List of usage examples for javax.xml.crypto.dsig DigestMethod SHA1
String SHA1
To view the source code for javax.xml.crypto.dsig DigestMethod SHA1.
Click Source Link
From source file:com.bcmcgroup.flare.xmldsig.Xmldsig.java
/** * Method used to create an enveloped digital signature for an element of a TAXII document. * * @param element the element to be signed * @param keyEntry the PrivateKeyEntry/* w w w. java2 s . c om*/ * @param cbIndex the index of the Content_Block if we're signing a Content_Block, otherwise set to -1 if we're signing the root element * @return the status of the operation * * Usage Example: * String pks = config.getProperty("pathToPublisherKeyStore"); * String pksPw = FLAREclientUtil.decrypt(config.getProperty("publisherKeyStorePassword")); * String keyName = config.getProperty("publisherKeyName"); * String keyPW = FLAREclientUtil.decrypt(config.getProperty("publisherKeyPassword")); * PrivateKeyEntry keyEntry = FLAREclientUtil.getKeyEntry(pks, pksPw, keyName, keyPW); * List<Integer> statusList = Xmldsig.sign(rootElement, keyEntry, -1); */ private static boolean sign(Element element, PrivateKeyEntry keyEntry, int cbIndex) { element.normalize(); boolean status = false; //Create XML Signature Factory XMLSignatureFactory xmlSigFactory = XMLSignatureFactory.getInstance("DOM"); PublicKey publicKey = ClientUtil.getPublicKey(keyEntry); PrivateKey privateKey = keyEntry.getPrivateKey(); DOMSignContext dsc = new DOMSignContext(privateKey, element); dsc.setDefaultNamespacePrefix("ds"); dsc.setURIDereferencer(new MyURIDereferencer(element)); SignedInfo si = null; DigestMethod dm = null; SignatureMethod sm = null; KeyInfo ki = null; X509Data xd; List<Serializable> x509Content = new ArrayList<>(); try { String algorithm = publicKey.getAlgorithm(); X509Certificate cert = (X509Certificate) keyEntry.getCertificate(); x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); String algorithmName = cert.getSigAlgName(); if (algorithm.toUpperCase().contains("RSA")) { if (algorithmName.toUpperCase().contains("SHA1")) { dm = xmlSigFactory.newDigestMethod(DigestMethod.SHA1, null); sm = xmlSigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); } else if (algorithmName.toUpperCase().contains("SHA2")) { dm = xmlSigFactory.newDigestMethod(DigestMethod.SHA256, null); sm = xmlSigFactory.newSignatureMethod(RSA_SHA256_URI, null); } else { logger.error("Error in digital signature application. " + algorithmName + " is not supported."); } CanonicalizationMethod cm; if (cbIndex != -1) { cm = xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); String refUri = "#xpointer(//*[local-name()='Content_Block'][" + cbIndex + "]/*[local-name()='Content'][1]/*)"; List<Reference> references = Collections.singletonList(xmlSigFactory.newReference(refUri, dm)); si = xmlSigFactory.newSignedInfo(cm, sm, references); } else { List<Transform> transforms = new ArrayList<>(2); transforms.add(xmlSigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add(xmlSigFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)); cm = xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); String refUri = "#xpointer(/*)"; List<Reference> references = Collections .singletonList(xmlSigFactory.newReference(refUri, dm, transforms, null, null)); si = xmlSigFactory.newSignedInfo(cm, sm, references); } KeyInfoFactory kif = xmlSigFactory.getKeyInfoFactory(); xd = kif.newX509Data(x509Content); ki = kif.newKeyInfo(Collections.singletonList(xd)); } else { logger.error("Error in digital signature application. " + algorithmName + " is not supported."); } } catch (NoSuchAlgorithmException ex) { logger.error("NoSuchAlgorithm Exception when attempting to digitally sign a document."); } catch (InvalidAlgorithmParameterException