List of usage examples for javax.xml.crypto.dsig XMLSignature XMLNS
String XMLNS
To view the source code for javax.xml.crypto.dsig XMLSignature XMLNS.
Click Source Link
From source file:Signing.java
public static void main(String[] args) throws Exception { SOAPMessage soapMessage = MessageFactory.newInstance().createMessage(); SOAPPart soapPart = soapMessage.getSOAPPart(); SOAPEnvelope soapEnvelope = soapPart.getEnvelope(); SOAPHeader soapHeader = soapEnvelope.getHeader(); SOAPHeaderElement headerElement = soapHeader.addHeaderElement(soapEnvelope.createName("Signature", "SOAP-SEC", "http://schemas.xmlsoap.org/soap/security/2000-12")); SOAPBody soapBody = soapEnvelope.getBody(); soapBody.addAttribute(//from w w w.j a v a2 s . co m soapEnvelope.createName("id", "SOAP-SEC", "http://schemas.xmlsoap.org/soap/security/2000-12"), "Body"); Name bodyName = soapEnvelope.createName("FooBar", "z", "http://example.com"); SOAPBodyElement gltp = soapBody.addBodyElement(bodyName); Source source = soapPart.getContent(); Node root = null; if (source instanceof DOMSource) { root = ((DOMSource) source).getNode(); } else if (source instanceof SAXSource) { InputSource inSource = ((SAXSource) source).getInputSource(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder db = null; db = dbf.newDocumentBuilder(); Document doc = db.parse(inSource); root = (Node) doc.getDocumentElement(); } dumpDocument(root); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024, new SecureRandom()); KeyPair keypair = kpg.generateKeyPair(); XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance(); Reference ref = sigFactory.newReference("#Body", sigFactory.newDigestMethod(DigestMethod.SHA1, null)); SignedInfo signedInfo = sigFactory.newSignedInfo( sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = sigFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(keypair.getPublic()); KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo); System.out.println("Signing the message..."); PrivateKey privateKey = keypair.getPrivate(); Element envelope = getFirstChildElement(root); Element header = getFirstChildElement(envelope); DOMSignContext sigContext = new DOMSignContext(privateKey, header); sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds"); sigContext.setIdAttributeNS(getNextSiblingElement(header), "http://schemas.xmlsoap.org/soap/security/2000-12", "id"); sig.sign(sigContext); dumpDocument(root); System.out.println("Validate the signature..."); Element sigElement = getFirstChildElement(header); DOMValidateContext valContext = new DOMValidateContext(keypair.getPublic(), sigElement); valContext.setIdAttributeNS(getNextSiblingElement(header), "http://schemas.xmlsoap.org/soap/security/2000-12", "id"); boolean valid = sig.validate(valContext); System.out.println("Signature valid? " + valid); }
From source file:Main.java
private static Node getSignatureNode(final Element rootElement) throws SignatureException { final NodeList nl = rootElement.getElementsByTagNameNS(XMLSignature.XMLNS, NODE_SIGNATURE); if (nl.getLength() == 0) { throw new SignatureException("Cannot find Signature element"); }// w w w. j a v a2 s . c om return nl.item(0); }
From source file:be.fedict.eid.dss.spi.utils.XAdESSignatureTimeStampValidation.java
