List of usage examples for javax.xml.crypto.dsig XMLSignature XMLNS
String XMLNS
To view the source code for javax.xml.crypto.dsig XMLSignature XMLNS.
Click Source Link
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMReference.java
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { if (log.isDebugEnabled()) { log.debug("Marshalling Reference"); }//w w w. j a va2 s . c o m Document ownerDoc = DOMUtils.getOwnerDocument(parent); refElem = DOMUtils.createElement(ownerDoc, "Reference", XMLSignature.XMLNS, dsPrefix); // set attributes DOMUtils.setAttributeID(refElem, "Id", id); DOMUtils.setAttribute(refElem, "URI", uri); DOMUtils.setAttribute(refElem, "Type", type); // create and append Transforms element if (!allTransforms.isEmpty()) { Element transformsElem = DOMUtils.createElement(ownerDoc, "Transforms", XMLSignature.XMLNS, dsPrefix); refElem.appendChild(transformsElem); for (Transform transform : allTransforms) { ((DOMStructure) transform).marshal(transformsElem, dsPrefix, context); } } // create and append DigestMethod element ((DOMDigestMethod) digestMethod).marshal(refElem, dsPrefix, context); // create and append DigestValue element if (log.isDebugEnabled()) { log.debug("Adding digestValueElem"); } Element digestValueElem = DOMUtils.createElement(ownerDoc, "DigestValue", XMLSignature.XMLNS, dsPrefix); if (digestValue != null) { digestValueElem.appendChild(ownerDoc.createTextNode(Base64.encode(digestValue))); } refElem.appendChild(digestValueElem); parent.appendChild(refElem); here = refElem.getAttributeNodeNS(null, "URI"); }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMReference.java
private byte[] transform(Data dereferencedData, XMLCryptoContext context) throws XMLSignatureException { if (md == null) { try {//from ww w . ja va 2 s. c o m md = MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm()); } catch (NoSuchAlgorithmException nsae) { throw new XMLSignatureException(nsae); } } md.reset(); DigesterOutputStream dos; Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference"); if (cache != null && cache.booleanValue()) { this.derefData = copyDerefData(dereferencedData); dos = new DigesterOutputStream(md, true); } else { dos = new DigesterOutputStream(md); } OutputStream os = null; Data data = dereferencedData; try { os = new UnsyncBufferedOutputStream(dos); for (int i = 0, size = transforms.size(); i < size; i++) { DOMTransform transform = (DOMTransform) transforms.get(i); if (i < size - 1) { data = transform.transform(data, context); } else { data = transform.transform(data, context, os); } } if (data != null) { XMLSignatureInput xi; // explicitly use C14N 1.1 when generating signature // first check system property, then context property boolean c14n11 = useC14N11; String c14nalg = CanonicalizationMethod.INCLUSIVE; if (context instanceof XMLSignContext) { if (!c14n11) { Boolean prop = (Boolean) context.getProperty("org.apache.xml.security.useC14N11"); c14n11 = (prop != null && prop.booleanValue()); if (c14n11) { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } else { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } if (data instanceof ApacheData) { xi = ((ApacheData) data).getXMLSignatureInput(); } else if (data instanceof OctetStreamData) { xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else if (data instanceof NodeSetData) { TransformService spi = null; if (provider == null) { spi = TransformService.getInstance(c14nalg, "DOM"); } else { try { spi = TransformService.getInstance(c14nalg, "DOM", provider); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM"); } } data = spi.transform(data, context); xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else { throw new XMLSignatureException("unrecognized Data type"); } if (context instanceof XMLSignContext && c14n11 && !xi.isOctetStream() && !xi.isOutputStreamSet()) { TransformService spi = null; if (provider == null) { spi = TransformService.getInstance(c14nalg, "DOM"); } else { try { spi = TransformService.getInstance(c14nalg, "DOM", provider); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM"); } } DOMTransform t = new DOMTransform(spi); Element transformsElem = null; String dsPrefix = DOMUtils.getSignaturePrefix(context); if (allTransforms.isEmpty()) { transformsElem = DOMUtils.createElement(refElem.getOwnerDocument(), "Transforms", XMLSignature.XMLNS, dsPrefix); refElem.insertBefore(transformsElem, DOMUtils.getFirstChildElement(refElem)); } else { transformsElem = DOMUtils.getFirstChildElement(refElem); } t.marshal(transformsElem, dsPrefix, (DOMCryptoContext) context); allTransforms.add(t); xi.updateOutputStream(os, true); } else { xi.updateOutputStream(os); } } os.flush(); if (cache != null && cache.booleanValue()) { this.dis = dos.getInputStream(); } return dos.getDigestValue(); } catch (NoSuchAlgorithmException e) { throw new XMLSignatureException(e); } catch (TransformException e) { throw new XMLSignatureException(e); } catch (MarshalException e) { throw new XMLSignatureException(e); } catch (IOException e) { throw new XMLSignatureException(e); } catch (org.apache.xml.security.c14n.CanonicalizationException e) { throw new XMLSignatureException(e); } finally { if (os != null) { try { os.close(); } catch (IOException e) { throw new XMLSignatureException(e); } } if (dos != null) { try { dos.close(); } catch (IOException e) { throw new XMLSignatureException(e); } } } }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.java
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { ownerDoc = DOMUtils.getOwnerDocument(parent); Element siElem = DOMUtils.createElement(ownerDoc, "SignedInfo", XMLSignature.XMLNS, dsPrefix); // create and append CanonicalizationMethod element DOMCanonicalizationMethod dcm = (DOMCanonicalizationMethod) canonicalizationMethod; dcm.marshal(siElem, dsPrefix, context); // create and append SignatureMethod element ((DOMStructure) signatureMethod).marshal(siElem, dsPrefix, context); // create and append Reference elements for (Reference reference : references) { ((DOMReference) reference).marshal(siElem, dsPrefix, context); }//from w w w . ja va 2 s .c o m // append Id attribute DOMUtils.setAttributeID(siElem, "Id", id); parent.appendChild(siElem); localSiElem = siElem; }
From source file:org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.java
public void marshal(Node parent, Node nextSibling, String dsPrefix, DOMCryptoContext context) throws MarshalException { ownerDoc = DOMUtils.getOwnerDocument(parent); sigElem = DOMUtils.createElement(ownerDoc, "Signature", XMLSignature.XMLNS, dsPrefix); // append xmlns attribute if (dsPrefix == null || dsPrefix.length() == 0) { sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", XMLSignature.XMLNS); } else {// w ww. j a v a2 s. c om sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + dsPrefix, XMLSignature.XMLNS); } // create and append SignedInfo element ((DOMSignedInfo) si).marshal(sigElem, dsPrefix, context); // create and append SignatureValue element ((DOMSignatureValue) sv).marshal(sigElem, dsPrefix, context); // create and append KeyInfo element if necessary if (ki != null) { ((DOMKeyInfo) ki).marshal(sigElem, null, dsPrefix, context); } // create and append Object elements if necessary for (int i = 0, size = objects.size(); i < size; i++) { ((DOMXMLObject) objects.get(i)).marshal(sigElem, dsPrefix, context); } // append Id attribute DOMUtils.setAttributeID(sigElem, "Id", id); parent.insertBefore(sigElem, nextSibling); }
From source file:org.apache.juddi.v3.client.cryptor.DigSigUtil.java
private boolean verifySignature(Element element, PublicKey validatingKey, AtomicReference<String> OutReadableErrorMessage) { if (OutReadableErrorMessage == null) { OutReadableErrorMessage = new AtomicReference<String>(); }//from w ww . j ava 2s .c o m XMLSignatureFactory fac = initXMLSigFactory(); NodeList nl = element.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nl.getLength() == 0) { throw new RuntimeException("Cannot find Signature element"); } DOMValidateContext valContext = new DOMValidateContext(validatingKey, nl.item(0)); try { valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); XMLSignature signature = fac.unmarshalXMLSignature(valContext); boolean coreValidity = signature.validate(valContext); // Check core validation status. if (coreValidity == false) { logger.warn("Signature failed core validation"); boolean sv = signature.getSignatureValue().validate(valContext); logger.debug("signature validation status: " + sv); OutReadableErrorMessage .set("signature validation failed: " + sv + "." + OutReadableErrorMessage.get()); // Check the validation status of each Reference. @SuppressWarnings("unchecked") Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator(); //System.out.println("---------------------------------------------"); for (int j = 0; i.hasNext(); j++) { Reference ref = (Reference) i.next(); boolean refValid = ref.validate(valContext); logger.debug(j); logger.debug("ref[" + j + "] validity status: " + refValid); if (!refValid) { OutReadableErrorMessage .set("signature reference " + j + " invalid. " + OutReadableErrorMessage.get()); } logger.debug("Ref type: " + ref.getType() + ", URI: " + ref.getURI()); for (Object xform : ref.getTransforms()) { logger.debug("Transform: " + xform); } String calcDigValStr = digestToString(ref.getCalculatedDigestValue()); String expectedDigValStr = digestToString(ref.getDigestValue()); logger.warn(" Calc Digest: " + calcDigValStr); logger.warn("Expected Digest: " + expectedDigValStr); if (!calcDigValStr.equalsIgnoreCase(expectedDigValStr)) { OutReadableErrorMessage.set( "digest mismatch for signature ref " + j + "." + OutReadableErrorMessage.get()); } } } else { logger.info("Signature passed core validation"); } return coreValidity; } catch (Exception e) { OutReadableErrorMessage .set("signature validation failed: " + e.getMessage() + OutReadableErrorMessage.get()); logger.fatal(e); return false; } }
From source file:org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.java
public void validate(RoleDescriptorType md, Document doc, Node root) throws SamlR2SignatureException { try {//from ww w. j a v a2 s .c om // Check for duplicate IDs among XML elements NodeList nodes = evaluateXPath(doc, "//*/@ID"); boolean duplicateIdExists = false; List<String> ids = new ArrayList<String>(); for (int i = 0; i < nodes.getLength(); i++) { Node node = nodes.item(i); if (ids.contains(node.getNodeValue())) { duplicateIdExists = true; logger.error("Duplicated Element ID in XML Document : " + node.getNodeValue()); } ids.add(node.getNodeValue()); } if (duplicateIdExists) { throw new SamlR2SignatureException("Duplicate IDs in document "); } // TODO : Check that the Signature references the root element (the one used by the application) // Keep in mind that signature reference might be an XPath expression ?! // We know that in SAML, the root element is the element used by the application, we just need to make sure that // the root element is the one referred by the signature Node rootIdAttr = root.getAttributes().getNamedItem("ID"); if (rootIdAttr == null) throw new SamlR2SignatureException("SAML document does not have an ID "); // Find Signature element NodeList signatureNodes = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (signatureNodes.getLength() == 0) { throw new SamlR2SignatureException("Cannot find Signature elements"); } // Create a DOM XMLSignatureFactory that will be used to unmarshal the // document containing the XMLSignature XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", provider); // Create a DOMValidateContext and specify a KeyValue KeySelector // and document context // Validate all Signature elements boolean rootIdMatched = false; for (int k = 0; k < signatureNodes.getLength(); k++) { DOMValidateContext valContext = new DOMValidateContext(new RawX509KeySelector(), signatureNodes.item(k)); // unmarshal the XMLSignature XMLSignature signature = fac.unmarshalXMLSignature(valContext); // Validate the XMLSignature (generated above) boolean coreValidity = signature.validate(valContext); // Check core validation status if (!coreValidity) { if (logger.isDebugEnabled()) logger.debug("Signature failed core validation"); boolean sv = signature.getSignatureValue().validate(valContext); if (logger.isDebugEnabled()) logger.debug("signature validation status: " + sv); // check the validation status of each Reference (should be only one!) Iterator i = signature.getSignedInfo().getReferences().iterator(); boolean refValid = true; for (int j = 0; i.hasNext(); j++) { Reference ref = (Reference) i.next(); boolean b = ref.validate(valContext); if (logger.isDebugEnabled()) logger.debug("ref[" + j + "] " + ref.getId() + " validity status: " + b); if (!b) { refValid = b; logger.error("Signature failed reference validation " + ref.getId()); } } throw new SamlR2SignatureValidationException( "Signature failed core validation" + (refValid ? " but passed all Reference validations" : " and some/all Reference validation")); } if (logger.isDebugEnabled()) logger.debug("Singnature passed Core validation"); // The Signature must contain only one reference, and it must be the signed top element's ID. List<Reference> refs = signature.getSignedInfo().getReferences(); if (refs.size() != 1) { throw new SamlR2SignatureValidationException( "Invalid number of 'Reference' elements in signature : " + refs.size() + " [" + signature.getId() + "]"); } Reference reference = refs.get(0); String referenceURI = reference.getURI(); if (referenceURI == null || !referenceURI.startsWith("#")) throw new SamlR2SignatureValidationException( "Signature reference URI format not supported " + referenceURI); if (referenceURI.substring(1).equals(rootIdAttr.getNodeValue())) rootIdMatched = true; Key key = signature.getKeySelectorResult().getKey(); boolean certValidity = validateCertificate(md, key); if (!certValidity) { throw new SamlR2SignatureValidationException("Signature failed Certificate validation"); } if (logger.isDebugEnabled()) logger.debug("Signature passed Certificate validation"); } // Check that any of the Signatures matched the root element ID if (!rootIdMatched) { logger.error("No Signature element refers to signed element (possible signature wrapping attack)"); throw new SamlR2SignatureValidationException("No Signature element refers to signed element"); } } catch (MarshalException e) { throw new RuntimeException(e.getMessage(), e); } catch (XMLSignatureException e) { throw new RuntimeException(e.getMessage(), e); } }
From source file:org.gluu.saml.Response.java
public boolean isValid() throws Exception { NodeList nodes = xmlDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nodes == null || nodes.getLength() == 0) { throw new Exception("Can't find signature in document."); }//w w w. java2 s. co m if (setIdAttributeExists()) { tagIdAttributes(xmlDoc); } X509Certificate cert = samlSettings.getCertificate(); DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey(), nodes.item(0)); XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM"); XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx); return xmlSignature.validate(ctx); }
From source file:org.jcp.xml.dsig.internal.dom.DOMReference.java
private byte[] transform(Data dereferencedData, XMLCryptoContext context) throws XMLSignatureException { if (md == null) { try {/* www . j a va 2 s . c om*/ md = MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm()); } catch (NoSuchAlgorithmException nsae) { throw new XMLSignatureException(nsae); } } md.reset(); DigesterOutputStream dos; Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference"); if (cache != null && cache.booleanValue() == true) { this.derefData = copyDerefData(dereferencedData); dos = new DigesterOutputStream(md, true); } else { dos = new DigesterOutputStream(md); } OutputStream os = new UnsyncBufferedOutputStream(dos); Data data = dereferencedData; for (int i = 0, size = transforms.size(); i < size; i++) { DOMTransform transform = (DOMTransform) transforms.get(i); try { if (i < size - 1) { data = transform.transform(data, context); } else { data = transform.transform(data, context, os); } } catch (TransformException te) { throw new XMLSignatureException(te); } } try { if (data != null) { XMLSignatureInput xi; // explicitly use C14N 1.1 when generating signature // first check system property, then context property boolean c14n11 = useC14N11; String c14nalg = CanonicalizationMethod.INCLUSIVE; if (context instanceof XMLSignContext) { if (!c14n11) { Boolean prop = (Boolean) context.getProperty("org.apache.xml.security.useC14N11"); c14n11 = (prop != null && prop.booleanValue() == true); if (c14n11) { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } else { c14nalg = "http://www.w3.org/2006/12/xml-c14n11"; } } if (data instanceof ApacheData) { xi = ((ApacheData) data).getXMLSignatureInput(); } else if (data instanceof OctetStreamData) { xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else if (data instanceof NodeSetData) { TransformService spi = null; try { spi = TransformService.getInstance(c14nalg, "DOM"); } catch (NoSuchAlgorithmException nsae) { spi = TransformService.getInstance(c14nalg, "DOM", provider); } data = spi.transform(data, context); xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream()); } else { throw new XMLSignatureException("unrecognized Data type"); } if (context instanceof XMLSignContext && c14n11 && !xi.isOctetStream() && !xi.isOutputStreamSet()) { DOMTransform t = new DOMTransform(TransformService.getInstance(c14nalg, "DOM")); Element transformsElem = null; String dsPrefix = DOMUtils.getSignaturePrefix(context); if (allTransforms.isEmpty()) { transformsElem = DOMUtils.createElement(refElem.getOwnerDocument(), "Transforms", XMLSignature.XMLNS, dsPrefix); refElem.insertBefore(transformsElem, DOMUtils.getFirstChildElement(refElem)); } else { transformsElem = DOMUtils.getFirstChildElement(refElem); } t.marshal(transformsElem, dsPrefix, (DOMCryptoContext) context); allTransforms.add(t); xi.updateOutputStream(os, true); } else { xi.updateOutputStream(os); } } os.flush(); if (cache != null && cache.booleanValue() == true) { this.dis = dos.getInputStream(); } return dos.getDigestValue(); } catch (NoSuchAlgorithmException e) { throw new XMLSignatureException(e); } catch (TransformException e) { throw new XMLSignatureException(e); } catch (MarshalException e) { throw new XMLSignatureException(e); } catch (IOException e) { throw new XMLSignatureException(e); } catch (org.apache.xml.security.c14n.CanonicalizationException e) { throw new XMLSignatureException(e); } }
From source file:org.openehealth.coms.cc.web_frontend.consentcreator.service.DocumentFactory.java
/** * Checks whether or not the given Document contains a valid XML Signature * and if it has the exact same content as the original. * /*from ww w . j av a 2 s . com*/ * @param cdaFile * @param originalCDA * @return */ public boolean isXMLSignatureValid(Document cdaFile, Document originalCDA) { boolean coreValidity = false; try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilder db = dbf.newDocumentBuilder(); Document checkCDA = db.newDocument(); Node copy = checkCDA.importNode(cdaFile.getDocumentElement(), true); checkCDA.appendChild(copy); if (!isCDAoriginal(checkCDA, originalCDA)) { return false; } // Find Signature element NodeList nl = cdaFile.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nl.getLength() == 0) { return false; } // Create a DOM XMLSignatureFactory that will be used to unmarshal // the // document containing the XMLSignature XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); // Create a DOMValidateContext and specify a KeyValue KeySelector // and document context DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(), nl.item(0)); // unmarshal the XMLSignature XMLSignature signature = fac.unmarshalXMLSignature(valContext); // Validate the XMLSignature (generated above) coreValidity = signature.validate(valContext); // Check core validation status if (coreValidity) { return true; } } catch (Exception e) { Logger.getLogger(this.getClass()).error(e); } return coreValidity; }
From source file:org.roda.common.certification.ODFSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { String result = "Passed"; ZipFile zipFile = new ZipFile(input.toString()); Enumeration<?> enumeration; for (enumeration = zipFile.entries(); enumeration.hasMoreElements();) { ZipEntry entry = (ZipEntry) enumeration.nextElement(); String entryName = entry.getName(); if (META_INF_DOCUMENTSIGNATURES_XML.equalsIgnoreCase(entryName)) { InputStream zipStream = zipFile.getInputStream(entry); InputSource inputSource = new InputSource(zipStream); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); try { DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.parse(inputSource); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); for (int i = 0; i < signatureNodeList.getLength(); i++) { Node signatureNode = signatureNodeList.item(i); verifyCertificates(input, signatureNode); }/*from ww w.j av a2s.c om*/ } catch (ParserConfigurationException | SAXException e) { result = "Signatures document can not be parsed"; } catch (CertificateExpiredException e) { result = "Contains expired certificates"; } catch (CertificateRevokedException e) { result = "Contains revoked certificates"; } catch (CertificateNotYetValidException e) { result = "Contains certificates not yet valid"; } catch (MarshalException | XMLSignatureException e) { result = "Digital signatures are not valid"; } IOUtils.closeQuietly(zipStream); } } zipFile.close(); return result; }