Java Code Examples for javax.xml.crypto.dsig.XMLSignature

The following examples show how to use javax.xml.crypto.dsig.XMLSignature. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: org.hl7.fhir.core   Source File: DigitalSignatures.java    License: Apache License 2.0 7 votes vote down vote up
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException {
  // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
  //
  byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
  // load the document that's going to be signed
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
  dbf.setNamespaceAware(true);
  DocumentBuilder builder = dbf.newDocumentBuilder();  
  Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 
  
  // create a key pair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair(); 
  
  // sign the document
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
 
  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
  
  KeyInfoFactory kif = fac.getKeyInfoFactory(); 
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature signature = fac.newXMLSignature(si, ki); 
  signature.sign(dsc);
  
  OutputStream os = System.out;
  new XmlGenerator().generate(doc.getDocumentElement(), os);
}
 
Example 2
Source Project: org.hl7.fhir.core   Source File: DigitalSignatures.java    License: Apache License 2.0 7 votes vote down vote up
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException {
  // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
  //
  byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
  // load the document that's going to be signed
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
  dbf.setNamespaceAware(true);
  DocumentBuilder builder = dbf.newDocumentBuilder();  
  Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 
  
  // create a key pair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair(); 
  
  // sign the document
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
 
  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
  
  KeyInfoFactory kif = fac.getKeyInfoFactory(); 
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature signature = fac.newXMLSignature(si, ki); 
  signature.sign(dsc);
  
  OutputStream os = System.out;
  new XmlGenerator().generate(doc.getDocumentElement(), os);
}
 
Example 3
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 4
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 5
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 
Example 6
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 
Example 7
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 
Example 8
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 
Example 9
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 
Example 10
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 11
Source Project: alpha-wallet-android   Source File: XMLDSigVerifier.java    License: MIT License 6 votes vote down vote up
public XMLDsigVerificationResult VerifyXMLDSig(InputStream fileStream)
{
    XMLDsigVerificationResult result = new XMLDsigVerificationResult();
    try
    {
        //Signature will also be validated in this call, if it fails an exception is thrown
        //No point to validate the certificate is this signature is invalid to begin with
        //And TrustAddressGenerator needs to get an XMLSignature too.
        XMLSignature signature = getValidXMLSignature(fileStream);
        result.isValid = true; //would go to catch if this was not the case
        //check that the tsml file is signed by a valid certificate
        return validateCertificateIssuer(signature, result);
    }
    catch(Exception e)
    {
        result.isValid = false;
        result.failureReason = e.getMessage();
        return result;
    }
}
 
Example 12
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 13
Source Project: neoscada   Source File: RequestValidator.java    License: Eclipse Public License 1.0 6 votes vote down vote up
public Result validate ( final Document doc ) throws Exception
{
    final NodeList nl = doc.getElementsByTagNameNS ( XMLSignature.XMLNS, "Signature" ); //$NON-NLS-1$

    if ( nl.getLength () == 0 )
    {
        return new Result ( StatusCodes.VALIDATE_NO_SIGNATURE_DATA, "No signature data found" );
    }

    final DOMValidateContext dvc = new DOMValidateContext ( this.keySelector, nl.item ( 0 ) );

    final XMLSignature signature = this.factory.unmarshalXMLSignature ( dvc );

    try
    {
        final boolean result = signature.validate ( dvc );

        return new Result ( result, signature );
    }
    catch ( final XMLSignatureException e )
    {
        logger.debug ( "Failed to perform validation", e );
        return Result.INVALID;
    }
}
 
Example 14
Source Project: neoscada   Source File: SignatureRequestBuilder.java    License: Eclipse Public License 1.0 6 votes vote down vote up
public void compare ( final Document sourceDoc, final Document signedDoc ) throws Exception
{
    final Document d1 = cloneDoc ( sourceDoc );
    final Document d2 = cloneDoc ( signedDoc );

    final NodeList nl = d2.getElementsByTagNameNS ( XMLSignature.XMLNS, "Signature" );

    while ( nl.getLength () > 0 )
    {
        final Node item = nl.item ( 0 );
        item.getParentNode ().removeChild ( item );
    }

    d1.normalizeDocument ();
    d2.normalizeDocument ();

    final Element root1 = d1.getDocumentElement ();
    final Element root2 = d2.getDocumentElement ();

    compareNode ( root1, root2 );
}
 
Example 15
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 16
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 17
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 18
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 19
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 20
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 21
Source Project: nomulus   Source File: TmchXmlSignature.java    License: Apache License 2.0 6 votes vote down vote up
private static String explainValidationProblem(
    DOMValidateContext context, XMLSignature signature)
        throws XMLSignatureException {
  @SuppressWarnings("unchecked")  // Safe by specification.
  List<Reference> references = signature.getSignedInfo().getReferences();
  StringBuilder builder = new StringBuilder();
  builder.append("Signature failed core validation\n");
  boolean sv = signature.getSignatureValue().validate(context);
  builder.append(String.format("Signature validation status: %s\n", sv));
  for (Reference ref : references) {
    builder.append("references[");
    builder.append(ref.getURI());
    builder.append("] validity status: ");
    builder.append(ref.validate(context));
    builder.append("\n");
  }
  return builder.toString();
}
 
