Example usage for javax.xml.crypto.dsig XMLSignatureFactory unmarshalXMLSignature

Introduction

In this page you can find the example usage for javax.xml.crypto.dsig XMLSignatureFactory unmarshalXMLSignature.

Prototype

public abstract XMLSignature unmarshalXMLSignature(XMLStructure xmlStructure) throws MarshalException;

Source Link

Document

Unmarshals a new XMLSignature instance from a mechanism-specific XMLStructure instance.

Usage

From source file:org.gluu.saml.Response.java

public boolean isValid() throws Exception {
    NodeList nodes = xmlDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");

    if (nodes == null || nodes.getLength() == 0) {
        throw new Exception("Can't find signature in document.");
    }//from  w w  w . j a v a  2s.c om

    if (setIdAttributeExists()) {
        tagIdAttributes(xmlDoc);
    }

    X509Certificate cert = samlSettings.getCertificate();
    DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey(), nodes.item(0));
    XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM");
    XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx);

    return xmlSignature.validate(ctx);
}

---

From source file:org.openehealth.coms.cc.web_frontend.consentcreator.service.DocumentFactory.java

/**
 * Checks whether or not the given Document contains a valid XML Signature
 * and if it has the exact same content as the original.
 * /*from w ww  .ja v  a  2  s. c  o m*/
 * @param cdaFile
 * @param originalCDA
 * @return
 */
public boolean isXMLSignatureValid(Document cdaFile, Document originalCDA) {

    boolean coreValidity = false;

    try {

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        DocumentBuilder db = dbf.newDocumentBuilder();

        Document checkCDA = db.newDocument();

        Node copy = checkCDA.importNode(cdaFile.getDocumentElement(), true);
        checkCDA.appendChild(copy);

        if (!isCDAoriginal(checkCDA, originalCDA)) {
            return false;
        }

        // Find Signature element
        NodeList nl = cdaFile.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
        if (nl.getLength() == 0) {
            return false;
        }

        // Create a DOM XMLSignatureFactory that will be used to unmarshal
        // the
        // document containing the XMLSignature
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        // Create a DOMValidateContext and specify a KeyValue KeySelector
        // and document context
        DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(), nl.item(0));

        // unmarshal the XMLSignature
        XMLSignature signature = fac.unmarshalXMLSignature(valContext);

        // Validate the XMLSignature (generated above)
        coreValidity = signature.validate(valContext);

        // Check core validation status
        if (coreValidity) {
            return true;
        }
    } catch (Exception e) {
        Logger.getLogger(this.getClass()).error(e);
    }
    return coreValidity;
}

---

From source file:org.roda.common.certification.ODFSignatureUtils.java

private static void verifyCertificates(Path input, Node signatureNode)
        throws MarshalException, XMLSignatureException, NoSuchAlgorithmException, CertificateException,
        FileNotFoundException, IOException, KeyStoreException {

    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");
    DOMValidateContext domValidateContext = new DOMValidateContext(new KeyInfoKeySelector(), signatureNode);
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    xmlSignature.getSignatureValue().validate(domValidateContext);
    // xmlSignature.validate(domValidateContext);

    KeyInfo keyInfo = xmlSignature.getKeyInfo();
    Iterator<?> it = keyInfo.getContent().iterator();
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    List<CRL> crls = new ArrayList<CRL>();

    while (it.hasNext()) {
        XMLStructure content = (XMLStructure) it.next();
        if (content instanceof X509Data) {
            X509Data certdata = (X509Data) content;
            Object[] entries = certdata.getContent().toArray();
            for (int i = 0; i < entries.length; i++) {
                if (entries[i] instanceof X509CRL) {
                    X509CRL crl = (X509CRL) entries[i];
                    crls.add(crl);//from w w  w  . j ava  2 s  .  c om
                }
                if (entries[i] instanceof X509Certificate) {
                    X509Certificate cert = (X509Certificate) entries[i];
                    cert.checkValidity();
                    certs.add(cert);
                }
            }
        }
    }

    for (CRL c : crls) {
        for (X509Certificate cert : certs) {
            if (c.isRevoked(cert))
                throw new CertificateRevokedException(null, null, null, null);
        }
    }
}

---

From source file:org.roda.core.plugins.plugins.characterization.ODFSignatureUtils.java

private static void verifyCertificates(Node signatureNode) throws MarshalException, XMLSignatureException,
        NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {

    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");
    DOMValidateContext domValidateContext = new DOMValidateContext(new KeyInfoKeySelector(), signatureNode);
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    xmlSignature.getSignatureValue().validate(domValidateContext);
    // xmlSignature.validate(domValidateContext);

    KeyInfo keyInfo = xmlSignature.getKeyInfo();
    Iterator<?> it = keyInfo.getContent().iterator();
    List<X509Certificate> certs = new ArrayList<>();
    List<CRL> crls = new ArrayList<>();

    while (it.hasNext()) {
        XMLStructure content = (XMLStructure) it.next();
        if (content instanceof X509Data) {
            X509Data certdata = (X509Data) content;
            Object[] entries = certdata.getContent().toArray();
            for (int i = 0; i < entries.length; i++) {
                if (entries[i] instanceof X509CRL) {
                    X509CRL crl = (X509CRL) entries[i];
                    crls.add(crl);/*  w  w  w . j a  v  a  2 s  .  c  o m*/
                }

                if (entries[i] instanceof X509Certificate) {
                    X509Certificate cert = (X509Certificate) entries[i];
                    cert.checkValidity();
                    certs.add(cert);
                }
            }
        }
    }

    for (CRL c : crls) {
        for (X509Certificate cert : certs) {
            if (c.isRevoked(cert))
                throw new CertificateRevokedException(null, null, null, null);
        }
    }
}

---

From source file:org.warlock.itk.distributionenvelope.Payload.java

/**
 * Carries out the cryptographic part of signature verification on a parsed
 * "Signature" element./*from   w  ww  .ja  v  a  2s.co  m*/
 * @param signature
 * @throws Exception 
 */
private void verifySignature(Element signature) throws Exception {
    X509Certificate x509 = getCertificate(signature);
    SimpleKeySelector sks = new SimpleKeySelector();
    sks.setFixedKey(x509.getPublicKey());
    DOMStructure sig = new DOMStructure(signature);
    XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM");
    DOMValidateContext dvc = new DOMValidateContext(sks, signature);
    dvc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
    XMLSignature xmlsig = xsf.unmarshalXMLSignature(sig);
    boolean isvalid = xmlsig.validate(dvc);
    if (!isvalid) {
        throw new Exception("Signature invalid");
    }
}

---

From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractODFSignatureServiceTest.java

/**
 * Verification via the default JSR105 implementation triggers some
 * canonicalization errors.//from  ww  w .j  a v a 2s .co  m
 * 
 * @param odfUrl
 * @param signatureNode
 * @throws MarshalException
 * @throws XMLSignatureException
 */
private boolean verifySignature(URL odfUrl, Node signatureNode) throws MarshalException, XMLSignatureException {
    DOMValidateContext domValidateContext = new DOMValidateContext(new KeyInfoKeySelector(), signatureNode);
    ODFURIDereferencer dereferencer = new ODFURIDereferencer(odfUrl);
    domValidateContext.setURIDereferencer(dereferencer);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
    LOG.debug("java version: " + System.getProperty("java.version"));
    /*
     * Requires Java 6u10 because of a bug. See also:
     * http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6696582
     */
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validity = xmlSignature.validate(domValidateContext);
    return validity;
}

---

From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java

@Test
public void testSignEnvelopingDocument() throws Exception {
    // setup/*from   w  w w . ja va 2s .c o  m*/
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    Document document = documentBuilder.newDocument();
    Element rootElement = document.createElementNS("urn:test", "tns:root");
    rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test");
    document.appendChild(rootElement);
    Element dataElement = document.createElementNS("urn:test", "tns:data");
    dataElement.setAttributeNS(null, "Id", "id-1234");
    dataElement.setIdAttribute("Id", true);
    dataElement.setTextContent("data to be signed");
    rootElement.appendChild(dataElement);

    SignatureTestFacet signatureFacet = new SignatureTestFacet();
    signatureFacet.addReferenceUri("#id-1234");
    XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet);
    testedInstance.setEnvelopingDocument(document);
    testedInstance.setSignatureDescription("test-signature-description");

    // operate
    DigestInfo digestInfo = testedInstance.preSign(null, null);

    // verify
    assertNotNull(digestInfo);
    LOG.debug("digest info description: " + digestInfo.description);
    assertEquals("test-signature-description", digestInfo.description);
    assertNotNull(digestInfo.digestValue);
    LOG.debug("digest algo: " + digestInfo.digestAlgo);
    assertEquals("SHA-1", digestInfo.digestAlgo);

    TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance
            .getTemporaryDataStorage();
    assertNotNull(temporaryDataStorage);
    InputStream tempInputStream = temporaryDataStorage.getTempInputStream();
    assertNotNull(tempInputStream);
    Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream);

    LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument));
    Element nsElement = tmpDocument.createElement("ns");
    nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
    Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement);
    assertNotNull(digestValueNode);
    String digestValueTextContent = digestValueNode.getTextContent();
    LOG.debug("digest value text content: " + digestValueTextContent);
    assertFalse(digestValueTextContent.isEmpty());

    /*
     * Sign the received XML signature digest value.
     */
    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
    byte[] signatureValue = cipher.doFinal(digestInfoValue);

    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusYears(1);
    X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore,
            notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation));

    /*
     * Operate: postSign
     */
    testedInstance.postSign(signatureValue, Collections.singletonList(certificate));

    byte[] signedDocumentData = testedInstance.getSignedDocumentData();
    assertNotNull(signedDocumentData);
    Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData));
    LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument));

    NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    assertEquals(1, signatureNodeList.getLength());
    Node signatureNode = signatureNodeList.item(0);

    DOMValidateContext domValidateContext = new DOMValidateContext(
            KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode);
    domValidateContext.setIdAttributeNS((Element) signedDocument.getDocumentElement().getFirstChild(), null,
            "Id");
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validity = xmlSignature.validate(domValidateContext);
    assertTrue(validity);
}

---

From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java

@Test
public void testSignExternalUri() throws Exception {
    // setup/*from w w  w .  ja  v a 2  s.c o  m*/
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    Document document = documentBuilder.newDocument();

    SignatureTestFacet signatureFacet = new SignatureTestFacet();
    signatureFacet.addReferenceUri("external-uri");
    XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet);
    testedInstance.setEnvelopingDocument(document);
    testedInstance.setSignatureDescription("test-signature-description");
    UriTestDereferencer uriDereferencer = new UriTestDereferencer();
    uriDereferencer.addResource("external-uri", "hello world".getBytes());
    testedInstance.setUriDereferencer(uriDereferencer);

    // operate
    DigestInfo digestInfo = testedInstance.preSign(null, null);

    // verify
    assertNotNull(digestInfo);
    LOG.debug("digest info description: " + digestInfo.description);
    assertEquals("test-signature-description", digestInfo.description);
    assertNotNull(digestInfo.digestValue);
    LOG.debug("digest algo: " + digestInfo.digestAlgo);
    assertEquals("SHA-1", digestInfo.digestAlgo);

    TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance
            .getTemporaryDataStorage();
    assertNotNull(temporaryDataStorage);
    InputStream tempInputStream = temporaryDataStorage.getTempInputStream();
    assertNotNull(tempInputStream);
    Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream);

    LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument));
    Element nsElement = tmpDocument.createElement("ns");
    nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
    Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement);
    assertNotNull(digestValueNode);
    String digestValueTextContent = digestValueNode.getTextContent();
    LOG.debug("digest value text content: " + digestValueTextContent);
    assertFalse(digestValueTextContent.isEmpty());

    /*
     * Sign the received XML signature digest value.
     */
    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
    byte[] signatureValue = cipher.doFinal(digestInfoValue);

    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusYears(1);
    X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore,
            notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation));

    /*
     * Operate: postSign
     */
    testedInstance.postSign(signatureValue, Collections.singletonList(certificate));

    byte[] signedDocumentData = testedInstance.getSignedDocumentData();
    assertNotNull(signedDocumentData);
    Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData));
    LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument));

    NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    assertEquals(1, signatureNodeList.getLength());
    Node signatureNode = signatureNodeList.item(0);

    DOMValidateContext domValidateContext = new DOMValidateContext(
            KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode);
    domValidateContext.setURIDereferencer(uriDereferencer);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validity = xmlSignature.validate(domValidateContext);
    assertTrue(validity);
}

---

From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java

@Test
public void testSignEnvelopingDocumentWithExternalDigestInfo() throws Exception {
    // setup/*ww w  .j a  v  a  2  s.c  o  m*/
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    Document document = documentBuilder.newDocument();
    Element rootElement = document.createElementNS("urn:test", "tns:root");
    rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test");
    document.appendChild(rootElement);

    XmlSignatureTestService testedInstance = new XmlSignatureTestService();
    testedInstance.setEnvelopingDocument(document);
    testedInstance.setSignatureDescription("test-signature-description");

    byte[] refData = "hello world".getBytes();
    MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
    messageDigest.update(refData);
    byte[] digestValue = messageDigest.digest();
    DigestInfo refDigestInfo = new DigestInfo(digestValue, "SHA-1", "urn:test:ref");

