Example usage for javax.xml.crypto.dsig XMLSignatureFactory newSignedInfo

List of usage examples for javax.xml.crypto.dsig XMLSignatureFactory newSignedInfo

  1. HOME
  2. Java
  3. javax
  4. javax.xml.crypto.dsig.*
  5. XMLSignatureFactory
  6. newSignedInfo

Introduction

In this page you can find the example usage for javax.xml.crypto.dsig XMLSignatureFactory newSignedInfo.

Prototype

public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm, SignatureMethod sm,
        List<? extends Reference> references);

Source Link

Document

Creates a SignedInfo with the specified canonicalization and signature methods, and list of one or more references.

Usage

From source file:com.bcmcgroup.flare.xmldsig.Xmldsig.java

/**
* Method used to create an enveloped digital signature for an element of a TAXII document.
*
* @param element the element to be signed
* @param keyEntry the PrivateKeyEntry/*  w  ww. jav a 2  s .  c  o m*/
* @param cbIndex the index of the Content_Block if we're signing a Content_Block, otherwise set to -1 if we're signing the root element
* @return the status of the operation
*
* Usage Example:
*   String pks = config.getProperty("pathToPublisherKeyStore");
*    String pksPw = FLAREclientUtil.decrypt(config.getProperty("publisherKeyStorePassword"));
*    String keyName = config.getProperty("publisherKeyName");
*    String keyPW = FLAREclientUtil.decrypt(config.getProperty("publisherKeyPassword"));
*   PrivateKeyEntry keyEntry =  FLAREclientUtil.getKeyEntry(pks, pksPw, keyName, keyPW);
*   List<Integer> statusList = Xmldsig.sign(rootElement, keyEntry, -1);
*/
private static boolean sign(Element element, PrivateKeyEntry keyEntry, int cbIndex) {
    element.normalize();
    boolean status = false;

    //Create XML Signature Factory
    XMLSignatureFactory xmlSigFactory = XMLSignatureFactory.getInstance("DOM");
    PublicKey publicKey = ClientUtil.getPublicKey(keyEntry);
    PrivateKey privateKey = keyEntry.getPrivateKey();
    DOMSignContext dsc = new DOMSignContext(privateKey, element);
    dsc.setDefaultNamespacePrefix("ds");
    dsc.setURIDereferencer(new MyURIDereferencer(element));
    SignedInfo si = null;
    DigestMethod dm = null;
    SignatureMethod sm = null;
    KeyInfo ki = null;
    X509Data xd;
    List<Serializable> x509Content = new ArrayList<>();
    try {
        String algorithm = publicKey.getAlgorithm();
        X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert);
        String algorithmName = cert.getSigAlgName();
        if (algorithm.toUpperCase().contains("RSA")) {
            if (algorithmName.toUpperCase().contains("SHA1")) {
                dm = xmlSigFactory.newDigestMethod(DigestMethod.SHA1, null);
                sm = xmlSigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
            } else if (algorithmName.toUpperCase().contains("SHA2")) {
                dm = xmlSigFactory.newDigestMethod(DigestMethod.SHA256, null);
                sm = xmlSigFactory.newSignatureMethod(RSA_SHA256_URI, null);
            } else {
                logger.error("Error in digital signature application. " + algorithmName + " is not supported.");
            }
            CanonicalizationMethod cm;
            if (cbIndex != -1) {
                cm = xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                        (C14NMethodParameterSpec) null);
                String refUri = "#xpointer(//*[local-name()='Content_Block'][" + cbIndex
                        + "]/*[local-name()='Content'][1]/*)";
                List<Reference> references = Collections.singletonList(xmlSigFactory.newReference(refUri, dm));
                si = xmlSigFactory.newSignedInfo(cm, sm, references);
            } else {
                List<Transform> transforms = new ArrayList<>(2);
                transforms.add(xmlSigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
                transforms.add(xmlSigFactory.newTransform(CanonicalizationMethod.EXCLUSIVE,
                        (TransformParameterSpec) null));
                cm = xmlSigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
                        (C14NMethodParameterSpec) null);
                String refUri = "#xpointer(/*)";
                List<Reference> references = Collections
                        .singletonList(xmlSigFactory.newReference(refUri, dm, transforms, null, null));
                si = xmlSigFactory.newSignedInfo(cm, sm, references);
            }
            KeyInfoFactory kif = xmlSigFactory.getKeyInfoFactory();
            xd = kif.newX509Data(x509Content);
            ki = kif.newKeyInfo(Collections.singletonList(xd));
        } else {
            logger.error("Error in digital signature application. " + algorithmName + " is not supported.");
        }
    } catch (NoSuchAlgorithmException ex) {
        logger.error("NoSuchAlgorithm Exception when attempting to digitally sign a document.");
    } catch (InvalidAlgorithmParameterException ex) {
        logger.error("InvalidAlgorithmParameter Exception when attempting to digitally sign a document.");
    }