ex) { logger.error("InvalidAlgorithmParameter Exception when attempting to digitally sign a document."); } // Create a new XML Signature XMLSignature signature = xmlSigFactory.newXMLSignature(si, ki); try { // Sign the document signature.sign(dsc); status = true; } catch (MarshalException ex) { logger.error("MarshalException when attempting to digitally sign a document."); } catch (XMLSignatureException ex) { logger.error("XMLSignature Exception when attempting to digitally sign a document."); } catch (Exception e) { logger.error("General exception when attempting to digitally sign a document."); } return status; }
From source file:be.e_contract.mycarenet.xkms2.KeyBindingAuthenticationSignatureSOAPHandler.java
private void addSignature(Element parentElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext(this.authnPrivateKey, parentElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM"); Reference reference = xmlSignatureFactory.newReference(this.referenceUri, xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null);//from ww w. j a va 2 s . co m SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections .singletonList(keyInfoFactory.newX509Data(Collections.singletonList(this.authnCertificate)))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
From source file:ee.ria.xroad.common.util.CryptoUtils.java
/** * Returns the digest/signature algorithm URI for the given digest/signature algorithm identifier. * @param algoId the id of the algorithm * @return the URI of the algorithm//from w w w . j a va2s . com * @throws NoSuchAlgorithmException if the algorithm id is unknown */ public static String getDigestAlgorithmURI(String algoId) throws NoSuchAlgorithmException { switch (algoId) { case SHA1_ID: return DigestMethod.SHA1; case SHA224_ID: return MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224; case SHA256_ID: return DigestMethod.SHA256; case SHA384_ID: return MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384; case SHA512_ID: return DigestMethod.SHA512; default: throw new NoSuchAlgorithmException("Unknown algorithm id: " + algoId); } }
From source file:ee.ria.xroad.common.util.CryptoUtils.java
/** * Returns the digest/signature algorithm identifier for the given digest/signature algorithm URI. * @param algoURI the URI of the algorithm * @return the identifier of the algorithm * @throws NoSuchAlgorithmException if the algorithm URI is unknown *///from ww w. jav a 2s.co m public static String getAlgorithmId(String algoURI) throws NoSuchAlgorithmException { switch (algoURI) { case DigestMethod.SHA1: return SHA1_ID; case MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224: return SHA224_ID; case DigestMethod.SHA256: return SHA256_ID; case MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384: return SHA384_ID; case DigestMethod.SHA512: return SHA512_ID; case ALGO_ID_SIGNATURE_RSA_SHA1: return SHA1WITHRSA_ID; case ALGO_ID_SIGNATURE_RSA_SHA256: return SHA256WITHRSA_ID; case ALGO_ID_SIGNATURE_RSA_SHA384: return SHA384WITHRSA_ID; case ALGO_ID_SIGNATURE_RSA_SHA512: return SHA512WITHRSA_ID; case ALGO_ID_SIGNATURE_RSA_SHA256_MGF1: return SHA256WITHRSAANDMGF1_ID; case ALGO_ID_SIGNATURE_RSA_SHA384_MGF1: return SHA384WITHRSAANDMGF1_ID; case ALGO_ID_SIGNATURE_RSA_SHA512_MGF1: return SHA512WITHRSAANDMGF1_ID; default: throw new NoSuchAlgorithmException("Unknown algorithm URI: " + algoURI); } }
From source file:test.integ.be.fedict.hsm.ws.WebServiceSecurityTest.java