Example 22
Source Project: development   Source File: KeySelectorFactoryTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void newKeySelector_keyinfoEmpty() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    response = response.replaceAll(System.lineSeparator(), "").replaceAll(
            "<ds:KeyInfo>.*</ds:KeyInfo>", "<ds:KeyInfo></ds:KeyInfo>");
    Document document = XMLConverter.convertToDocument(response, true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    try {
        factory.newKeySelector(nl.item(0));
        fail();
    } catch (DigitalSignatureValidationException e) {
        assertTrue(e.getMessage().contains(
                "Only RSA/DSA KeyValue and are X509Data supported"));
    }
}
 
Example 23
Source Project: development   Source File: KeySelectorFactoryTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void newKeySelector_keyinfoMissing() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    response = response.replaceAll(System.lineSeparator(), "").replaceAll(
            "<ds:KeyInfo>.*</ds:KeyInfo>", "");
    Document document = XMLConverter.convertToDocument(response, true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    try {
        // when
        factory.newKeySelector(nl.item(0));
        fail();
    } catch (DigitalSignatureValidationException e) {
        // then
        assertTrue(e.getMessage().contains(
                "No KeyInfo element found in SAML assertion"));
    }
}
 
Example 24
Source Project: development   Source File: KeySelectorFactoryTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void newKeySelector_keyValue() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    Document document = XMLConverter.convertToDocument(
            replaceX509WithKeyValueData(response), true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    KeySelector keySelector = factory.newKeySelector(nl.item(0));

    // then
    assertTrue(keySelector instanceof KeyValueKeySelector);
}
 
Example 25
Source Project: development   Source File: KeySelectorFactoryTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void newKeySelector_firstFound() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    Document document = XMLConverter.convertToDocument(
            addKeyValueAfterX509Data(response), true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    KeySelector keySelector = factory.newKeySelector(nl.item(0));

    // then
    assertTrue(keySelector instanceof X509KeySelector);
}
 
Example 26
protected List<XMLStructure> getSignaturePropertyList(Document doc, SigDocType sigDocType) throws Exception {
	List<XMLStructure> list = new ArrayList<XMLStructure>();
	if (isAddSignaturePropTimestamp && sigDocType != SigDocType.BINARY) {
		SimpleDateFormat sdf = new SimpleDateFormat("dd-MMM-yyyy'T'HH:mm:ss.SSS'Z'"); 
		sdf.setTimeZone(TimeZone.getTimeZone(ZoneOffset.UTC));
		Element tselem;
		if (signaturePrefix == null || "".equals(signaturePrefix))
			tselem = doc.createElementNS(XMLSignature.XMLNS, "Timestamp");
		else
			tselem = doc.createElementNS(XMLSignature.XMLNS, signaturePrefix + ":Timestamp");
		tselem.appendChild(doc.createTextNode(sdf.format(new Date())));
		list.add(new DOMStructure(tselem));
		//may add additional properties in future
	}
	return list;
}
 
Example 27
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 28
/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 
Example 29
Source Project: restcommander   Source File: XML.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Check the xmldsig signature of the XML document.
 * @param document the document to test
 * @param publicKey the public key corresponding to the key pair the document was signed with
 * @return true if a correct signature is present, false otherwise
 */
public static boolean validSignature(Document document, Key publicKey) {
    Node signatureNode =  document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").item(0);
    KeySelector keySelector = KeySelector.singletonKeySelector(publicKey);

    try {
        String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());
        DOMValidateContext valContext = new DOMValidateContext(keySelector, signatureNode);

        XMLSignature signature = fac.unmarshalXMLSignature(valContext);
        return signature.validate(valContext);
    } catch (Exception e) {
        Logger.warn("Error validating an XML signature.", e);
        return false;
    }
}
 
Example 30
Source Project: keycloak   Source File: XMLSignatureUtil.java    License: Apache License 2.0 6 votes vote down vote up
private static boolean validateUsingKeySelector(Node signatureNode, KeySelector validationKeySelector) throws XMLSignatureException, MarshalException {
    DOMValidateContext valContext = new DOMValidateContext(validationKeySelector, signatureNode);
    XMLSignature signature = fac.unmarshalXMLSignature(valContext);
    boolean coreValidity = signature.validate(valContext);
    
    if (! coreValidity) {
        if (logger.isTraceEnabled()) {
            boolean sv = signature.getSignatureValue().validate(valContext);
            logger.trace("Signature validation status: " + sv);

            List<Reference> references = signature.getSignedInfo().getReferences();
            for (Reference ref : references) {
                logger.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "]validity status:" + ref.validate(valContext));
            }
        }
    }

    return coreValidity;
}