List of usage examples for javax.xml.crypto.dsig XMLSignatureFactory newXMLSignature
public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki);
XMLSignature and initializes it with the contents of the specified SignedInfo and KeyInfo objects. From source file:test.be.fedict.eid.dss.DigitalSignatureServiceTest.java
private void signDocument(Document document) throws IOException, PKCS11Exception, InterruptedException, NoSuchFieldException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, CardException { Messages messages = new Messages(Locale.getDefault()); PcscEid pcscEid = new PcscEid(new TestView(), messages); if (false == pcscEid.isEidPresent()) { LOG.debug("insert eID..."); pcscEid.waitForEidPresent();/*from w ww .j a v a 2 s .c o m*/ } // PrivateKeyEntry privateKeyEntry = pcscEid.getPrivateKeyEntry(); PrivateKeyEntry privateKeyEntry = null; // TODO: refactor once Commons eID has been released. XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); XMLSignContext signContext = new DOMSignContext(privateKeyEntry.getPrivateKey(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("#id", digestMethod); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(); List<Object> x509DataObjects = new LinkedList<Object>(); X509Certificate signingCertificate = (X509Certificate) privateKeyEntry.getCertificate(); x509DataObjects.add(signingCertificate); X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects); List<Object> keyInfoContent = new LinkedList<Object>(); keyInfoContent.add(x509Data); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(signContext); pcscEid.close(); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105Signature() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);/*from w w w .j av a2 s .c o m*/ Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setIdAttribute("Id", true); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("#id-1234", digestMethod); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105SignatureExternalXML() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);//from w w w. jav a 2 s. c o m Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.setURIDereferencer(new MyURIDereferencer()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); List<Transform> transforms = new LinkedList<Transform>(); Transform transform = signatureFactory.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); transforms.add(transform); Reference reference = signatureFactory.newReference("/helloworld.xml", digestMethod, transforms, null, null); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105SignatureExternalXMLWithDTD() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);// ww w . j av a 2 s . co m Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.setURIDereferencer(new MyURIDereferencer()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); List<Transform> transforms = new LinkedList<Transform>(); Transform transform = signatureFactory.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); LOG.debug("transform type: " + transform.getClass().getName()); transforms.add(transform); Reference reference = signatureFactory.newReference("/bookstore.xml", digestMethod, transforms, null, null); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testCoSignature() throws Exception { // setup/*w w w . j a v a 2 s. c o m*/ Document document = PkiTestUtils .loadDocument(CoSignatureFacetTest.class.getResourceAsStream("/helloworld.xml")); KeyPair keyPair = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); CoSignatureFacet testedInstance = new CoSignatureFacet(); List<Reference> references = new LinkedList<Reference>(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); // operate xmlSignature.sign(signContext); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext(keyPair.getPublic(), signatureNode); XMLSignature validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = validationXmlSignature.validate(domValidateContext); assertTrue(validity); document.getDocumentElement().getFirstChild().setNodeValue("test"); LOG.debug("signed document: " + PkiTestUtils.toString(document)); assertTrue(validationXmlSignature.validate(domValidateContext)); // really have to re-load the XML signature object. validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); assertFalse(validationXmlSignature.validate(domValidateContext)); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testCoSignatureUri() throws Exception { // setup/* ww w .j av a 2s . c om*/ Document document = PkiTestUtils .loadDocument(CoSignatureFacetTest.class.getResourceAsStream("/helloworld.xml")); KeyPair keyPair = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); CoSignatureFacet testedInstance = new CoSignatureFacet(DigestAlgo.SHA1, "ref-1234"); List<Reference> references = new LinkedList<Reference>(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); // operate xmlSignature.sign(signContext); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext(keyPair.getPublic(), signatureNode); XMLSignature validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = validationXmlSignature.validate(domValidateContext); assertTrue(validity); document.getDocumentElement().getFirstChild().setNodeValue("test"); LOG.debug("signed document: " + PkiTestUtils.toString(document)); assertTrue(validationXmlSignature.validate(domValidateContext)); // really have to re-load the XML signature object. validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); assertFalse(validationXmlSignature.validate(domValidateContext)); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testMultipleCoSignatures() throws Exception { // setup//from ww w . j a va 2 s . com DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement); Element dataElement = document.createElementNS("urn:test", "tns:data"); rootElement.appendChild(dataElement); // add alot of nodes to test performance // when using xpath v1 in the co signature facet the c14n became really slow for (int i = 0; i < 80000; i++) { Element fooElement = document.createElementNS("urn:test", "tns:foo"); fooElement.setTextContent("bar"); dataElement.appendChild(fooElement); } KeyPair keyPair1 = PkiTestUtils.generateKeyPair(); KeyPair keyPair2 = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); List<Reference> references = new LinkedList<Reference>(); CoSignatureFacet testedInstance = new CoSignatureFacet(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); // ds:SignedInfo SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); XMLSignature xmlSignature2 = signatureFactory.newXMLSignature(signedInfo, null); // sign context XMLSignContext signContext1 = new DOMSignContext(keyPair1.getPrivate(), document.getDocumentElement()); signContext1.