@Test public void testWSSecurity_SHA1DigestAlgoFails() throws Exception { DigitalSignatureServicePortType dssPort = getPort(); KeyPair keyPair = HSMProxyTestCredential.generateKeyPair(); X509Certificate certificate = HSMProxyTestCredential.generateSelfSignedCertificate(keyPair); WSSecurityTestSOAPHandler securityTestSOAPHandler = new WSSecurityTestSOAPHandler(); securityTestSOAPHandler.addTimestamp(true); securityTestSOAPHandler.addBinarySecurityToken(certificate); securityTestSOAPHandler.addSignature(keyPair.getPrivate()); securityTestSOAPHandler.setDigestAlgorithm(DigestMethod.SHA1); addSOAPHandler(securityTestSOAPHandler, dssPort); ObjectFactory objectFactory = new ObjectFactory(); SignRequest signRequest = objectFactory.createSignRequest(); try {// w w w . ja va 2 s . c om dssPort.sign(signRequest); fail(); } catch (SOAPFaultException e) { LOG.debug("expected exception: " + e.getMessage()); // expected } assertEquals(1, getNumberOfSecurityAuditRecords()); }
From source file:at.gv.egiz.bku.slcommands.impl.cms.Signature.java
private void setAlgorithmIDs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException { AlgorithmMethodFactory amf = new AlgorithmMethodFactoryImpl(signingCertificate, useStrongHash); signatureAlgorithmURI = amf.getSignatureAlgorithmURI(); signatureAlgorithm = amf.getSignatureAlgorithmID(); if (digestAlgorithm != null) { if (AlgorithmID.sha1.equals(digestAlgorithm)) { digestAlgorithmURI = DigestMethod.SHA1; } else if (AlgorithmID.sha256.equals(digestAlgorithm)) { digestAlgorithmURI = DigestMethod.SHA256; } else if (AlgorithmID.sha512.equals(digestAlgorithm)) { digestAlgorithmURI = DigestMethod.SHA512; } else if (AlgorithmID.ripeMd160.equals(digestAlgorithm)) { digestAlgorithmURI = DigestMethod.RIPEMD160; } else {/* w ww. ja v a2 s.c o m*/ throw new NoSuchAlgorithmException("Algorithm '" + digestAlgorithm + "' not supported."); } } else { digestAlgorithmURI = amf.getDigestAlgorithmURI(); digestAlgorithm = amf.getDigestAlgorithmID(); } }
From source file:es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.signer.AbstractXmlSignatureService.java
private static String getXmlDigestAlgo(final String digestAlgo) { if ("SHA1".equals(digestAlgo) || "SHA-1".equals(digestAlgo) || "SHA".equals(digestAlgo)) { //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ return DigestMethod.SHA1; }// ww w . j a va 2 s. co m if ("SHA-256".equals(digestAlgo) || "SHA256".equals(digestAlgo)) { //$NON-NLS-1$ //$NON-NLS-2$ return DigestMethod.SHA256; } if ("SHA-512".equals(digestAlgo) || "SHA512".equals(digestAlgo)) { //$NON-NLS-1$ //$NON-NLS-2$ return DigestMethod.SHA512; } throw new IllegalArgumentException("unsupported digest algo: " + digestAlgo); //$NON-NLS-1$ }
From source file:be.fedict.eid.applet.service.signer.AbstractXmlSignatureService.java
private String getXmlDigestAlgo(String digestAlgo) { if ("SHA-1".equals(digestAlgo)) { return DigestMethod.SHA1; }/* w ww . j av a 2 s .c o m*/ if ("SHA-256".equals(digestAlgo)) { return DigestMethod.SHA256; } if ("SHA-512".equals(digestAlgo)) { return DigestMethod.SHA512; } throw new RuntimeException("unsupported digest algo: " + digestAlgo); }
From source file:eu.europa.ec.markt.dss.validation.xades.XAdESSignature.java
private String getShortAlgoName(String longAlgoName) { if (DigestMethod.SHA1.equals(longAlgoName)) { return "SHA1"; } else if (DigestMethod.SHA256.equals(longAlgoName)) { return "SHA256"; } else if (DigestMethod.SHA512.equals(longAlgoName)) { return "SHA512"; } else {// www . j a v a 2s. com throw new RuntimeException("Algorithm " + longAlgoName + " not supported"); } }
From source file:be.fedict.eid.dss.spi.utils.XAdESUtils.java
public static String getDigestAlgo(String xmlDigestAlgo) { if (DigestMethod.SHA1.equals(xmlDigestAlgo)) { return "SHA-1"; }/*from ww w . j a va 2s . c o m*/ if (DigestMethod.SHA256.equals(xmlDigestAlgo)) { return "SHA-256"; } if (DigestMethod.SHA512.equals(xmlDigestAlgo)) { return "SHA-512"; } throw new RuntimeException("unsupported XML digest algo: " + xmlDigestAlgo); }