    // Create a new XML Signature
    XMLSignature signature = xmlSigFactory.newXMLSignature(si, ki);
    try {
        // Sign the document
        signature.sign(dsc);
        status = true;
    } catch (MarshalException ex) {
        logger.error("MarshalException when attempting to digitally sign a document.");
    } catch (XMLSignatureException ex) {
        logger.error("XMLSignature Exception when attempting to digitally sign a document.");
    } catch (Exception e) {
        logger.error("General exception when attempting to digitally sign a document.");
    }
    return status;
}

From source file:es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.signer.AbstractXmlSignatureService.java

@SuppressWarnings("unchecked")
private byte[] getSignedXML(final String digestAlgo, final List<DigestInfo> digestInfos,
        final List<X509Certificate> signingCertificateChain, final PrivateKey signingKey)
        throws ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
        MarshalException, javax.xml.crypto.dsig.XMLSignatureException, TransformerException, IOException,
        SAXException {/*w  w  w.ja  va  2  s  .  c  om*/
    // DOM Document construction.
    Document document = getEnvelopingDocument();
    if (null == document) {
        final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);
        document = documentBuilderFactory.newDocumentBuilder().newDocument();
    }

    final XMLSignContext xmlSignContext = new DOMSignContext(signingKey, document);
    final URIDereferencer uriDereferencer = getURIDereferencer();
    if (null != uriDereferencer) {
        xmlSignContext.setURIDereferencer(uriDereferencer);
    }

    final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", //$NON-NLS-1$
            new org.jcp.xml.dsig.internal.dom.XMLDSigRI());

    // Add ds:References that come from signing client local files.
    final List<Reference> references = new LinkedList<Reference>();
    addDigestInfosAsReferences(digestInfos, signatureFactory, references);

    // Invoke the signature facets.
    final String signatureId = "xmldsig-" + UUID.randomUUID().toString(); //$NON-NLS-1$
    final List<XMLObject> objects = new LinkedList<XMLObject>();
    for (final SignatureFacet signatureFacet : this.signatureFacets) {
        signatureFacet.preSign(signatureFactory, document, signatureId, signingCertificateChain, references,
                objects);
    }

    // ds:SignedInfo
    final SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(digestAlgo),
            null);
    final SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(
            getCanonicalizationMethod(), (C14NMethodParameterSpec) null), signatureMethod, references);

    // Creamos el KeyInfo
    final KeyInfoFactory kif = signatureFactory.getKeyInfoFactory();
    final List<Object> x509Content = new ArrayList<Object>();
    x509Content.add(signingCertificateChain.get(0));

    final List<Object> content = new ArrayList<Object>();
    try {
        content.add(kif.newKeyValue(signingCertificateChain.get(0).getPublicKey()));
    } catch (final Exception e) {
        Logger.getLogger("es.gob.afirma") //$NON-NLS-1$
                .severe("Error creando el KeyInfo, la informacion puede resultar incompleta: " + e); //$NON-NLS-1$
    }
    content.add(kif.newX509Data(x509Content));

    // JSR105 ds:Signature creation
    final String signatureValueId = signatureId + "-signature-value"; //$NON-NLS-1$
    final javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo,
            kif.newKeyInfo(content), // KeyInfo
            objects, signatureId, signatureValueId);

    // ds:Signature Marshalling.
    final DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature;
    Node documentNode = document.getDocumentElement();
    if (null == documentNode) {
        documentNode = document; // In case of an empty DOM document.
    }
    final String dsPrefix = null;
    domXmlSignature.marshal(documentNode, dsPrefix, (DOMCryptoContext) xmlSignContext);

    // Completion of undigested ds:References in the ds:Manifests.
    for (final XMLObject object : objects) {

        final List<XMLStructure> objectContentList = object.getContent();
        for (final XMLStructure objectContent : objectContentList) {
            if (!(objectContent instanceof Manifest)) {
                continue;
            }
            final Manifest manifest = (Manifest) objectContent;
            final List<Reference> manifestReferences = manifest.getReferences();
            for (final Reference manifestReference : manifestReferences) {
                if (null != manifestReference.getDigestValue()) {
                    continue;
                }
                final DOMReference manifestDOMReference = (DOMReference) manifestReference;
                manifestDOMReference.digest(xmlSignContext);
            }
        }
    }

