List of usage examples for javax.xml.crypto.dsig XMLSignContext putNamespacePrefix
String putNamespacePrefix(String namespaceURI, String prefix);
From source file:be.fedict.eid.idp.common.saml2.Saml2Util.java
/** * Sign DOM document//from ww w . j a va 2s .co m * * @param documentElement * document to be signed * @param nextSibling * next sibling in document, dsig is added before this one * @param identity * Identity to sign with * @throws NoSuchAlgorithmException * signing algorithm not found * @throws InvalidAlgorithmParameterException * invalid signing algo param * @throws MarshalException * error marshalling signature * @throws XMLSignatureException * error during signing */ public static void signDocument(Element documentElement, Node nextSibling, KeyStore.PrivateKeyEntry identity) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { // get document ID String documentId = documentElement.getAttribute("ID"); LOG.debug("document ID=" + documentId); // fix for recent versions of Apache xmlsec. documentElement.setIdAttribute("ID", true); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); XMLSignContext signContext = new DOMSignContext(identity.getPrivateKey(), documentElement, nextSibling); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); javax.xml.crypto.dsig.DigestMethod digestMethod = signatureFactory .newDigestMethod(javax.xml.crypto.dsig.DigestMethod.SHA1, null); List<javax.xml.crypto.dsig.Transform> transforms = new LinkedList<javax.xml.crypto.dsig.Transform>(); transforms.add(signatureFactory.newTransform(javax.xml.crypto.dsig.Transform.ENVELOPED, (TransformParameterSpec) null)); javax.xml.crypto.dsig.Transform exclusiveTransform = signatureFactory .newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); transforms.add(exclusiveTransform); Reference reference = signatureFactory.newReference("#" + documentId, digestMethod, transforms, null, null); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); List<Object> keyInfoContent = new LinkedList<Object>(); KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(); List<Object> x509DataObjects = new LinkedList<Object>(); for (X509Certificate certificate : Saml2Util.getCertificateChain(identity)) { x509DataObjects.add(certificate); } javax.xml.crypto.dsig.keyinfo.X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects); keyInfoContent.add(x509Data); javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(signContext); }
From source file:it.cnr.icar.eric.common.security.wss4j.WSS4JSignatureSAML.java
/** * Compute the Signature over the references. * //w w w . j a va 2s. c o m * After references are set this method computes the Signature for them. * This method can be called any time after the references were set. See * <code>addReferencesToSign()</code>. * * @throws WSSecurityException */ public void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList, WSSecHeader secHeader, Element siblingElement) throws WSSecurityException { try { java.security.Key key; if (senderVouches) { key = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPW); } else if (secretKey != null) { key = WSSecurityUtil.prepareSecretKey(sigAlgo, secretKey); } else { key = userCrypto.getPrivateKey(user, password); } SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(sigAlgo, null); SignedInfo signedInfo = signatureFactory.newSignedInfo(c14nMethod, signatureMethod, referenceList); sig = signatureFactory.newXMLSignature(signedInfo, keyInfo, null, getWsConfig().getIdAllocator().createId("SIG-", null), null); org.w3c.dom.Element securityHeaderElement = secHeader.getSecurityHeader(); // // Prepend the signature element to the security header (after the assertion) // XMLSignContext signContext = null; if (siblingElement != null && siblingElement.getNextSibling() != null) { signContext = new DOMSignContext(key, securityHeaderElement, siblingElement.getNextSibling()); } else { signContext = new DOMSignContext(key, securityHeaderElement); } signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX); if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) { signContext.putNamespacePrefix(WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX); } signContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo); wsDocInfo.setCallbackLookup(callbackLookup); // Add the elements to sign to the Signature Context wsDocInfo.setTokensOnContext((DOMSignContext) signContext); if (secRefSaml != null && secRefSaml.getElement() != null) { WSSecurityUtil.storeElementInContext((DOMSignContext) signContext, secRefSaml.getElement()); } if (secRef != null && secRef.getElement() != null) { WSSecurityUtil.storeElementInContext((DOMSignContext) signContext, secRef.getElement()); } sig.sign(signContext); signatureValue = sig.getSignatureValue().getValue(); } catch (Exception ex) { log.error(ex); throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE, null, null, ex); } }
From source file:be.fedict.eid.applet.service.signer.AbstractXmlSignatureService.java