/** * Checks the time-stamp tokens' digital signatures. * //from w ww. j ava2 s .co m * @param signatureTimeStamp * @param signatureElement * @return * @throws XAdESValidationException */ public static List<TimeStampToken> verify(XAdESTimeStampType signatureTimeStamp, Element signatureElement) throws XAdESValidationException { LOG.debug("validate SignatureTimeStamp..."); List<TimeStampToken> timeStampTokens = XAdESUtils.getTimeStampTokens(signatureTimeStamp); if (timeStampTokens.isEmpty()) { LOG.error("No timestamp tokens present in SignatureTimeStamp"); throw new XAdESValidationException("No timestamp tokens present in SignatureTimeStamp"); } // 2. take ds:SignatureValue element NodeList signatureValueNodeList = signatureElement.getElementsByTagNameNS(XMLSignature.XMLNS, "SignatureValue"); if (0 == signatureValueNodeList.getLength()) { LOG.error("no XML signature valuefound"); throw new XAdESValidationException("no XML signature valuefound"); } // 3. canonicalize using CanonicalizationMethod if any, else take dsig's TimeStampDigestInput digestInput = new TimeStampDigestInput( signatureTimeStamp.getCanonicalizationMethod().getAlgorithm()); digestInput.addNode(signatureValueNodeList.item(0)); for (TimeStampToken timeStampToken : timeStampTokens) { // 1. verify signature in timestamp token XAdESUtils.verifyTimeStampTokenSignature(timeStampToken); // 4. for-each timestamp token, compute digest and compare XAdESUtils.verifyTimeStampTokenDigest(timeStampToken, digestInput); } return timeStampTokens; }
From source file:be.fedict.eid.dss.spi.utils.XAdESSigAndRefsTimeStampValidation.java
public static List<TimeStampToken> verify(XAdESTimeStampType sigAndRefsTimeStamp, Element signatureElement) throws XAdESValidationException { LOG.debug("validate SigAndRefsTimeStamp..."); List<TimeStampToken> timeStampTokens = XAdESUtils.getTimeStampTokens(sigAndRefsTimeStamp); if (timeStampTokens.isEmpty()) { LOG.error("No timestamp tokens present in SigAndRefsTimeStamp"); throw new XAdESValidationException("No timestamp tokens present in SigAndRefsTimeStamp"); }// w ww . j a va 2 s . c om TimeStampDigestInput digestInput = new TimeStampDigestInput( sigAndRefsTimeStamp.getCanonicalizationMethod().getAlgorithm()); /* * 2. check ds:SignatureValue present 3. take ds:SignatureValue, * cannonicalize and concatenate bytes. */ NodeList signatureValueNodeList = signatureElement.getElementsByTagNameNS(XMLSignature.XMLNS, "SignatureValue"); if (0 == signatureValueNodeList.getLength()) { LOG.error("no XML signature valuefound"); throw new XAdESValidationException("no XML signature valuefound"); } digestInput.addNode(signatureValueNodeList.item(0)); /* * 4. check SignatureTimeStamp(s), CompleteCertificateRefs, * CompleteRevocationRefs, AttributeCertificateRefs, * AttributeRevocationRefs 5. canonicalize these and concatenate to * bytestream from step 3 These nodes should be added in their order of * appearance. */ NodeList unsignedSignaturePropertiesNodeList = signatureElement .getElementsByTagNameNS(XAdESUtils.XADES_132_NS_URI, "UnsignedSignatureProperties"); if (unsignedSignaturePropertiesNodeList.getLength() == 0) { throw new XAdESValidationException("UnsignedSignatureProperties node not present"); } Node unsignedSignaturePropertiesNode = unsignedSignaturePropertiesNodeList.item(0); NodeList childNodes = unsignedSignaturePropertiesNode.getChildNodes(); int childNodesCount = childNodes.getLength(); for (int idx = 0; idx < childNodesCount; idx++) { Node childNode = childNodes.item(idx); if (Node.ELEMENT_NODE != childNode.getNodeType()) { continue; } if (!XAdESUtils.XADES_132_NS_URI.equals(childNode.getNamespaceURI())) { continue; } String localName = childNode.getLocalName(); if ("SignatureTimeStamp".equals(localName)) { digestInput.addNode(childNode); continue; } if ("CompleteCertificateRefs".equals(localName)) { digestInput.addNode(childNode); continue; } if ("CompleteRevocationRefs".equals(localName)) { digestInput.addNode(childNode); continue; } if ("AttributeCertificateRefs".equals(localName)) { digestInput.addNode(childNode); continue; } if ("AttributeRevocationRefs".equals(localName)) { digestInput.addNode(childNode); continue; } } for (TimeStampToken timeStampToken : timeStampTokens) { // 1. verify signature in timestamp token XAdESUtils.verifyTimeStampTokenSignature(timeStampToken); // 6. compute digest and compare with token XAdESUtils.verifyTimeStampTokenDigest(timeStampToken, digestInput); } return timeStampTokens; }