    // Completion of undigested ds:References.
    final List<Reference> signedInfoReferences = signedInfo.getReferences();
    for (final Reference signedInfoReference : signedInfoReferences) {
        final DOMReference domReference = (DOMReference) signedInfoReference;
        if (null != domReference.getDigestValue()) {
            // ds:Reference with external digest value
            continue;
        }
        domReference.digest(xmlSignContext);
    }

    // Calculation of signature
    final DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo;
    final ByteArrayOutputStream dataStream = new ByteArrayOutputStream();
    domSignedInfo.canonicalize(xmlSignContext, dataStream);
    final byte[] octets = dataStream.toByteArray();
    final Signature sig = Signature.getInstance(digestAlgo.replace("-", "") + "withRSA"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
    final byte[] sigBytes;
    try {
        sig.initSign(signingKey);
        sig.update(octets);
        sigBytes = sig.sign();
    } catch (final Exception e) {
        throw new javax.xml.crypto.dsig.XMLSignatureException(
                "Error en la firma PKCS#1 ('" + digestAlgo + "withRSA): " + e); //$NON-NLS-1$ //$NON-NLS-2$
    }

    // Sacamos el pre-XML a un OutputStream
    final ByteArrayOutputStream baos = new ByteArrayOutputStream();
    writeDocument(document, baos);

    // Ya tenemos el XML, con la firma vacia y el SignatureValue, cada uno
    // por su lado...
    return postSign(baos.toByteArray(), signingCertificateChain, signatureId, sigBytes);

}

From source file:be.fedict.eid.idp.common.saml2.Saml2Util.java

/**
 * Sign DOM document//ww  w  .j a  v  a2s  .c  o m
 * 
 * @param documentElement
 *            document to be signed
 * @param nextSibling
 *            next sibling in document, dsig is added before this one
 * @param identity
 *            Identity to sign with
 * @throws NoSuchAlgorithmException
 *             signing algorithm not found
 * @throws InvalidAlgorithmParameterException
 *             invalid signing algo param
 * @throws MarshalException
 *             error marshalling signature
 * @throws XMLSignatureException
 *             error during signing
 */
public static void signDocument(Element documentElement, Node nextSibling, KeyStore.PrivateKeyEntry identity)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {

    // get document ID
    String documentId = documentElement.getAttribute("ID");
    LOG.debug("document ID=" + documentId);

    // fix for recent versions of Apache xmlsec.
    documentElement.setIdAttribute("ID", true);

    XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");

    XMLSignContext signContext = new DOMSignContext(identity.getPrivateKey(), documentElement, nextSibling);
    signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds");
    javax.xml.crypto.dsig.DigestMethod digestMethod = signatureFactory
            .newDigestMethod(javax.xml.crypto.dsig.DigestMethod.SHA1, null);

    List<javax.xml.crypto.dsig.Transform> transforms = new LinkedList<javax.xml.crypto.dsig.Transform>();
    transforms.add(signatureFactory.newTransform(javax.xml.crypto.dsig.Transform.ENVELOPED,
            (TransformParameterSpec) null));
    javax.xml.crypto.dsig.Transform exclusiveTransform = signatureFactory
            .newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null);
    transforms.add(exclusiveTransform);

    Reference reference = signatureFactory.newReference("#" + documentId, digestMethod, transforms, null, null);

    SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    CanonicalizationMethod canonicalizationMethod = signatureFactory
            .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod,
            Collections.singletonList(reference));

    List<Object> keyInfoContent = new LinkedList<Object>();
    KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance();
    List<Object> x509DataObjects = new LinkedList<Object>();

    for (X509Certificate certificate : Saml2Util.getCertificateChain(identity)) {
        x509DataObjects.add(certificate);
    }
    javax.xml.crypto.dsig.keyinfo.X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects);
    keyInfoContent.add(x509Data);
    javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent);

    javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo);
    xmlSignature.sign(signContext);
}

From source file:com.vmware.identity.saml.impl.TokenAuthorityImpl.java

/**
 * Creates SignedInfo section part of Signature.
 *
 * @param references/*ww w .j  a  va  2s  .  c  o  m*/
 *           references to be included in SignedInfo. Cannot be null.
 * @param signatureAlgorithm
 * @return returns SignedInfo object representing SignedInfo section
 * @throws NoSuchAlgorithmException
 * @throws InvalidAlgorithmParameterException
 */
private SignedInfo createSignedInfo(List<Reference> references, SignatureAlgorithm signatureAlgorithm) {
    assert references != null;
    assert signatureAlgorithm != null;

    XMLSignatureFactory factory = XMLSignatureFactory.getInstance();

    CanonicalizationMethod canonicalizationMethod;
    try {
        canonicalizationMethod = factory.newCanonicalizationMethod(
                SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, (C14NMethodParameterSpec) null);
    } catch (Exception e) {
        throw new IllegalStateException("Cannot create canonicalization object.", e);
    }

    SignatureMethod signatureMethod;
    try {
        signatureMethod = factory.newSignatureMethod(signatureAlgorithm.toString(), null);
    } catch (Exception e) {
        throw new IllegalStateException("Cannot create signature algorithm object.", e);
    }

    SignedInfo signedInfo = factory.newSignedInfo(canonicalizationMethod, signatureMethod, references);

    log.debug("Created SignedInfo section with signatureAlgorithm: {}", signatureAlgorithm);
    return signedInfo;
}

From source file:be.fedict.eid.applet.service.signer.AbstractXmlSignatureService.java

@SuppressWarnings("unchecked")
private byte[] getXmlSignatureDigestValue(DigestAlgo digestAlgo, List<DigestInfo> digestInfos,
        List<X509Certificate> signingCertificateChain)
        throws ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
        MarshalException, javax.xml.crypto.dsig.XMLSignatureException, TransformerFactoryConfigurationError,
        TransformerException, IOException, SAXException {
    /*//from w  w w.  j a v a 2s.  c o m
     * DOM Document construction.
     */
    Document document = getEnvelopingDocument();
    if (null == document) {
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);
        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
        document = documentBuilder.newDocument();
    }

    /*
     * Signature context construction.
     */
    Key key = new Key() {
        private static final long serialVersionUID = 1L;

        public String getAlgorithm() {
            return null;
        }

        public byte[] getEncoded() {
            return null;
        }

        public String getFormat() {
            return null;
        }
    };
    XMLSignContext xmlSignContext = new DOMSignContext(key, document);
    URIDereferencer uriDereferencer = getURIDereferencer();
    if (null != uriDereferencer) {
        xmlSignContext.setURIDereferencer(uriDereferencer);
    }

    if (null != this.signatureNamespacePrefix) {
        /*
         * OOo doesn't like ds namespaces so per default prefixing is off.
         */
        xmlSignContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS,
                this.signatureNamespacePrefix);
    }

    XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM",
            new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI());

    /*
     * Add ds:References that come from signing client local files.
     */
    List<Reference> references = new LinkedList<Reference>();
    addDigestInfosAsReferences(digestInfos, signatureFactory, references);

    /*
     * Invoke the signature facets.
     */
    String localSignatureId;
    if (null == this.signatureId) {
        localSignatureId = "xmldsig-" + UUID.randomUUID().toString();
    } else {
        localSignatureId = this.signatureId;
    }
    List<XMLObject> objects = new LinkedList<XMLObject>();
    for (SignatureFacet signatureFacet : this.signatureFacets) {
        LOG.debug("invoking signature facet: " + signatureFacet.getClass().getSimpleName());
        signatureFacet.preSign(signatureFactory, document, localSignatureId, signingCertificateChain,
                references, objects);
    }

    /*
     * ds:SignedInfo
     */
    SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(digestAlgo), null);
    CanonicalizationMethod canonicalizationMethod = signatureFactory
            .newCanonicalizationMethod(getCanonicalizationMethod(), (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references);

    /*
     * JSR105 ds:Signature creation
     */
    String signatureValueId = localSignatureId + "-signature-value";
    javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null,
            objects, localSignatureId, signatureValueId);

    /*
     * ds:Signature Marshalling.
     */
    DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature;
    Node documentNode = document.getDocumentElement();
    if (null == documentNode) {
        /*
         * In case of an empty DOM document.
         */
        documentNode = document;
    }
    domXmlSignature.marshal(documentNode, this.signatureNamespacePrefix, (DOMCryptoContext) xmlSignContext);

    /*
     * Completion of undigested ds:References in the ds:Manifests.
     */
    for (XMLObject object : objects) {
        LOG.debug("object java type: " + object.getClass().getName());
        List<XMLStructure> objectContentList = object.getContent();
        for (XMLStructure objectContent : objectContentList) {
            LOG.debug("object content java type: " + objectContent.getClass().getName());
            if (false == objectContent instanceof Manifest) {
                continue;
            }
            Manifest manifest = (Manifest) objectContent;
            List<Reference> manifestReferences = manifest.getReferences();
            for (Reference manifestReference : manifestReferences) {
                if (null != manifestReference.getDigestValue()) {
                    continue;
                }
                DOMReference manifestDOMReference = (DOMReference) manifestReference;
                manifestDOMReference.digest(xmlSignContext);
            }
        }
    }

    /*
     * Completion of undigested ds:References.
     */
    List<Reference> signedInfoReferences = signedInfo.getReferences();
    for (Reference signedInfoReference : signedInfoReferences) {
        DOMReference domReference = (DOMReference) signedInfoReference;
        if (null != domReference.getDigestValue()) {
            // ds:Reference with external digest value
            continue;
        }
        domReference.digest(xmlSignContext);
    }

    /*
     * Store the intermediate XML signature document.
     */
    TemporaryDataStorage temporaryDataStorage = getTemporaryDataStorage();
    OutputStream tempDocumentOutputStream = temporaryDataStorage.getTempOutputStream();
    writeDocument(document, tempDocumentOutputStream);
    temporaryDataStorage.setAttribute(SIGNATURE_ID_ATTRIBUTE, localSignatureId);

    /*
     * Calculation of XML signature digest value.
     */
    DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo;
    ByteArrayOutputStream dataStream = new ByteArrayOutputStream();
    domSignedInfo.canonicalize(xmlSignContext, dataStream);
    byte[] octets = dataStream.toByteArray();

    /*
     * TODO: we could be using DigestOutputStream here to optimize memory
     * usage.
     */

    MessageDigest jcaMessageDigest = MessageDigest.getInstance(digestAlgo.getAlgoId());
    byte[] digestValue = jcaMessageDigest.digest(octets);
    return digestValue;
}

From source file:be.fedict.eid.tsl.TrustServiceList.java

private void xmlSign(PrivateKey privateKey, X509Certificate certificate, String tslId)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {/*from w w w  . j av a 2  s  .c o  m*/
    XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM",
            new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
    LOG.debug("xml signature factory: " + signatureFactory.getClass().getName());
    LOG.debug("loader: " + signatureFactory.getClass().getClassLoader());
    XMLSignContext signContext = new DOMSignContext(privateKey, this.tslDocument.getDocumentElement());
    signContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");

    DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA256, null);
    List<Reference> references = new LinkedList<Reference>();
    List<Transform> transforms = new LinkedList<Transform>();
    transforms.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
    Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE,
            (TransformParameterSpec) null);
    transforms.add(exclusiveTransform);

    Reference reference = signatureFactory.newReference("#" + tslId, digestMethod, transforms, null, null);
    references.add(reference);

    String signatureId = "xmldsig-" + UUID.randomUUID().toString();
    List<XMLObject> objects = new LinkedList<XMLObject>();
    addXadesBes(signatureFactory, this.tslDocument, signatureId, certificate, references, objects);

    SignatureMethod signatureMethod;
    if (isJava6u18OrAbove()) {
        signatureMethod = signatureFactory
                .newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
    } else {
        signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    }
    CanonicalizationMethod canonicalizationMethod = signatureFactory
            .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references);

    List<Object> keyInfoContent = new LinkedList<Object>();

    KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance();
    List<Object> x509DataObjects = new LinkedList<Object>();
    x509DataObjects.add(certificate);
    x509DataObjects.add(keyInfoFactory.newX509IssuerSerial(certificate.getIssuerX500Principal().toString(),
            certificate.getSerialNumber()));
    X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects);
    keyInfoContent.add(x509Data);

    KeyValue keyValue;
    try {
        keyValue = keyInfoFactory.newKeyValue(certificate.getPublicKey());
    } catch (KeyException e) {
        throw new RuntimeException("key exception: " + e.getMessage(), e);
    }
    keyInfoContent.add(keyValue);

    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent);

    String signatureValueId = signatureId + "-signature-value";
    XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo, objects, signatureId,
            signatureValueId);
    xmlSignature.sign(signContext);
}

From source file:eu.europa.ec.markt.dss.signature.xades.XAdESProfileBES.java

private DOMXMLSignature createDetached(SignatureParameters params, DOMSignContext signContext,
        org.w3c.dom.Document doc, String signatureId, String signatureValueId, final Document inside)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, JAXBException, MarshalException,
        XMLSignatureException, ParserConfigurationException, IOException {

    final XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
    DigestMethod digestMethod = fac.newDigestMethod(params.getDigestAlgorithm().getXmlId(), null);

    // Create references
    List<Reference> references = new ArrayList<Reference>();
    addReferences(documentIterator(inside), references, digestMethod, fac);
    // Create repository
    signContext.setURIDereferencer(new NameBasedDocumentRepository(inside, fac));

    List<XMLObject> objects = new ArrayList<XMLObject>();

    Map<String, String> xpathNamespaceMap = new HashMap<String, String>();
    xpathNamespaceMap.put("ds", "http://www.w3.org/2000/09/xmldsig#");

    String xadesSignedPropertiesId = "xades-" + computeDeterministicId(params);
    QualifyingPropertiesType qualifyingProperties = createXAdESQualifyingProperties(params,
            xadesSignedPropertiesId, references, inside);
    qualifyingProperties.setTarget("#" + signatureId);

    Node marshallNode = doc.createElement("marshall-node");
    JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    marshaller.marshal(xades13ObjectFactory.createQualifyingProperties(qualifyingProperties), marshallNode);
    Element qualifier = (Element) marshallNode.getFirstChild();

    // add XAdES ds:Object
    List<XMLStructure> xadesObjectContent = new LinkedList<XMLStructure>();
    xadesObjectContent.add(new DOMStructure(marshallNode.getFirstChild()));
    XMLObject xadesObject = fac.newXMLObject(xadesObjectContent, null, null, null);
    objects.add(xadesObject);/*from   w  ww  .  jav  a 2  s .  co m*/

    List<Transform> xadesTranforms = new ArrayList<Transform>();
    Transform exclusiveTransform2 = fac.newTransform(CanonicalizationMethod.INCLUSIVE,
            (TransformParameterSpec) null);
    xadesTranforms.add(exclusiveTransform2);
    Reference xadesreference = fac.newReference("#" + xadesSignedPropertiesId, digestMethod, xadesTranforms,
            XADES_TYPE, null);
    references.add(xadesreference);

    /* Signed Info */
    SignatureMethod sm = fac.newSignatureMethod(
            params.getSignatureAlgorithm().getXMLSignatureAlgorithm(params.getDigestAlgorithm()), null);

    CanonicalizationMethod canonicalizationMethod = fac
            .newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = fac.newSignedInfo(canonicalizationMethod, sm, references);

    /* Creation of signature */
    KeyInfoFactory keyFactory = KeyInfoFactory.getInstance("DOM", new XMLDSigRI());

    List<Object> infos = new ArrayList<Object>();
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(params.getSigningCertificate());
    if (params.getCertificateChain() != null) {
        for (X509Certificate c : params.getCertificateChain()) {
            if (!c.getSubjectX500Principal().equals(params.getSigningCertificate().getSubjectX500Principal())) {
                certs.add(c);
            }
        }
    }
    infos.add(keyFactory.newX509Data(certs));
    KeyInfo keyInfo = keyFactory.newKeyInfo(infos);

    DOMXMLSignature signature = (DOMXMLSignature) fac.newXMLSignature(signedInfo, keyInfo, objects, signatureId,
            signatureValueId);

    /* Marshall the signature to permit the digest. Need to be done before digesting the references. */
    doc.removeChild(doc.getDocumentElement());
    signature.marshal(doc, "ds", signContext);

    signContext.setIdAttributeNS((Element) qualifier.getFirstChild(), null, "Id");

    digestReferences(signContext, references);

    return signature;

}

From source file:eu.europa.ec.markt.dss.signature.xades.XAdESProfileBES.java

private DOMXMLSignature createEnveloping(SignatureParameters params, DOMSignContext signContext,
        org.w3c.dom.Document doc, String signatureId, String signatureValueId, Document inside)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, JAXBException, MarshalException,
        XMLSignatureException, ParserConfigurationException, IOException {

    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    DigestMethod digestMethod = fac.newDigestMethod(params.getDigestAlgorithm().getXmlId(), null);

    List<XMLObject> objects = new ArrayList<XMLObject>();
    List<Reference> references = new ArrayList<Reference>();

    byte[] b64data = Base64.encode(IOUtils.toByteArray(inside.openStream()));

    List<Transform> transforms = new ArrayList<Transform>();
    Map<String, String> xpathNamespaceMap = new HashMap<String, String>();
    xpathNamespaceMap.put("ds", "http://www.w3.org/2000/09/xmldsig#");
    Transform exclusiveTransform = fac.newTransform(CanonicalizationMethod.BASE64,
            (TransformParameterSpec) null);
    transforms.add(exclusiveTransform);/* ww  w.  j a v  a  2 s . c  o m*/

    /* The first reference concern the whole document */
    Reference reference = fac.newReference("#signed-data-" + computeDeterministicId(params), digestMethod,
            transforms, null, "signed-data-ref");
    references.add(reference);

