Java Code Examples for org.apache.xml.security.signature.XMLSignature#checkSignatureValue()

The following examples show how to use org.apache.xml.security.signature.XMLSignature#checkSignatureValue() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: XmlSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
   try {
      String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
      XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
      Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
      xmlSignature.setFollowNestedManifests(followNestedManifest);
      xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
      KeyInfo keyInfo = xmlSignature.getKeyInfo();
      keyInfo.setSecureValidation(false);
      Extractor extractor = new X509DataExctractor();
      result.getCertChain().addAll(extractor.extract(keyInfo));
      X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
      result.setSigningCert(signingCert);
      if (!xmlSignature.checkSignatureValue(signingCert)) {
         result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
      }
   } catch (Exception var11) {
      LOG.error("Unable to verify XmlDsig Signature", var11);
      result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
   }

}
 
Example 2
Source File: XmlSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
   try {
      String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
      XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
      Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
      xmlSignature.setFollowNestedManifests(followNestedManifest);
      xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
      KeyInfo keyInfo = xmlSignature.getKeyInfo();
      keyInfo.setSecureValidation(false);
      Extractor extractor = new X509DataExctractor();
      result.getCertChain().addAll(extractor.extract(keyInfo));
      X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
      result.setSigningCert(signingCert);
      if (!xmlSignature.checkSignatureValue(signingCert)) {
         result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
      }
   } catch (Exception var11) {
      LOG.error("Unable to verify XmlDsig Signature", var11);
      result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
   }

}
 
Example 3
Source File: XmlSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
   try {
      String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
      XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
      Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
      xmlSignature.setFollowNestedManifests(followNestedManifest);
      xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
      KeyInfo keyInfo = xmlSignature.getKeyInfo();
      keyInfo.setSecureValidation(false);
      Extractor extractor = new X509DataExctractor();
      result.getCertChain().addAll(extractor.extract(keyInfo));
      X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
      result.setSigningCert(signingCert);
      if (!xmlSignature.checkSignatureValue(signingCert)) {
         result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
      }
   } catch (Exception var11) {
      LOG.error("Unable to verify XmlDsig Signature", var11);
      result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
   }

}
 
Example 4
Source File: XmlSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
   try {
      String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
      XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
      Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
      xmlSignature.setFollowNestedManifests(followNestedManifest.booleanValue());
      xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
      KeyInfo keyInfo = xmlSignature.getKeyInfo();
      keyInfo.setSecureValidation(false);
      Extractor extractor = new X509DataExctractor();
      result.getCertChain().addAll(extractor.extract(keyInfo));
      X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
      result.setSigningCert(signingCert);
      if (!xmlSignature.checkSignatureValue(signingCert)) {
         result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
      }
   } catch (Exception var11) {
      LOG.error("Unable to verify XmlDsig Signature", var11);
      result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
   }

}
 
Example 5
Source File: XmlSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
private void verifyXmlDsigSignature(SignatureVerificationResult result, Element sigElement, Document signedContent, Map<String, Object> options) {
   try {
      String uri = IdGeneratorFactory.getIdGenerator("uuid").generateId();
      XMLSignature xmlSignature = new XMLSignature(sigElement, uri);
      Boolean followNestedManifest = (Boolean)SignatureUtils.getOption("followNestedManifest", options, Boolean.FALSE);
      xmlSignature.setFollowNestedManifests(followNestedManifest);
      xmlSignature.addResourceResolver(new DocumentResolver(signedContent));
      KeyInfo keyInfo = xmlSignature.getKeyInfo();
      keyInfo.setSecureValidation(false);
      Extractor extractor = new X509DataExctractor();
      result.getCertChain().addAll(extractor.extract(keyInfo));
      X509Certificate signingCert = this.extractEndCertificate(result.getCertChain());
      result.setSigningCert(signingCert);
      if (!xmlSignature.checkSignatureValue(signingCert)) {
         result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
      }
   } catch (Exception var11) {
      LOG.error("Unable to verify XmlDsig Signature", var11);
      result.getErrors().add(SignatureVerificationError.SIGNATURE_COULD_NOT_BE_VERIFIED);
   }

}
 
Example 6
Source File: SignatureValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public void validate(Signature signature) throws ValidationException {
    log.debug("Attempting to validate signature using key from supplied credential");

    XMLSignature xmlSig = buildSignature(signature);

    Key validationKey = SecurityHelper.extractVerificationKey(validationCredential);
    if (validationKey == null) {
        log.debug("Supplied credential contained no key suitable for signature validation");
        throw new ValidationException("No key available to validate signature");
    }
    
    log.debug("Validating signature with signature algorithm URI: {}", signature.getSignatureAlgorithm());
    log.debug("Validation credential key algorithm '{}', key instance class '{}'", 
            validationKey.getAlgorithm(), validationKey.getClass().getName());

    try {
        if (xmlSig.checkSignatureValue(validationKey)) {
            log.debug("Signature validated with key from supplied credential");
            return;
        }
    } catch (XMLSignatureException e) {
        throw new ValidationException("Unable to evaluate key against signature", e);
    }

    log.debug("Signature did not validate against the credential's key");

    throw new ValidationException("Signature did not validate against the credential's key");
}