List of usage examples for javax.xml.crypto.dsig XMLObject getId
String getId();
XMLObject
. From source file:be.fedict.eid.applet.service.signer.ooxml.OOXMLSignatureVerifier.java
@SuppressWarnings("unchecked") private XMLObject findObject(XMLSignature xmlSignature, String objectId) { List<XMLObject> objects = xmlSignature.getObjects(); for (XMLObject object : objects) { if (objectId.equals(object.getId())) { LOG.debug("Found \"" + objectId + "\" ds:object"); return object; }/*from w ww. j a v a 2 s .c om*/ } return null; }
From source file:be.fedict.eid.applet.service.signer.ooxml.OOXMLSignatureVerifier.java
public List<X509Certificate> getSigners(URL url) throws IOException, ParserConfigurationException, SAXException, TransformerException, MarshalException, XMLSignatureException, JAXBException { List<X509Certificate> signers = new LinkedList<X509Certificate>(); List<String> signatureResourceNames = getSignatureResourceNames(url); if (signatureResourceNames.isEmpty()) { LOG.debug("no signature resources"); }// ww w .ja va 2 s . com for (String signatureResourceName : signatureResourceNames) { Document signatureDocument = getSignatureDocument(url, signatureResourceName); if (null == signatureDocument) { continue; } NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (0 == signatureNodeList.getLength()) { return null; } Node signatureNode = signatureNodeList.item(0); KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean valid = xmlSignature.validate(domValidateContext); if (!valid) { LOG.debug("not a valid signature"); continue; } /* * Check the content of idPackageObject. */ List<XMLObject> objects = xmlSignature.getObjects(); XMLObject idPackageObject = null; for (XMLObject object : objects) { if ("idPackageObject".equals(object.getId())) { idPackageObject = object; break; } } if (null == idPackageObject) { LOG.debug("idPackageObject ds:Object not present"); continue; } List<XMLStructure> idPackageObjectContent = idPackageObject.getContent(); Manifest idPackageObjectManifest = null; for (XMLStructure content : idPackageObjectContent) { if (content instanceof Manifest) { idPackageObjectManifest = (Manifest) content; break; } } if (null == idPackageObjectManifest) { LOG.debug("no ds:Manifest present within idPackageObject ds:Object"); continue; } LOG.debug("ds:Manifest present within idPackageObject ds:Object"); List<Reference> idPackageObjectReferences = idPackageObjectManifest.getReferences(); Set<String> idPackageObjectReferenceUris = new HashSet<String>(); Set<String> remainingIdPackageObjectReferenceUris = new HashSet<String>(); for (Reference idPackageObjectReference : idPackageObjectReferences) { idPackageObjectReferenceUris.add(idPackageObjectReference.getURI()); remainingIdPackageObjectReferenceUris.add(idPackageObjectReference.getURI()); } LOG.debug("idPackageObject ds:Reference URIs: " + idPackageObjectReferenceUris); CTTypes contentTypes = getContentTypes(url); List<String> relsEntryNames = getRelsEntryNames(url); for (String relsEntryName : relsEntryNames) { LOG.debug("---- relationship entry name: " + relsEntryName); CTRelationships relationships = getRelationships(url, relsEntryName); List<CTRelationship> relationshipList = relationships.getRelationship(); boolean includeRelationshipInSignature = false; for (CTRelationship relationship : relationshipList) { String relationshipType = relationship.getType(); STTargetMode targetMode = relationship.getTargetMode(); if (null != targetMode) { LOG.debug("TargetMode: " + targetMode.name()); if (targetMode == STTargetMode.EXTERNAL) { /* * ECMA-376 Part 2 - 3rd edition * * 13.2.4.16 Manifest Element * * "The producer shall not create a Manifest element that references any data outside of the package." */ continue; } } if (false == OOXMLSignatureFacet.isSignedRelationship(relationshipType)) { continue; } String relationshipTarget = relationship.getTarget(); String baseUri = "/" + relsEntryName.substring(0, relsEntryName.indexOf("_rels/")); String streamEntry = baseUri + relationshipTarget; LOG.debug("stream entry: " + streamEntry); streamEntry = FilenameUtils.separatorsToUnix(FilenameUtils.normalize(streamEntry)); LOG.debug("normalized stream entry: " + streamEntry); String contentType = getContentType(contentTypes, streamEntry); if (relationshipType.endsWith("customXml")) { if (false == contentType.equals("inkml+xml") && false == contentType.equals("text/xml")) { LOG.debug("skipping customXml with content type: " + contentType); continue; } } includeRelationshipInSignature = true; LOG.debug("content type: " + contentType); String referenceUri = streamEntry + "?ContentType=" + contentType; LOG.debug("reference URI: " + referenceUri); if (false == idPackageObjectReferenceUris.contains(referenceUri)) { throw new RuntimeException( "no reference in idPackageObject ds:Object for relationship target: " + streamEntry); } remainingIdPackageObjectReferenceUris.remove(referenceUri); } String relsReferenceUri = "/" + relsEntryName + "?ContentType=application/vnd.openxmlformats-package.relationships+xml"; if (includeRelationshipInSignature && false == idPackageObjectReferenceUris.contains(relsReferenceUri)) { LOG.debug("missing ds:Reference for: " + relsEntryName); throw new RuntimeException("missing ds:Reference for: " + relsEntryName); } remainingIdPackageObjectReferenceUris.remove(relsReferenceUri); } if (false == remainingIdPackageObjectReferenceUris.isEmpty()) { LOG.debug("remaining idPackageObject reference URIs" + idPackageObjectReferenceUris); throw new RuntimeException("idPackageObject manifest contains unknown ds:References: " + remainingIdPackageObjectReferenceUris); } X509Certificate signer = keySelector.getCertificate(); signers.add(signer); } return signers; }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.java