    String xadesSignedPropertiesId = "xades-" + computeDeterministicId(params);
    QualifyingPropertiesType qualifyingProperties = createXAdESQualifyingProperties(params,
            xadesSignedPropertiesId, reference, MimeType.PLAIN);
    qualifyingProperties.setTarget("#" + signatureId);

    Node marshallNode = doc.createElement("marshall-node");

    JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    marshaller.marshal(xades13ObjectFactory.createQualifyingProperties(qualifyingProperties), marshallNode);

    Element qualifier = (Element) marshallNode.getFirstChild();

    // add XAdES ds:Object
    List<XMLStructure> xadesObjectContent = new LinkedList<XMLStructure>();
    xadesObjectContent.add(new DOMStructure(marshallNode.getFirstChild()));
    XMLObject xadesObject = fac.newXMLObject(xadesObjectContent, null, null, null);
    objects.add(xadesObject);

    List<Transform> xadesTranforms = new ArrayList<Transform>();
    Transform exclusiveTransform2 = fac.newTransform(CanonicalizationMethod.INCLUSIVE,
            (TransformParameterSpec) null);
    xadesTranforms.add(exclusiveTransform2);
    Reference xadesreference = fac.newReference("#" + xadesSignedPropertiesId, digestMethod, xadesTranforms,
            XADES_TYPE, null);
    references.add(xadesreference);

    /* Signed Info */
    SignatureMethod sm = fac.newSignatureMethod(
            params.getSignatureAlgorithm().getXMLSignatureAlgorithm(params.getDigestAlgorithm()), null);

    CanonicalizationMethod canonicalizationMethod = fac
            .newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = fac.newSignedInfo(canonicalizationMethod, sm, references);

    /* Creation of signature */
    KeyInfoFactory keyFactory = KeyInfoFactory.getInstance("DOM", new XMLDSigRI());

    List<Object> infos = new ArrayList<Object>();
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(params.getSigningCertificate());
    if (params.getCertificateChain() != null) {
        for (X509Certificate c : params.getCertificateChain()) {
            if (!c.getSubjectX500Principal().equals(params.getSigningCertificate().getSubjectX500Principal())) {
                certs.add(c);
            }
        }
    }
    infos.add(keyFactory.newX509Data(certs));
    KeyInfo keyInfo = keyFactory.newKeyInfo(infos);

    DOMXMLSignature signature = (DOMXMLSignature) fac.newXMLSignature(signedInfo, keyInfo, objects, signatureId,
            signatureValueId);

    /* Marshall the signature to permit the digest. Need to be done before digesting the references. */
    doc.removeChild(doc.getDocumentElement());
    signature.marshal(doc, "ds", signContext);

    Element dsObject = doc.createElementNS(XMLSignature.XMLNS, "Object");
    dsObject.setAttribute("Id", "signed-data-" + computeDeterministicId(params));
    dsObject.setTextContent(new String(b64data));
    doc.getDocumentElement().appendChild(dsObject);

    signContext.setIdAttributeNS((Element) qualifier.getFirstChild(), null, "Id");
    signContext.setIdAttributeNS(dsObject, null, "Id");

    digestReferences(signContext, references);

    return signature;

}

From source file:eu.europa.ec.markt.dss.signature.xades.XAdESProfileBES.java

private DOMXMLSignature createEnveloped(SignatureParameters params, DOMSignContext signContext,
        org.w3c.dom.Document doc, String signatureId, String signatureValueId) throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, JAXBException, MarshalException, XMLSignatureException {

    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    signContext.setURIDereferencer(new URIDereferencer() {

        @Override/*from w w  w  .j  a  va2 s  .  c o m*/
        public Data dereference(URIReference uriReference, XMLCryptoContext context)
                throws URIReferenceException {
            final XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
            Data data = fac.getURIDereferencer().dereference(uriReference, context);
            return data;
        }
    });

    Map<String, String> xpathNamespaceMap = new HashMap<String, String>();
    xpathNamespaceMap.put("ds", XMLSignature.XMLNS);

    List<Reference> references = new ArrayList<Reference>();

    /* The first reference concern the whole document */
    List<Transform> transforms = new ArrayList<Transform>();
    transforms.add(fac.newTransform(CanonicalizationMethod.ENVELOPED, (TransformParameterSpec) null));

