List of usage examples for javax.xml.crypto.dom DOMStructure DOMStructure
public DOMStructure(Node node)
DOMStructure containing the specified node. From source file:org.roda.common.certification.ODFSignatureUtils.java
private static List<XMLObject> getXMLObjectList(XMLSignatureFactory factory, Document docSignatures, String signatureId, String signaturePropertyId) { Element content = docSignatures.createElement("dc:date"); content.setAttribute("xmlns:dc", "http://purl.org/dc/elements/1.1/"); SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss,SS"); content.setTextContent(sdf.format(new Date())); XMLStructure str = new DOMStructure(content); List<XMLStructure> contentList = new ArrayList<XMLStructure>(); contentList.add(str);/*from w ww. j a v a 2s . co m*/ SignatureProperty sp = factory.newSignatureProperty(contentList, "#" + signatureId, signaturePropertyId); List<SignatureProperty> spList = new ArrayList<SignatureProperty>(); spList.add(sp); SignatureProperties sps = factory.newSignatureProperties(spList, null); List<SignatureProperties> spsList = new ArrayList<SignatureProperties>(); spsList.add(sps); XMLObject object = factory.newXMLObject(spsList, null, null, null); List<XMLObject> objectList = new ArrayList<XMLObject>(); objectList.add(object); return objectList; }
From source file:org.roda.core.plugins.plugins.characterization.ODFSignatureUtils.java
private static List<XMLObject> getXMLObjectList(XMLSignatureFactory factory, Document docSignatures, String signatureId, String signaturePropertyId) { Element content = docSignatures.createElement("dc:date"); content.setAttribute("xmlns:dc", "http://purl.org/dc/elements/1.1/"); SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss,SS"); content.setTextContent(sdf.format(new Date())); XMLStructure str = new DOMStructure(content); List<XMLStructure> contentList = new ArrayList<>(); contentList.add(str);//w ww. j av a 2 s .c o m SignatureProperty sp = factory.newSignatureProperty(contentList, "#" + signatureId, signaturePropertyId); List<SignatureProperty> spList = new ArrayList<>(); spList.add(sp); SignatureProperties sps = factory.newSignatureProperties(spList, null); List<SignatureProperties> spsList = new ArrayList<>(); spsList.add(sps); XMLObject object = factory.newXMLObject(spsList, null, null, null); List<XMLObject> objectList = new ArrayList<>(); objectList.add(object); return objectList; }
From source file:org.warlock.itk.distributionenvelope.Payload.java
/** * Sign the payloadBody as-is. Note that this is going to be encrypted anyway * so we avoid any incompatibilities due to canonicalisation, and we don't * care if the payloadBody is text, compressed and so on. Re-writes payloadBody * with a serialised XML Digital Signature "Signature" element containing an * enveloping signature, or throws an exception to signal failure. * /*from w w w. j a va2 s . c o m*/ * @param pk * @param cert * @throws Exception */ private void signPayload(PrivateKey pk, X509Certificate cert) throws Exception { if ((pk == null) || (cert == null)) { throw new Exception("Null signing material"); } cert.checkValidity(); XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM"); Reference ref = null; String objectRef = "uuid" + UUID.randomUUID().toString(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = null; DOMStructure payloadContent = null; if (compressed || base64 || !mimeType.contains("xml")) { ref = xsf.newReference("#" + objectRef, xsf.newDigestMethod(DigestMethod.SHA1, null)); doc = dbf.newDocumentBuilder().newDocument(); payloadContent = new DOMStructure(doc.createTextNode(payloadBody)); } else { Transform t = xsf.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); ref = xsf.newReference("#" + objectRef, xsf.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(t), null, null); doc = dbf.newDocumentBuilder().parse(new InputSource(new StringReader(payloadBody))); payloadContent = new DOMStructure(doc.getDocumentElement()); } XMLObject payloadObject = xsf.newXMLObject(Collections.singletonList(payloadContent), objectRef, null, null); SignedInfo si = xsf.newSignedInfo( xsf.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), xsf.