List of usage examples for javax.xml.crypto.dsig XMLSignatureFactory getKeyInfoFactory
public final KeyInfoFactory getKeyInfoFactory()
KeyInfoFactory that creates KeyInfo objects. From source file:org.roda.core.plugins.plugins.characterization.ODFSignatureUtils.java
private static KeyInfo getKeyInfo(XMLSignatureFactory factory, X509Certificate certificate) { KeyInfoFactory kif = factory.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<>(); x509Content.add(certificate.getSubjectX500Principal().getName()); x509Content.add(certificate);/*from www .j a v a2 s . c o m*/ X509Data cerData = kif.newX509Data(x509Content); return kif.newKeyInfo(Collections.singletonList(cerData), null); }
From source file:org.warlock.itk.distributionenvelope.Payload.java
/** * Sign the payloadBody as-is. Note that this is going to be encrypted anyway * so we avoid any incompatibilities due to canonicalisation, and we don't * care if the payloadBody is text, compressed and so on. Re-writes payloadBody * with a serialised XML Digital Signature "Signature" element containing an * enveloping signature, or throws an exception to signal failure. * //from w w w . j ava2s. c o m * @param pk * @param cert * @throws Exception */ private void signPayload(PrivateKey pk, X509Certificate cert) throws Exception { if ((pk == null) || (cert == null)) { throw new Exception("Null signing material"); } cert.checkValidity(); XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM"); Reference ref = null; String objectRef = "uuid" + UUID.randomUUID().toString(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = null; DOMStructure payloadContent = null; if (compressed || base64 || !mimeType.contains("xml")) { ref = xsf.newReference("#" + objectRef, xsf.newDigestMethod(DigestMethod.SHA1, null)); doc = dbf.newDocumentBuilder().newDocument(); payloadContent = new DOMStructure(doc.createTextNode(payloadBody)); } else { Transform t = xsf.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); ref = xsf.newReference("#" + objectRef, xsf.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(t), null, null); doc = dbf.newDocumentBuilder().parse(new InputSource(new StringReader(payloadBody))); payloadContent = new DOMStructure(doc.getDocumentElement()); } XMLObject payloadObject = xsf.newXMLObject(Collections.singletonList(payloadContent), objectRef, null, null); SignedInfo si = xsf.newSignedInfo( xsf.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), xsf.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = xsf.getKeyInfoFactory(); ArrayList<Object> x509content = new ArrayList<Object>(); x509content.add(cert); X509Data xd = kif.newX509Data(x509content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); XMLSignature signature = xsf.newXMLSignature(si, ki, Collections.singletonList(payloadObject), null, null); DOMSignContext dsc = new DOMSignContext(pk, doc); signature.sign(dsc); StringWriter sw = new StringWriter(); StreamResult sr = new StreamResult(sw); Transformer tx = TransformerFactory.newInstance().newTransformer(); tx.transform(new DOMSource(doc), sr); if (sw.toString().indexOf("<?xml ") == 0) { payloadBody = sw.toString().substring(sw.toString().indexOf("?>") + "?>".length()); } else { payloadBody = sw.toString(); } }
From source file:test.integ.be.fedict.hsm.ws.WSSecurityTestSOAPHandler.java
private void addSignature(Element wsSecurityHeaderElement, Element tsElement, Element bodyElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, NoSuchProviderException, SOAPException { if (null == this.privateKey) { return;/*w ww. j a va 2 s . c o m*/ } DOMSignContext domSignContext = new DOMSignContext(this.privateKey, wsSecurityHeaderElement); domSignContext.setDefaultNamespacePrefix("ds"); domSignContext.setIdAttributeNS(tsElement, WSU_NAMESPACE, "Id"); domSignContext.setIdAttributeNS(bodyElement, WSU_NAMESPACE, "Id"); LOG.debug("Timestamp element found: " + (null != domSignContext.getElementById("TS"))); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM"); List<Reference> references = new LinkedList<Reference>(); List<String> tsPrefixes = new LinkedList<String>(); tsPrefixes.add("wsse"); tsPrefixes.add("S"); ExcC14NParameterSpec tsTransformSpec = new ExcC14NParameterSpec(tsPrefixes); Reference tsReference = xmlSignatureFactory.newReference("#TS", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList( xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, tsTransformSpec)), null, null); references.add(tsReference); if (this.signBody) { List<String> bodyPrefixes = new LinkedList<String>(); ExcC14NParameterSpec bodyTransformSpec = new ExcC14NParameterSpec(bodyPrefixes); Reference bodyReference = xmlSignatureFactory.newReference("#Body", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList( xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, bodyTransformSpec)), null, null); references.add(bodyReference); } if (this.signBinarySecurityToken) { Reference bstReference = xmlSignatureFactory .newReference("#X509", xmlSignatureFactory.newDigestMethod(this.digestAlgorithm, null), Collections.singletonList(xmlSignatureFactory .newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); references.add(bstReference); } SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory.newSignatureMethod(this.signatureAlgorithm, null), references); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); Document document = wsSecurityHeaderElement.getOwnerDocument(); Element securityTokenReferenceElement = document.createElementNS(WSSE_NAMESPACE, "wsse:SecurityTokenReference"); Element referenceElement = document.createElementNS(WSSE_NAMESPACE, "wsse:Reference"); referenceElement.setAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); referenceElement.setAttribute("URI", "#X509"); securityTokenReferenceElement.appendChild(referenceElement); KeyInfo keyInfo = keyInfoFactory .newKeyInfo(Collections.singletonList(new DOMStructure(securityTokenReferenceElement))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo, null, "SIG", null); xmlSignature.sign(domSignContext); }
From source file:test.unit.test.be.fedict.eid.applet.model.XmlSignatureServiceBeanTest.java
@Test public void testJsr105Signature() throws Exception { KeyPair keyPair = generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, new KeyUsage(KeyUsage.nonRepudiation)); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); byte[] externalDocument = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(externalDocument); byte[] documentDigestValue = messageDigest.digest(); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("some-uri", digestMethod, null, null, null, documentDigestValue);//from www.j a v a 2 s . c o m SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory(); X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList(certificate)); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document, "ds", (DOMCryptoContext) signContext); DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo; ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); domSignedInfo.canonicalize(signContext, dataStream); byte[] octets = dataStream.toByteArray(); MessageDigest jcaMessageDigest = MessageDigest.getInstance("SHA1"); byte[] digestValue = jcaMessageDigest.digest(octets); byte[] digestInfoValue = ArrayUtils.addAll(SHA1_DIGEST_INFO_PREFIX, digestValue); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] signatureValue = cipher.doFinal(digestInfoValue); NodeList signatureValueNodeList = document.getElementsByTagNameNS(javax.xml.crypto.dsig.XMLSignature.XMLNS, "SignatureValue"); assertEquals(1, signatureValueNodeList.getLength()); Element signatureValueElement = (Element) signatureValueNodeList.item(0); signatureValueElement.setTextContent(Base64.encode(signatureValue)); Source source = new DOMSource(document); StringWriter stringWriter = new StringWriter(); Result result = new StreamResult(stringWriter); Transformer xformer = TransformerFactory.newInstance().newTransformer(); xformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); xformer.transform(source, result); String signedDocumentStr = stringWriter.getBuffer().toString(); LOG.debug("signed document: " + signedDocumentStr); File tmpFile = File.createTempFile("xml-signature-", ".xml"); FileUtils.writeStringToFile(tmpFile, signedDocumentStr); StringReader stringReader = new StringReader(signedDocumentStr); InputSource inputSource = new InputSource(stringReader); Document signedDocument = documentBuilder.parse(inputSource); Element signatureElement = (Element) XPathAPI.selectSingleNode(signedDocument, "ds:Signature"); assertNotNull(signatureElement); XMLSignature apacheXmlSignature = new XMLSignature(signatureElement, null); ResourceTestResolver resourceResolver = new ResourceTestResolver(); resourceResolver.addResource("some-uri", "hello world".getBytes()); apacheXmlSignature.addResourceResolver(resourceResolver); boolean signatureResult = apacheXmlSignature.checkSignatureValue(keyPair.getPublic()); assertTrue(signatureResult); LOG.debug("file: " + tmpFile.getAbsolutePath()); }