvent evt = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()), Boolean.TRUE); // NOI18N if (isLocked()) throw new GenericCertificateIsLockedException(evt); // Notify vetoable listeners and give them a chance to veto. fireVetoableChange(evt); try { // Init the byte encoded object. final byte[] beo = getEncoded().getBytes(XML_CHARSET); // Verify the byte encoded object. verificationEngine.initVerify(verificationKey); verificationEngine.update(beo); final byte[] b64ds = Base64.decodeBase64(getSignature().getBytes(BASE64_CHARSET)); if (!verificationEngine.verify(b64ds)) throw new GenericCertificateIntegrityException(); // Reset signature parameters. setSignatureAlgorithm(verificationEngine.getAlgorithm()); setSignatureEncoding(SIGNATURE_ENCODING); } catch (UnsupportedEncodingException cannotHappen) { throw new AssertionError(cannotHappen); } // Lock this certificate and notify property change listeners. this.locked = true; firePropertyChange(evt); }
From source file:zlicense.de.schlichtherle.xml.GenericCertificate.java
public final synchronized void sign(Object paramObject, PrivateKey paramPrivateKey, Signature paramSignature) throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException, PersistenceServiceException, InvalidKeyException { if (paramPrivateKey == null) { throw new NullPointerException("signingKey"); }//from w w w .ja v a 2 s. c o m if (paramSignature == null) { throw new NullPointerException("signingEngine"); } PropertyChangeEvent localPropertyChangeEvent = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()), Boolean.TRUE); if (isLocked()) { throw new GenericCertificateIsLockedException(localPropertyChangeEvent); } fireVetoableChange(localPropertyChangeEvent); try { byte[] arrayOfByte1 = PersistenceService.store2ByteArray(paramObject); paramSignature.initSign(paramPrivateKey); paramSignature.update(arrayOfByte1); byte[] arrayOfByte2 = Base64.encodeBase64(paramSignature.sign()); String str = new String(arrayOfByte2, 0, arrayOfByte2.length, "US-ASCII"); setEncoded(new String(arrayOfByte1, "UTF-8")); setSignature(str); setSignatureAlgorithm(paramSignature.getAlgorithm()); setSignatureEncoding("US-ASCII/Base64"); } catch (UnsupportedEncodingException localUnsupportedEncodingException) { throw new AssertionError(localUnsupportedEncodingException); } catch (SignatureException localSignatureException) { throw new AssertionError(localSignatureException); } this.locked = true; firePropertyChange(localPropertyChangeEvent); }
From source file:zlicense.de.schlichtherle.xml.GenericCertificate.java
public final synchronized void verify(PublicKey paramPublicKey, Signature paramSignature) throws NullPointerException, GenericCertificateIsLockedException, PropertyVetoException, InvalidKeyException, SignatureException, GenericCertificateIntegrityException { if (paramPublicKey == null) { throw new NullPointerException("verificationKey"); }/*from w ww . j a va 2 s .co m*/ if (paramSignature == null) { throw new NullPointerException("verificationEngine"); } PropertyChangeEvent localPropertyChangeEvent = new PropertyChangeEvent(this, "locked", Boolean.valueOf(isLocked()), Boolean.TRUE); if (isLocked()) { throw new GenericCertificateIsLockedException(localPropertyChangeEvent); } fireVetoableChange(localPropertyChangeEvent); try { byte[] arrayOfByte1 = getEncoded().getBytes("UTF-8"); paramSignature.initVerify(paramPublicKey); paramSignature.update(arrayOfByte1); byte[] arrayOfByte2 = Base64.decodeBase64(getSignature().getBytes("US-ASCII")); if (!paramSignature.verify(arrayOfByte2)) { throw new GenericCertificateIntegrityException(); } setSignatureAlgorithm(paramSignature.getAlgorithm()); setSignatureEncoding("US-ASCII/Base64"); } catch (UnsupportedEncodingException localUnsupportedEncodingException) { throw new AssertionError(localUnsupportedEncodingException); } this.locked = true; firePropertyChange(localPropertyChangeEvent); }