@SuppressWarnings("unchecked") private byte[] getXmlSignatureDigestValue(DigestAlgo digestAlgo, List<DigestInfo> digestInfos, List<X509Certificate> signingCertificateChain) throws ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, javax.xml.crypto.dsig.XMLSignatureException, TransformerFactoryConfigurationError, TransformerException, IOException, SAXException { /*/*from ww w . ja v a 2 s . c o m*/ * DOM Document construction. */ Document document = getEnvelopingDocument(); if (null == document) { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); document = documentBuilder.newDocument(); } /* * Signature context construction. */ Key key = new Key() { private static final long serialVersionUID = 1L; public String getAlgorithm() { return null; } public byte[] getEncoded() { return null; } public String getFormat() { return null; } }; XMLSignContext xmlSignContext = new DOMSignContext(key, document); URIDereferencer uriDereferencer = getURIDereferencer(); if (null != uriDereferencer) { xmlSignContext.setURIDereferencer(uriDereferencer); } if (null != this.signatureNamespacePrefix) { /* * OOo doesn't like ds namespaces so per default prefixing is off. */ xmlSignContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, this.signatureNamespacePrefix); } XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI()); /* * Add ds:References that come from signing client local files. */ List<Reference> references = new LinkedList<Reference>(); addDigestInfosAsReferences(digestInfos, signatureFactory, references); /* * Invoke the signature facets. */ String localSignatureId; if (null == this.signatureId) { localSignatureId = "xmldsig-" + UUID.randomUUID().toString(); } else { localSignatureId = this.signatureId; } List<XMLObject> objects = new LinkedList<XMLObject>(); for (SignatureFacet signatureFacet : this.signatureFacets) { LOG.debug("invoking signature facet: " + signatureFacet.getClass().getSimpleName()); signatureFacet.preSign(signatureFactory, document, localSignatureId, signingCertificateChain, references, objects); } /* * ds:SignedInfo */ SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(digestAlgo), null); CanonicalizationMethod canonicalizationMethod = signatureFactory .newCanonicalizationMethod(getCanonicalizationMethod(), (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); /* * JSR105 ds:Signature creation */ String signatureValueId = localSignatureId + "-signature-value"; javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null, objects, localSignatureId, signatureValueId); /* * ds:Signature Marshalling. */ DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; Node documentNode = document.getDocumentElement(); if (null == documentNode) { /* * In case of an empty DOM document. */ documentNode = document; } domXmlSignature.marshal(documentNode, this.signatureNamespacePrefix, (DOMCryptoContext) xmlSignContext); /* * Completion of undigested ds:References in the ds:Manifests. */ for (XMLObject object : objects) { LOG.debug("object java type: " + object.getClass().getName()); List<XMLStructure> objectContentList = object.getContent(); for (XMLStructure objectContent : objectContentList) { LOG.debug("object content java type: " + objectContent.getClass().getName()); if (false == objectContent instanceof Manifest) { continue; } Manifest manifest = (Manifest) objectContent; List<Reference> manifestReferences = manifest.getReferences(); for (Reference manifestReference : manifestReferences) { if (null != manifestReference.getDigestValue()) { continue; } DOMReference manifestDOMReference = (DOMReference) manifestReference; manifestDOMReference.digest(xmlSignContext); } } } /* * Completion of undigested ds:References. */ List<Reference> signedInfoReferences = signedInfo.getReferences(); for (Reference signedInfoReference : signedInfoReferences) { DOMReference domReference = (DOMReference) signedInfoReference; if (null != domReference.getDigestValue()) { // ds:Reference with external digest value continue; } domReference.digest(xmlSignContext); } /* * Store the intermediate XML signature document. */ TemporaryDataStorage temporaryDataStorage = getTemporaryDataStorage(); OutputStream tempDocumentOutputStream = temporaryDataStorage.getTempOutputStream(); writeDocument(document, tempDocumentOutputStream); temporaryDataStorage.setAttribute(SIGNATURE_ID_ATTRIBUTE, localSignatureId); /* * Calculation of XML signature digest value. */ DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo; ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); domSignedInfo.canonicalize(xmlSignContext, dataStream); byte[] octets = dataStream.toByteArray(); /* * TODO: we could be using DigestOutputStream here to optimize memory * usage. */ MessageDigest jcaMessageDigest = MessageDigest.getInstance(digestAlgo.getAlgoId()); byte[] digestValue = jcaMessageDigest.digest(octets); return digestValue; }
From source file:be.fedict.eid.tsl.TrustServiceList.java
private void xmlSign(PrivateKey privateKey, X509Certificate certificate, String tslId) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {//from w ww .j a va 2 s .c o m XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI()); LOG.debug("xml signature factory: " + signatureFactory.getClass().getName()); LOG.debug("loader: " + signatureFactory.getClass().getClassLoader()); XMLSignContext signContext = new DOMSignContext(privateKey, this.tslDocument.getDocumentElement()); signContext.putNamespacePrefix(XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA256, null); List<Reference> references = new LinkedList<Reference>(); List<Transform> transforms = new LinkedList<Transform>(); transforms.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); transforms.add(exclusiveTransform); Reference reference = signatureFactory.newReference("#" + tslId, digestMethod, transforms, null, null); references.add(reference); String signatureId = "xmldsig-" + UUID.randomUUID().toString(); List<XMLObject> objects = new LinkedList<XMLObject>(); addXadesBes(signatureFactory, this.tslDocument, signatureId, certificate, references, objects); SignatureMethod signatureMethod; if (isJava6u18OrAbove()) { signatureMethod = signatureFactory .newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null); } else { signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); } CanonicalizationMethod canonicalizationMethod = signatureFactory .newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); List<Object> keyInfoContent = new LinkedList<Object>(); KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(); List<Object> x509DataObjects = new LinkedList<Object>(); x509DataObjects.add(certificate); x509DataObjects.add(keyInfoFactory.newX509IssuerSerial(certificate.getIssuerX500Principal().toString(), certificate.getSerialNumber())); X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects); keyInfoContent.add(x509Data); KeyValue keyValue; try { keyValue = keyInfoFactory.newKeyValue(certificate.getPublicKey()); } catch (KeyException e) { throw new RuntimeException("key exception: " + e.getMessage(), e); } keyInfoContent.add(keyValue); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent); String signatureValueId = signatureId + "-signature-value"; XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo, objects, signatureId, signatureValueId); xmlSignature.sign(signContext); }
From source file:it.cnr.icar.eric.common.security.wss4j.WSS4JSignatureBST.java
/** * Compute the Signature over the references. * /*from ww w.j a v a2s . c om*/ * This method can be called any time after the references were set. See * <code>addReferencesToSign()</code>. * * @param referenceList The list of references to sign * @param prepend Whether to prepend the signature element to the security header * @param siblingElement If prepending, then prepend before this sibling Element * * @throws WSSecurityException */ public void computeSignature(List<javax.xml.crypto.dsig.Reference> referenceList, boolean prepend, Element siblingElement) throws WSSecurityException { try { java.security.Key key; if (privateKey == null) key = crypto.getPrivateKey(user, password); else key = privateKey; // if (secretKey == null) { // key = crypto.getPrivateKey(user, password); // } else { // key = WSSecurityUtil.prepareSecretKey(sigAlgo, secretKey); // } SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(sigAlgo, null); SignedInfo signedInfo = signatureFactory.newSignedInfo(c14nMethod, signatureMethod, referenceList); sig = signatureFactory.newXMLSignature(signedInfo, keyInfo, null, getWsConfig().getIdAllocator().createId("SIG-", null), null); // // Figure out where to insert the signature element // XMLSignContext signContext = null; if (prepend) { if (siblingElement == null) { Node child = securityHeader.getFirstChild(); while (child != null && child.getNodeType() != Node.ELEMENT_NODE) { child = child.getNextSibling(); } siblingElement = (Element) child; } if (siblingElement == null) { signContext = new DOMSignContext(key, securityHeader); } else { signContext = new DOMSignContext(key, securityHeader, siblingElement); } } else { signContext = new DOMSignContext(key, securityHeader); } signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX); if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) { signContext.putNamespacePrefix(WSConstants.C14N_EXCL_OMIT_COMMENTS, WSConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX); } signContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo); wsDocInfo.setCallbackLookup(callbackLookup); // Add the elements to sign to the Signature Context wsDocInfo.setTokensOnContext((DOMSignContext) signContext); if (secRef != null && secRef.getElement() != null) { WSSecurityUtil.storeElementInContext((DOMSignContext) signContext, secRef.getElement()); } sig.sign(signContext); signatureValue = sig.getSignatureValue().getValue(); } catch (Exception ex) { log.error(ex); throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE, null, null, ex); } }
From source file:test.be.fedict.eid.applet.model.XmlSignatureServiceBean.java
private byte[] getXmlSignatureDigestValue(String digestAlgo, List<DigestInfo> digestInfos, HttpSession httpSession) throws ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, javax.xml.crypto.dsig.XMLSignatureException, TransformerFactoryConfigurationError, TransformerException, MalformedURLException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); Key key = new Key() { private static final long serialVersionUID = 1L; public String getAlgorithm() { return null; }//from w w w. j a va 2 s. c o m public byte[] getEncoded() { return null; } public String getFormat() { return null; } }; XMLSignContext signContext = new DOMSignContext(key, document); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); List<Reference> references = new LinkedList<Reference>(); for (DigestInfo digestInfo : digestInfos) { byte[] documentDigestValue = digestInfo.digestValue; DigestMethod digestMethod = signatureFactory.newDigestMethod(getXmlDigestAlgo(digestInfo.digestAlgo), null); String uri = FilenameUtils.getName(new File(digestInfo.description).toURI().toURL().getFile()); Reference reference = signatureFactory.newReference(uri, digestMethod, null, null, null, documentDigestValue); references.add(reference); } SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(digestAlgo), null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document, "ds", (DOMCryptoContext) signContext); Source source = new DOMSource(document); StringWriter stringWriter = new StringWriter(); Result result = new StreamResult(stringWriter); Transformer xformer = TransformerFactory.newInstance().newTransformer(); xformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); xformer.transform(source, result); String documentStr = stringWriter.getBuffer().toString(); httpSession.setAttribute("xmlDocument", documentStr); DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo; ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); domSignedInfo.canonicalize(signContext, dataStream); byte[] octets = dataStream.toByteArray(); MessageDigest jcaMessageDigest = MessageDigest.getInstance(digestAlgo); byte[] digestValue = jcaMessageDigest.digest(octets); return digestValue; }
From source file:test.be.fedict.eid.dss.DigitalSignatureServiceTest.java
private void signDocument(Document document) throws IOException, PKCS11Exception, InterruptedException, NoSuchFieldException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, CardException { Messages messages = new Messages(Locale.getDefault()); PcscEid pcscEid = new PcscEid(new TestView(), messages); if (false == pcscEid.isEidPresent()) { LOG.debug("insert eID..."); pcscEid.waitForEidPresent();//from w w w. j a v a2 s . c o m } // PrivateKeyEntry privateKeyEntry = pcscEid.getPrivateKeyEntry(); PrivateKeyEntry privateKeyEntry = null; // TODO: refactor once Commons eID has been released. XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); XMLSignContext signContext = new DOMSignContext(privateKeyEntry.getPrivateKey(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("#id", digestMethod); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(); List<Object> x509DataObjects = new LinkedList<Object>(); X509Certificate signingCertificate = (X509Certificate) privateKeyEntry.getCertificate(); x509DataObjects.add(signingCertificate); X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects); List<Object> keyInfoContent = new LinkedList<Object>(); keyInfoContent.add(x509Data); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(signContext); pcscEid.close(); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105Signature() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);/* ww w . j av a 2s. c o m*/ Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setIdAttribute("Id", true); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference("#id-1234", digestMethod); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105SignatureExternalXML() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);/*from w w w .j av a2 s. c o m*/ Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.setURIDereferencer(new MyURIDereferencer()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); List<Transform> transforms = new LinkedList<Transform>(); Transform transform = signatureFactory.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); transforms.add(transform); Reference reference = signatureFactory.newReference("/helloworld.xml", digestMethod, transforms, null, null); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testJsr105SignatureExternalXMLWithDTD() throws Exception { KeyPair keyPair = PkiTestUtils.generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement);/*from www .ja va 2s . c o m*/ Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.setURIDereferencer(new MyURIDereferencer()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); List<Transform> transforms = new LinkedList<Transform>(); Transform transform = signatureFactory.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); LOG.debug("transform type: " + transform.getClass().getName()); transforms.add(transform); Reference reference = signatureFactory.newReference("/bookstore.xml", digestMethod, transforms, null, null); DOMReference domReference = (DOMReference) reference; assertNull(domReference.getCalculatedDigestValue()); assertNull(domReference.getDigestValue()); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); DOMXMLSignature domXmlSignature = (DOMXMLSignature) xmlSignature; domXmlSignature.marshal(document.getDocumentElement(), "ds", (DOMCryptoContext) signContext); domReference.digest(signContext); // xmlSignature.sign(signContext); // LOG.debug("signed document: " + toString(document)); Element nsElement = document.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(document, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); }