public void sign(XMLSignContext signContext) throws MarshalException, XMLSignatureException { if (signContext == null) { throw new NullPointerException("signContext cannot be null"); }// w w w. j a va 2s .co m DOMSignContext context = (DOMSignContext) signContext; marshal(context.getParent(), context.getNextSibling(), DOMUtils.getSignaturePrefix(context), context); // generate references and signature value List<Reference> allReferences = new ArrayList<Reference>(); // traverse the Signature and register all objects with IDs that // may contain References signatureIdMap = new HashMap<String, XMLStructure>(); signatureIdMap.put(id, this); signatureIdMap.put(si.getId(), si); @SuppressWarnings("unchecked") List<Reference> refs = si.getReferences(); for (Reference ref : refs) { signatureIdMap.put(ref.getId(), ref); } for (XMLObject obj : objects) { signatureIdMap.put(obj.getId(), obj); @SuppressWarnings("unchecked") List<XMLStructure> content = obj.getContent(); for (XMLStructure xs : content) { if (xs instanceof Manifest) { Manifest man = (Manifest) xs; signatureIdMap.put(man.getId(), man); @SuppressWarnings("unchecked") List<Reference> manRefs = man.getReferences(); for (Reference ref : manRefs) { allReferences.add(ref); signatureIdMap.put(ref.getId(), ref); } } } } // always add SignedInfo references after Manifest references so // that Manifest reference are digested first allReferences.addAll(refs); // generate/digest each reference for (Reference ref : allReferences) { digestReference((DOMReference) ref, signContext); } // do final sweep to digest any references that were skipped or missed for (Reference ref : allReferences) { if (((DOMReference) ref).isDigested()) { continue; } ((DOMReference) ref).digest(signContext); } Key signingKey = null; KeySelectorResult ksr = null; try { ksr = signContext.getKeySelector().select(ki, KeySelector.Purpose.SIGN, si.getSignatureMethod(), signContext); signingKey = ksr.getKey(); if (signingKey == null) { throw new XMLSignatureException("the keySelector did not " + "find a signing key"); } } catch (KeySelectorException kse) { throw new XMLSignatureException("cannot find signing key", kse); } // calculate signature value try { byte[] val = ((AbstractDOMSignatureMethod) si.getSignatureMethod()).sign(signingKey, si, signContext); ((DOMSignatureValue) sv).setValue(val); } catch (InvalidKeyException ike) { throw new XMLSignatureException(ike); } this.localSigElem = sigElem; this.ksr = ksr; }
From source file:org.jcp.xml.dsig.internal.dom.DOMXMLSignature.java
public void sign(XMLSignContext signContext) throws MarshalException, XMLSignatureException { if (signContext == null) { throw new NullPointerException("signContext cannot be null"); }/*from w ww . ja va 2s .com*/ DOMSignContext context = (DOMSignContext) signContext; if (context != null) { marshal(context.getParent(), context.getNextSibling(), DOMUtils.getSignaturePrefix(context), context); } // generate references and signature value List<Reference> allReferences = new ArrayList<Reference>(); // traverse the Signature and register all objects with IDs that // may contain References signatureIdMap = new HashMap<String, XMLStructure>(); signatureIdMap.put(id, this); signatureIdMap.put(si.getId(), si); @SuppressWarnings("unchecked") List<Reference> refs = si.getReferences(); for (Reference ref : refs) { signatureIdMap.put(ref.getId(), ref); } for (XMLObject obj : objects) { signatureIdMap.put(obj.getId(), obj); @SuppressWarnings("unchecked") List<XMLStructure> content = obj.getContent(); for (XMLStructure xs : content) { if (xs instanceof Manifest) { Manifest man = (Manifest) xs; signatureIdMap.put(man.getId(), man); @SuppressWarnings("unchecked") List<Reference> manRefs = man.getReferences(); for (Reference ref : manRefs) { allReferences.add(ref); signatureIdMap.put(ref.getId(), ref); } } } } // always add SignedInfo references after Manifest references so // that Manifest reference are digested first allReferences.addAll(refs); // generate/digest each reference for (Reference ref : allReferences) { digestReference((DOMReference) ref, signContext); } // do final sweep to digest any references that were skipped or missed for (Reference ref : allReferences) { if (((DOMReference) ref).isDigested()) { continue; } ((DOMReference) ref).digest(signContext); } Key signingKey = null; KeySelectorResult ksr = null; try { ksr = signContext.getKeySelector().select(ki, KeySelector.Purpose.SIGN, si.getSignatureMethod(), signContext); signingKey = ksr.getKey(); if (signingKey == null) { throw new XMLSignatureException("the keySelector did not " + "find a signing key"); } } catch (KeySelectorException kse) { throw new XMLSignatureException("cannot find signing key", kse); } // calculate signature value try { byte[] val = ((AbstractDOMSignatureMethod) si.getSignatureMethod()).sign(signingKey, si, signContext); ((DOMSignatureValue) sv).setValue(val); } catch (InvalidKeyException ike) { throw new XMLSignatureException(ike); } this.localSigElem = sigElem; this.ksr = ksr; }