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); XMLSignContext signContext2 = new DOMSignContext(keyPair2.getPrivate(), document.getDocumentElement()); signContext2.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); // operate xmlSignature.sign(signContext1); xmlSignature2.sign(signContext2); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(2, signatureNodeList.getLength()); Node signature1Node = signatureNodeList.item(0); DOMValidateContext domValidateContext1 = new DOMValidateContext(keyPair1.getPublic(), signature1Node); XMLSignature validationXmlSignature1 = signatureFactory.unmarshalXMLSignature(domValidateContext1); boolean validity1 = validationXmlSignature1.validate(domValidateContext1); assertTrue(validity1); Node signature2Node = signatureNodeList.item(1); DOMValidateContext domValidateContext2 = new DOMValidateContext(keyPair2.getPublic(), signature2Node); XMLSignature validationXmlSignature2 = signatureFactory.unmarshalXMLSignature(domValidateContext2); boolean validity2 = validationXmlSignature2.validate(domValidateContext2); assertTrue(validity2); // cut out first signature should not break second one document.getDocumentElement().removeChild(signature1Node); LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList2 = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList2.getLength()); Node signature3Node = signatureNodeList2.item(0); DOMValidateContext domValidateContext3 = new DOMValidateContext(keyPair2.getPublic(), signature3Node); XMLSignature validationXmlSignature3 = signatureFactory.unmarshalXMLSignature(domValidateContext3); boolean validity3 = validationXmlSignature3.validate(domValidateContext3); assertTrue(validity3); }
From source file:test.unit.test.be.fedict.eid.applet.model.XmlSignatureServiceBeanTest.java
@Test public void testJsr105ReferenceUri() throws Exception { String uri = FilenameUtils.getName(new File("foo bar.txt").toURI().toURL().getFile()); KeyPair keyPair = generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document); byte[] externalDocument = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(externalDocument); byte[] documentDigestValue = messageDigest.digest(); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference(uri, digestMethod, null, null, null, documentDigestValue);/*from ww w. ja v a 2s .c om*/ SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); xmlSignature.sign(signContext); }
From source file:test.unit.test.be.fedict.eid.applet.model.XmlSignatureServiceBeanTest.java
@Test public void testJsr105Signature() throws Exception { KeyPair keyPair = generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, new KeyUsage(KeyUsage.nonRepudiation)); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); byte[] externalDocument = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(externalDocument); byte[] documentDigestValue = messageDigest.digest(); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("some-uri", digestMethod, null, null, null, documentDigestValue);/*from w w w.j a va2 s . c o m*/ SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory(); X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList(certificate)); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document, "ds", (DOMCryptoContext) signContext); DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo; ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); domSignedInfo.canonicalize(signContext, dataStream); byte[] octets = dataStream.toByteArray(); MessageDigest jcaMessageDigest = MessageDigest.getInstance("SHA1"); byte[] digestValue = jcaMessageDigest.digest(octets); byte[] digestInfoValue = ArrayUtils.addAll(SHA1_DIGEST_INFO_PREFIX, digestValue); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] signatureValue = cipher.doFinal(digestInfoValue); NodeList signatureValueNodeList = document.getElementsByTagNameNS(javax.xml.crypto.dsig.XMLSignature.XMLNS, "SignatureValue"); assertEquals(1, signatureValueNodeList.getLength()); Element signatureValueElement = (Element) signatureValueNodeList.item(0); signatureValueElement.setTextContent(Base64.encode(signatureValue)); Source source = new DOMSource(document); StringWriter stringWriter = new StringWriter(); Result result = new StreamResult(stringWriter); Transformer xformer = TransformerFactory.newInstance().newTransformer(); xformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); xformer.transform(source, result); String signedDocumentStr = stringWriter.getBuffer().toString(); LOG.debug("signed document: " + signedDocumentStr); File tmpFile = File.createTempFile("xml-signature-", ".xml"); FileUtils.writeStringToFile(tmpFile, signedDocumentStr); StringReader stringReader = new StringReader(signedDocumentStr); InputSource inputSource = new InputSource(stringReader); Document signedDocument = documentBuilder.parse(inputSource); Element signatureElement = (Element) XPathAPI.selectSingleNode(signedDocument, "ds:Signature"); assertNotNull(signatureElement); XMLSignature apacheXmlSignature = new XMLSignature(signatureElement, null); ResourceTestResolver resourceResolver = new ResourceTestResolver(); resourceResolver.addResource("some-uri", "hello world".getBytes()); apacheXmlSignature.addResourceResolver(resourceResolver); boolean signatureResult = apacheXmlSignature.checkSignatureValue(keyPair.getPublic()); assertTrue(signatureResult); LOG.debug("file: " + tmpFile.getAbsolutePath()); }