From source file:Main.java
private static XPathExpression createXPathExpression(String xpathString) { /* XPath *//* w ww . java2s .co m*/ XPathFactory factory = XPathFactory.newInstance(); XPath xpath = factory.newXPath(); xpath.setNamespaceContext(new NamespaceContext() { @Override public Iterator<?> getPrefixes(String namespaceURI) { throw new RuntimeException(); } @Override public String getPrefix(String namespaceURI) { throw new RuntimeException(); } @Override public String getNamespaceURI(String prefix) { if ("ds".equals(prefix)) { return XMLSignature.XMLNS; } else if ("xades".equals(prefix)) { return "http://uri.etsi.org/01903/v1.3.2#"; } else if ("xades141".equals(prefix)) { return "http://uri.etsi.org/01903/v1.4.1#"; } else if ("xades111".equals(prefix)) { return "http://uri.etsi.org/01903/v1.1.1#"; } throw new RuntimeException("Prefix not recognized : " + prefix); } }); try { XPathExpression expr = xpath.compile(xpathString); return expr; } catch (XPathExpressionException ex) { throw new RuntimeException(ex); } }
From source file:be.fedict.eid.applet.service.signer.odf.ODFSignatureVerifier.java
/** * return list of signers for the document available via the given * URL.//from www .j a v a2 s .co m * * @param odfUrl * @return list of X509 certificates * @throws IOException * @throws ParserConfigurationException * @throws SAXException * @throws MarshalException * @throws XMLSignatureException */ public static List<X509Certificate> getSigners(URL odfUrl) throws IOException, ParserConfigurationException, SAXException, MarshalException, XMLSignatureException { List<X509Certificate> signers = new LinkedList<X509Certificate>(); if (null == odfUrl) { throw new IllegalArgumentException("odfUrl is null"); } ZipInputStream odfZipInputStream = new ZipInputStream(odfUrl.openStream()); ZipEntry zipEntry; while (null != (zipEntry = odfZipInputStream.getNextEntry())) { if (ODFUtil.isSignatureFile(zipEntry)) { Document documentSignatures = ODFUtil.loadDocument(odfZipInputStream); NodeList signatureNodeList = documentSignatures.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); for (int idx = 0; idx < signatureNodeList.getLength(); idx++) { Node signatureNode = signatureNodeList.item(idx); X509Certificate signer = getVerifiedSignatureSigner(odfUrl, signatureNode); if (null == signer) { LOG.debug("JSR105 says invalid signature"); } else { signers.add(signer); } } return signers; } } LOG.debug("no signature file present"); return signers; }
From source file:be.fedict.eid.applet.service.signer.xps.XPSSignatureVerifier.java
public List<X509Certificate> getSigners(URL url) throws IOException, ParserConfigurationException, SAXException, TransformerException, MarshalException, XMLSignatureException, JAXBException { List<X509Certificate> signers = new LinkedList<X509Certificate>(); List<String> signatureResourceNames = getSignatureResourceNames(url); for (String signatureResourceName : signatureResourceNames) { LOG.debug("signature resource name: " + signatureResourceName); Document signatureDocument = loadDocument(url, signatureResourceName); if (null == signatureDocument) { LOG.warn("signature resource not found: " + signatureResourceName); continue; }/* w w w . j a v a2 s. c o m*/ NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (0 == signatureNodeList.getLength()) { LOG.debug("no signature elements present"); continue; } Node signatureNode = signatureNodeList.item(0); OPCKeySelector keySelector = new OPCKeySelector(url, signatureResourceName); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); if (false == validity) { LOG.debug("not a valid signature"); continue; } // TODO: check what has been signed. X509Certificate signer = keySelector.getCertificate(); signers.add(signer); } return signers; }