    // operate
    DigestInfo digestInfo = testedInstance.preSign(Collections.singletonList(refDigestInfo), null);

    // verify
    assertNotNull(digestInfo);
    LOG.debug("digest info description: " + digestInfo.description);
    assertEquals("test-signature-description", digestInfo.description);
    assertNotNull(digestInfo.digestValue);
    LOG.debug("digest algo: " + digestInfo.digestAlgo);
    assertEquals("SHA-1", digestInfo.digestAlgo);

    TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance
            .getTemporaryDataStorage();
    assertNotNull(temporaryDataStorage);
    InputStream tempInputStream = temporaryDataStorage.getTempInputStream();
    assertNotNull(tempInputStream);
    Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream);

    LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument));
    Element nsElement = tmpDocument.createElement("ns");
    nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
    Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement);
    assertNotNull(digestValueNode);
    String digestValueTextContent = digestValueNode.getTextContent();
    LOG.debug("digest value text content: " + digestValueTextContent);
    assertFalse(digestValueTextContent.isEmpty());

    /*
     * Sign the received XML signature digest value.
     */
    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
    byte[] signatureValue = cipher.doFinal(digestInfoValue);

    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusYears(1);
    X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore,
            notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation));

    /*
     * Operate: postSign
     */
    testedInstance.postSign(signatureValue, Collections.singletonList(certificate));

    byte[] signedDocumentData = testedInstance.getSignedDocumentData();
    assertNotNull(signedDocumentData);
    Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData));
    LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument));

    NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    assertEquals(1, signatureNodeList.getLength());
    Node signatureNode = signatureNodeList.item(0);

    DOMValidateContext domValidateContext = new DOMValidateContext(
            KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode);
    URIDereferencer dereferencer = new URITest2Dereferencer();
    domValidateContext.setURIDereferencer(dereferencer);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validity = xmlSignature.validate(domValidateContext);
    assertTrue(validity);
}

---

From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java

@Test
public void testSignExternalDigestInfo() throws Exception {
    // setup/* ww w.java 2s. c  o m*/
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    Document document = documentBuilder.newDocument();

    XmlSignatureTestService testedInstance = new XmlSignatureTestService();
    testedInstance.setEnvelopingDocument(document);
    testedInstance.setSignatureDescription("test-signature-description");

    byte[] refData = "hello world".getBytes();
    MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
    messageDigest.update(refData);
    byte[] digestValue = messageDigest.digest();
    DigestInfo refDigestInfo = new DigestInfo(digestValue, "SHA-1", "urn:test:ref");

    // operate
    DigestInfo digestInfo = testedInstance.preSign(Collections.singletonList(refDigestInfo), null);

    // verify
    assertNotNull(digestInfo);
    LOG.debug("digest info description: " + digestInfo.description);
    assertEquals("test-signature-description", digestInfo.description);
    assertNotNull(digestInfo.digestValue);
    LOG.debug("digest algo: " + digestInfo.digestAlgo);
    assertEquals("SHA-1", digestInfo.digestAlgo);

    TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance
            .getTemporaryDataStorage();
    assertNotNull(temporaryDataStorage);
    InputStream tempInputStream = temporaryDataStorage.getTempInputStream();
    assertNotNull(tempInputStream);
    Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream);

    LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument));
    Element nsElement = tmpDocument.createElement("ns");
    nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
    Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement);
    assertNotNull(digestValueNode);
    String digestValueTextContent = digestValueNode.getTextContent();
    LOG.debug("digest value text content: " + digestValueTextContent);
    assertFalse(digestValueTextContent.isEmpty());

    /*
     * Sign the received XML signature digest value.
     */
    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
    byte[] signatureValue = cipher.doFinal(digestInfoValue);

    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusYears(1);
    X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore,
            notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation));

    /*
     * Operate: postSign
     */
    testedInstance.postSign(signatureValue, Collections.singletonList(certificate));

    byte[] signedDocumentData = testedInstance.getSignedDocumentData();
    assertNotNull(signedDocumentData);
    Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData));
    LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument));

    NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    assertEquals(1, signatureNodeList.getLength());
    Node signatureNode = signatureNodeList.item(0);

    DOMValidateContext domValidateContext = new DOMValidateContext(
            KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode);
    URIDereferencer dereferencer = new URITest2Dereferencer();
    domValidateContext.setURIDereferencer(dereferencer);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
    XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
    boolean validity = xmlSignature.validate(domValidateContext);
    assertTrue(validity);
}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• »