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    org.w3c.dom.Document empty;
    try {
        empty = dbf.newDocumentBuilder().newDocument();
    } catch (ParserConfigurationException e1) {
        throw new RuntimeException(e1);
    }
    Element xpathEl = empty.createElementNS(XMLSignature.XMLNS, "XPath");
    xpathEl.setTextContent("");
    empty.adoptNode(xpathEl);
    XPathFilterParameterSpec specs = new XPathFilterParameterSpec("not(ancestor-or-self::ds:Signature)");
    DOMTransform t = (DOMTransform) fac.newTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", specs);

    transforms.add(t);
    DigestMethod digestMethod = fac.newDigestMethod(params.getDigestAlgorithm().getXmlId(), null);
    Reference reference = fac.newReference("", digestMethod, transforms, null, "xml_ref_id");
    references.add(reference);

    List<XMLObject> objects = new ArrayList<XMLObject>();

    String xadesSignedPropertiesId = "xades-" + computeDeterministicId(params);
    QualifyingPropertiesType qualifyingProperties = createXAdESQualifyingProperties(params,
            xadesSignedPropertiesId, reference, MimeType.XML);
    qualifyingProperties.setTarget("#" + signatureId);

    Node marshallNode = doc.createElement("marshall-node");
    JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    marshaller.marshal(xades13ObjectFactory.createQualifyingProperties(qualifyingProperties), marshallNode);
    Element qualifier = (Element) marshallNode.getFirstChild();

    // add XAdES ds:Object
    List<XMLStructure> xadesObjectContent = new LinkedList<XMLStructure>();
    xadesObjectContent.add(new DOMStructure(marshallNode.getFirstChild()));
    XMLObject xadesObject = fac.newXMLObject(xadesObjectContent, null, null, null);
    objects.add(xadesObject);

    Reference xadesreference = fac.newReference("#" + xadesSignedPropertiesId, digestMethod,
            Collections.singletonList(
                    fac.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null)),
            XADES_TYPE, null);
    references.add(xadesreference);

    /* Signed Info */
    SignatureMethod sm = fac.newSignatureMethod(
            params.getSignatureAlgorithm().getXMLSignatureAlgorithm(params.getDigestAlgorithm()), null);

    CanonicalizationMethod canonicalizationMethod = fac
            .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    SignedInfo signedInfo = fac.newSignedInfo(canonicalizationMethod, sm, references);

    /* Creation of signature */
    KeyInfoFactory keyFactory = KeyInfoFactory.getInstance("DOM", new XMLDSigRI());

    List<Object> infos = new ArrayList<Object>();
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(params.getSigningCertificate());
    if (params.getCertificateChain() != null) {
        for (X509Certificate c : params.getCertificateChain()) {
            if (!c.getSubjectX500Principal().equals(params.getSigningCertificate().getSubjectX500Principal())) {
                certs.add(c);
            }
        }
    }
    infos.add(keyFactory.newX509Data(certs));
    KeyInfo keyInfo = keyFactory.newKeyInfo(infos);

    DOMXMLSignature signature = (DOMXMLSignature) fac.newXMLSignature(signedInfo, keyInfo, objects, signatureId,
            signatureValueId);

    /* Marshall the signature to permit the digest. Need to be done before digesting the references. */
    signature.marshal(doc.getDocumentElement(), "ds", signContext);

    signContext.setIdAttributeNS((Element) qualifier.getFirstChild(), null, "Id");

    digestReferences(signContext, references);

    return signature;

}

From source file:org.apache.cxf.ws.security.sts.provider.operation.IssueDelegate.java

private void signXML(Element target, String refId, KeyStoreInfo keyStoreInfo) {

    org.apache.xml.security.Init.init();

    XMLSignatureFactory signFactory = XMLSignatureFactory.getInstance(SIGN_FACTORY_TYPE);
    try {//from ww  w.  j  av a2  s  .c o  m
        DigestMethod method = signFactory.newDigestMethod(DigestMethod.SHA1, null);
        Transform transform = signFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
        Reference ref = signFactory.newReference('#' + refId, method, Collections.singletonList(transform),
                null, null);

        CanonicalizationMethod canonMethod = signFactory
                .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
        SignatureMethod signMethod = signFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
        SignedInfo si = signFactory.newSignedInfo(canonMethod, signMethod, Collections.singletonList(ref));

        KeyStore.PrivateKeyEntry keyEntry = getKeyEntry(keyStoreInfo);
        if (keyEntry == null) {
            throw new IllegalStateException("Key is not found in keystore. Alias: " + keyStoreInfo.getAlias());
        }

        KeyInfo ki = getKeyInfo(signFactory, keyEntry);

        DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), target);

        XMLSignature signature = signFactory.newXMLSignature(si, ki);

        signature.sign(dsc);

    } catch (Exception e) {
        throw new STSException("Cannot sign xml document: " + e.getMessage(), e);
    }
}