From source file:eu.europa.esig.dss.DSSXMLUtils.java
/** * This method registers the default namespaces. *//*from w w w. j a va 2 s . c om*/ private static void registerDefaultNamespaces() { registerNamespace("ds", XMLSignature.XMLNS); registerNamespace("dsig", XMLSignature.XMLNS); registerNamespace("xades", XAdESNamespaces.XAdES); // 1.3.2 registerNamespace("xades141", XAdESNamespaces.XAdES141); registerNamespace("xades122", XAdESNamespaces.XAdES122); registerNamespace("xades111", XAdESNamespaces.XAdES111); registerNamespace("asic", ASiCNamespaces.ASiC); }
From source file:eu.europa.esig.dss.xades.signature.EnvelopedSignatureBuilder.java
@Override protected List<DSSReference> createDefaultReferences() { final List<DSSReference> dssReferences = new ArrayList<DSSReference>(); DSSReference dssReference = new DSSReference(); dssReference.setId("r-id-1"); dssReference.setUri(""); dssReference.setContents(detachedDocument); dssReference.setDigestMethodAlgorithm(params.getDigestAlgorithm()); final List<DSSTransform> dssTransformList = new ArrayList<DSSTransform>(); // For parallel signatures DSSTransform dssTransform = new DSSTransform(); dssTransform.setAlgorithm(Transforms.TRANSFORM_XPATH); dssTransform.setElementName(DS_XPATH); dssTransform.setNamespace(XMLSignature.XMLNS); dssTransform.setTextContent(NOT_ANCESTOR_OR_SELF_DS_SIGNATURE); dssTransform.setPerform(true);//from w ww. j a v a2 s . c o m dssTransformList.add(dssTransform); // Canonicalization is the last operation, its better to operate the canonicalization on the smaller document dssTransform = new DSSTransform(); dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE); dssTransform.setPerform(true); dssTransformList.add(dssTransform); dssReference.setTransforms(dssTransformList); dssReferences.add(dssReference); return dssReferences; }
From source file:be.fedict.eid.dss.document.odf.ODFDSSDocumentService.java
@Override public List<SignatureInfo> verifySignatures(byte[] document, byte[] originalDocument) throws Exception { List<SignatureInfo> signatureInfos = new LinkedList<SignatureInfo>(); ZipInputStream odfZipInputStream = new ZipInputStream(new ByteArrayInputStream(document)); ZipEntry zipEntry;//from w w w .j a v a 2 s. co m while (null != (zipEntry = odfZipInputStream.getNextEntry())) { if (ODFUtil.isSignatureFile(zipEntry)) { Document documentSignatures = ODFUtil.loadDocument(odfZipInputStream); NodeList signatureNodeList = documentSignatures.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); XAdESValidation xadesValidation = new XAdESValidation(this.documentContext); for (int idx = 0; idx < signatureNodeList.getLength(); idx++) { Element signatureElement = (Element) signatureNodeList.item(idx); //LOG.debug("signatureValue: "+signatureElement.getTextContent()); xadesValidation.prepareDocument(signatureElement); KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement); ODFURIDereferencer dereferencer = new ODFURIDereferencer(document); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean valid = xmlSignature.validate(domValidateContext); if (!valid) { LOG.debug("invalid signature"); continue; } checkIntegrity(xmlSignature, document, originalDocument); X509Certificate signingCertificate = keySelector.getCertificate(); SignatureInfo signatureInfo = xadesValidation.validate(documentSignatures, xmlSignature, signatureElement, signingCertificate); signatureInfos.add(signatureInfo); } return signatureInfos; } } return signatureInfos; }