javax.xml.crypto.dsig.XMLSignature Java Examples

public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException {
  // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
  //
  byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
  // load the document that's going to be signed
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
  dbf.setNamespaceAware(true);
  DocumentBuilder builder = dbf.newDocumentBuilder();  
  Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 
  
  // create a key pair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair(); 
  
  // sign the document
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
 
  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
  
  KeyInfoFactory kif = fac.getKeyInfoFactory(); 
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature signature = fac.newXMLSignature(si, ki); 
  signature.sign(dsc);
  
  OutputStream os = System.out;
  new XmlGenerator().generate(doc.getDocumentElement(), os);
}
 

public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException {
  // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
  //
  byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
  // load the document that's going to be signed
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
  dbf.setNamespaceAware(true);
  DocumentBuilder builder = dbf.newDocumentBuilder();  
  Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 
  
  // create a key pair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair(); 
  
  // sign the document
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
 
  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
  
  KeyInfoFactory kif = fac.getKeyInfoFactory(); 
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature signature = fac.newXMLSignature(si, ki); 
  signature.sign(dsc);
  
  OutputStream os = System.out;
  new XmlGenerator().generate(doc.getDocumentElement(), os);
}
 

@Test
public void newKeySelector_keyinfoEmpty() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    response = response.replaceAll(System.lineSeparator(), "").replaceAll(
            "<ds:KeyInfo>.*</ds:KeyInfo>", "<ds:KeyInfo></ds:KeyInfo>");
    Document document = XMLConverter.convertToDocument(response, true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    try {
        factory.newKeySelector(nl.item(0));
        fail();
    } catch (DigitalSignatureValidationException e) {
        assertTrue(e.getMessage().contains(
                "Only RSA/DSA KeyValue and are X509Data supported"));
    }
}
 

private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 

private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

public XMLDsigVerificationResult VerifyXMLDSig(InputStream fileStream)
{
    XMLDsigVerificationResult result = new XMLDsigVerificationResult();
    try
    {
        //Signature will also be validated in this call, if it fails an exception is thrown
        //No point to validate the certificate is this signature is invalid to begin with
        //And TrustAddressGenerator needs to get an XMLSignature too.
        XMLSignature signature = getValidXMLSignature(fileStream);
        result.isValid = true; //would go to catch if this was not the case
        //check that the tsml file is signed by a valid certificate
        return validateCertificateIssuer(signature, result);
    }
    catch(Exception e)
    {
        result.isValid = false;
        result.failureReason = e.getMessage();
        return result;
    }
}
 

private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 

private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

@Test
public void newKeySelector_firstFound() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    Document document = XMLConverter.convertToDocument(
            addKeyValueAfterX509Data(response), true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    KeySelector keySelector = factory.newKeySelector(nl.item(0));

    // then
    assertTrue(keySelector instanceof X509KeySelector);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

private static boolean validateUsingKeySelector(Node signatureNode, KeySelector validationKeySelector) throws XMLSignatureException, MarshalException {
    DOMValidateContext valContext = new DOMValidateContext(validationKeySelector, signatureNode);
    XMLSignature signature = fac.unmarshalXMLSignature(valContext);
    boolean coreValidity = signature.validate(valContext);
    
    if (! coreValidity) {
        if (logger.isTraceEnabled()) {
            boolean sv = signature.getSignatureValue().validate(valContext);
            logger.trace("Signature validation status: " + sv);

            List<Reference> references = signature.getSignedInfo().getReferences();
            for (Reference ref : references) {
                logger.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "]validity status:" + ref.validate(valContext));
            }
        }
    }

    return coreValidity;
}
 

protected List<XMLStructure> getSignaturePropertyList(Document doc, SigDocType sigDocType) throws Exception {
	List<XMLStructure> list = new ArrayList<XMLStructure>();
	if (isAddSignaturePropTimestamp && sigDocType != SigDocType.BINARY) {
		SimpleDateFormat sdf = new SimpleDateFormat("dd-MMM-yyyy'T'HH:mm:ss.SSS'Z'"); 
		sdf.setTimeZone(TimeZone.getTimeZone(ZoneOffset.UTC));
		Element tselem;
		if (signaturePrefix == null || "".equals(signaturePrefix))
			tselem = doc.createElementNS(XMLSignature.XMLNS, "Timestamp");
		else
			tselem = doc.createElementNS(XMLSignature.XMLNS, signaturePrefix + ":Timestamp");
		tselem.appendChild(doc.createTextNode(sdf.format(new Date())));
		list.add(new DOMStructure(tselem));
		//may add additional properties in future
	}
	return list;
}
 

private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
   DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
   String requestId = requestElement.getAttribute("RequestID");
   requestElement.setIdAttribute("RequestID", true);
   List<Transform> transforms = new LinkedList();
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
   transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
   Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
   CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
   SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
   SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
   KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
   KeyInfo keyInfo = null;
   if (keyInfoValue instanceof PublicKey) {
      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
   } else {
      if (!(keyInfoValue instanceof X509Certificate)) {
         throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
      }

      keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
   }

   XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
   xmlSignature.sign(domSignContext);
}
 

@Test
public void newKeySelector_keyinfoMissing() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    response = response.replaceAll(System.lineSeparator(), "").replaceAll(
            "<ds:KeyInfo>.*</ds:KeyInfo>", "");
    Document document = XMLConverter.convertToDocument(response, true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    try {
        // when
        factory.newKeySelector(nl.item(0));
        fail();
    } catch (DigitalSignatureValidationException e) {
        // then
        assertTrue(e.getMessage().contains(
                "No KeyInfo element found in SAML assertion"));
    }
}
 

@Test
public void newKeySelector_keyValue() throws Exception {
    // given
    String response = Strings
            .textFileToString("javares/openamResponse.xml");
    Document document = XMLConverter.convertToDocument(
            replaceX509WithKeyValueData(response), true);
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");

    // when
    KeySelector keySelector = factory.newKeySelector(nl.item(0));

    // then
    assertTrue(keySelector instanceof KeyValueKeySelector);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

private static String explainValidationProblem(
    DOMValidateContext context, XMLSignature signature)
        throws XMLSignatureException {
  @SuppressWarnings("unchecked")  // