List of usage examples for javax.xml.crypto.dsig XMLSignatureFactory getInstance
public static XMLSignatureFactory getInstance()
XMLSignatureFactory that supports the default XML processing mechanism and representation type ("DOM"). From source file:Main.java
public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024, new SecureRandom()); KeyPair dsaKeyPair = kpg.generateKeyPair(); XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance(); Reference ref = sigFactory.newReference("#Body", sigFactory.newDigestMethod(DigestMethod.SHA1, null)); SignedInfo signedInfo = sigFactory.newSignedInfo( sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = sigFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(dsaKeyPair.getPublic()); KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature xmlSig = sigFactory.newXMLSignature(signedInfo, keyInfo); }
From source file:MainClass.java
public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024, new SecureRandom()); KeyPair dsaKeyPair = kpg.generateKeyPair(); XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance(); Reference ref = sigFactory.newReference("#Body", sigFactory.newDigestMethod(DigestMethod.SHA1, null)); SignedInfo signedInfo = sigFactory.newSignedInfo( sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = sigFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(dsaKeyPair.getPublic()); KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature xmlSig = sigFactory.newXMLSignature(signedInfo, keyInfo); }
From source file:Signing.java
public static void main(String[] args) throws Exception { SOAPMessage soapMessage = MessageFactory.newInstance().createMessage(); SOAPPart soapPart = soapMessage.getSOAPPart(); SOAPEnvelope soapEnvelope = soapPart.getEnvelope(); SOAPHeader soapHeader = soapEnvelope.getHeader(); SOAPHeaderElement headerElement = soapHeader.addHeaderElement(soapEnvelope.createName("Signature", "SOAP-SEC", "http://schemas.xmlsoap.org/soap/security/2000-12")); SOAPBody soapBody = soapEnvelope.getBody(); soapBody.addAttribute(//from w ww .ja v a2 s. c om soapEnvelope.createName("id", "SOAP-SEC", "http://schemas.xmlsoap.org/soap/security/2000-12"), "Body"); Name bodyName = soapEnvelope.createName("FooBar", "z", "http://example.com"); SOAPBodyElement gltp = soapBody.addBodyElement(bodyName); Source source = soapPart.getContent(); Node root = null; if (source instanceof DOMSource) { root = ((DOMSource) source).getNode(); } else if (source instanceof SAXSource) { InputSource inSource = ((SAXSource) source).getInputSource(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder db = null; db = dbf.newDocumentBuilder(); Document doc = db.parse(inSource); root = (Node) doc.getDocumentElement(); } dumpDocument(root); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024, new SecureRandom()); KeyPair keypair = kpg.generateKeyPair(); XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance(); Reference ref = sigFactory.newReference("#Body", sigFactory.newDigestMethod(DigestMethod.SHA1, null)); SignedInfo signedInfo = sigFactory.newSignedInfo( sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = sigFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(keypair.getPublic()); KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo); System.out.println("Signing the message..."); PrivateKey privateKey = keypair.getPrivate(); Element envelope = getFirstChildElement(root); Element header = getFirstChildElement(envelope); DOMSignContext sigContext = new DOMSignContext(privateKey, header); sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds"); sigContext.setIdAttributeNS(getNextSiblingElement(header), "http://schemas.xmlsoap.org/soap/security/2000-12", "id"); sig.sign(sigContext); dumpDocument(root); System.out.println("Validate the signature..."); Element sigElement = getFirstChildElement(header); DOMValidateContext valContext = new DOMValidateContext(keypair.getPublic(), sigElement); valContext.setIdAttributeNS(getNextSiblingElement(header), "http://schemas.xmlsoap.org/soap/security/2000-12", "id"); boolean valid = sig.validate(valContext); System.out.println("Signature valid? " + valid); }
From source file:be.fedict.eid.dss.document.zip.ZIPURIDereferencer.java
protected ZIPURIDereferencer(byte[] data, File tmpFile) { this.data = data; this.tmpFile = tmpFile; XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); this.baseUriDereferener = xmlSignatureFactory.getURIDereferencer(); LOG.debug("base URI dereferences class: " + this.baseUriDereferener.getClass().getName()); }
From source file:be.fedict.eid.applet.service.signer.asic.ASiCURIDereferencer.java
protected ASiCURIDereferencer(byte[] data, File tmpFile) { this.data = data; this.tmpFile = tmpFile; XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); this.baseUriDereferener = xmlSignatureFactory.getURIDereferencer(); }
From source file:be.fedict.eid.applet.service.signer.odf.ODFURIDereferencer.java
private ODFURIDereferencer(URL odfUrl, byte[] odfData) { if (null == odfUrl && null == odfData) { throw new IllegalArgumentException("odfUrl and odfData are null"); }/*from w w w .j a va 2 s . c o m*/ if (null != odfUrl && null != odfData) { throw new IllegalArgumentException("odfUrl and odfData are both not null"); } this.odfUrl = odfUrl; this.odfData = odfData; XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); this.baseUriDereferener = xmlSignatureFactory.getURIDereferencer(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); try { this.documentBuilder = documentBuilderFactory.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new RuntimeException("parser config error: " + e.getMessage(), e); } EntityResolver entityResolver = new ODFEntityResolver(); this.documentBuilder.setEntityResolver(entityResolver); }
From source file:be.fedict.eid.applet.service.signer.ooxml.OOXMLURIDereferencer.java
protected OOXMLURIDereferencer(byte[] ooxmlDocument, URL ooxmlUrl) { if (null == ooxmlUrl && null == ooxmlDocument) { throw new IllegalArgumentException("need some reference to the OOXML document"); }/* ww w . java 2 s .co m*/ this.ooxmlUrl = ooxmlUrl; this.ooxmlDocument = ooxmlDocument; XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); this.baseUriDereferencer = xmlSignatureFactory.getURIDereferencer(); }
From source file:be.fedict.eid.applet.service.signer.odf.ODFSignatureVerifier.java
private static X509Certificate getVerifiedSignatureSigner(URL odfUrl, Node signatureNode) throws MarshalException, XMLSignatureException { if (null == odfUrl) { throw new IllegalArgumentException("odfUrl is null"); }/*from www .j av a 2 s .c o m*/ KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode); ODFURIDereferencer dereferencer = new ODFURIDereferencer(odfUrl); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); LOG.debug("java version: " + System.getProperty("java.version")); /* * Requires Java 6u10 because of a bug. See also: * http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6696582 */ XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); if (false == validity) { LOG.debug("invalid signature"); return null; } // TODO: check what has been signed. X509Certificate signer = keySelector.getCertificate(); if (null == signer) { throw new IllegalStateException("signer X509 certificate is null"); } LOG.debug("signer: " + signer.getSubjectX500Principal()); return signer; }
From source file:be.fedict.eid.applet.service.signer.xps.XPSSignatureVerifier.java
public List<X509Certificate> getSigners(URL url) throws IOException, ParserConfigurationException, SAXException, TransformerException, MarshalException, XMLSignatureException, JAXBException { List<X509Certificate> signers = new LinkedList<X509Certificate>(); List<String> signatureResourceNames = getSignatureResourceNames(url); for (String signatureResourceName : signatureResourceNames) { LOG.debug("signature resource name: " + signatureResourceName); Document signatureDocument = loadDocument(url, signatureResourceName); if (null == signatureDocument) { LOG.warn("signature resource not found: " + signatureResourceName); continue; }/*from www . jav a 2 s .co m*/ NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (0 == signatureNodeList.getLength()) { LOG.debug("no signature elements present"); continue; } Node signatureNode = signatureNodeList.item(0); OPCKeySelector keySelector = new OPCKeySelector(url, signatureResourceName); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); if (false == validity) { LOG.debug("not a valid signature"); continue; } // TODO: check what has been signed. X509Certificate signer = keySelector.getCertificate(); signers.add(signer); } return signers; }
From source file:com.vmware.identity.sts.ws.SignatureValidator.java
/** * Validates the request signature. If the signature is not valid the * relevant {@link WSFaultException} is thrown * * @param signatureNode//from w w w .j a v a 2 s . co m * not null * @param signature * not null */ private void validateSignature(Node signatureNode, Signature signature, Node timestampNode) { assert signatureNode != null; assert signature != null; assert timestampNode != null; XMLSignatureFactory fac = XMLSignatureFactory.getInstance(); DOMValidateContext valContext = new DOMValidateContext(signature.getCertificate().getPublicKey(), signatureNode); try { XMLSignature xmlSignature = fac.unmarshalXMLSignature(valContext); if (!xmlSignature.validate(valContext)) { throw new WSFaultException(FaultKey.WSSE_FAILED_CHECK, "Signature is invalid."); } validateCanonicalizationMethod(xmlSignature); validateSignatureReferences(xmlSignature, valContext, signatureNode.getOwnerDocument(), timestampNode); } catch (MarshalException e) { throw new WSFaultException(FaultKey.WSSE_FAILED_CHECK, e); } catch (XMLSignatureException e) { throw new WSFaultException(FaultKey.WSSE_FAILED_CHECK, e); } }