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = xsf.getKeyInfoFactory(); ArrayList<Object> x509content = new ArrayList<Object>(); x509content.add(cert); X509Data xd = kif.newX509Data(x509content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); XMLSignature signature = xsf.newXMLSignature(si, ki, Collections.singletonList(payloadObject), null, null); DOMSignContext dsc = new DOMSignContext(pk, doc); signature.sign(dsc); StringWriter sw = new StringWriter(); StreamResult sr = new StreamResult(sw); Transformer tx = TransformerFactory.newInstance().newTransformer(); tx.transform(new DOMSource(doc), sr); if (sw.toString().indexOf("<?xml ") == 0) { payloadBody = sw.toString().substring(sw.toString().indexOf("?>") + "?>".length()); } else { payloadBody = sw.toString(); } }
From source file:org.warlock.itk.distributionenvelope.Payload.java
/** * Carries out the cryptographic part of signature verification on a parsed * "Signature" element.//from w w w. j av a 2 s. c o m * @param signature * @throws Exception */ private void verifySignature(Element signature) throws Exception { X509Certificate x509 = getCertificate(signature); SimpleKeySelector sks = new SimpleKeySelector(); sks.setFixedKey(x509.getPublicKey()); DOMStructure sig = new DOMStructure(signature); XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM"); DOMValidateContext dvc = new DOMValidateContext(sks, signature); dvc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); XMLSignature xmlsig = xsf.unmarshalXMLSignature(sig); boolean isvalid = xmlsig.validate(dvc); if (!isvalid) { throw new Exception("Signature invalid"); } }
From source file:test.integ.be.fedict.hsm.ws.WSSecurityTestSOAPHandler.java
private void addSignature(Element wsSecurityHeaderElement, Element tsElement, Element bodyElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, NoSuchProviderException, SOAPException { if (null == this.privateKey) { return;/* w w w . j a v a2s. c o m*/ } DOMSignContext domSignContext = new DOMSignContext(this.privateKey, wsSecurityHeaderElement); domSignContext.setDefaultNamespacePrefix("ds"); domSignContext.setIdAttributeNS(tsElement, WSU_NAMESPACE, "Id"); domSignContext.setIdAttributeNS(bodyElement, WSU_NAMESPACE, "Id"); LOG.debug("Timestamp element found: " + (null != domSignContext.getElementById("TS"))); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM"); List<Reference> references = new LinkedList<Reference>(); List<String> tsPrefixes = new LinkedList<String>(); tsPrefixes.add("wsse"); tsPrefixes.add("S"); ExcC14NParameterSpec tsTransformSpec = new ExcC14NParameterSpec(tsPrefixes); Reference tsReference = xmlSignatureFactory.newReference("#TS", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList( xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, tsTransformSpec)), null, null); references.add(tsReference); if (this.signBody) { List<String> bodyPrefixes = new LinkedList<String>(); ExcC14NParameterSpec bodyTransformSpec = new ExcC14NParameterSpec(bodyPrefixes); Reference bodyReference = xmlSignatureFactory.newReference("#Body", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList( xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, bodyTransformSpec)), null, null); references.add(bodyReference); } if (this.signBinarySecurityToken) { Reference bstReference = xmlSignatureFactory .newReference("#X509", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList(xmlSignatureFactory .newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); references.add(bstReference); } SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory.newSignatureMethod(this.signatureAlgorithm, null), references); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); Document document = wsSecurityHeaderElement.getOwnerDocument(); Element securityTokenReferenceElement = document.createElementNS(WSSE_NAMESPACE, "wsse:SecurityTokenReference"); Element referenceElement = document.createElementNS(WSSE_NAMESPACE, "wsse:Reference"); referenceElement.setAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); referenceElement.setAttribute("URI", "#X509"); securityTokenReferenceElement.appendChild(referenceElement); KeyInfo keyInfo = keyInfoFactory .newKeyInfo(Collections.singletonList(new DOMStructure(securityTokenReferenceElement))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo, null, "SIG", null); xmlSignature.sign(domSignContext); }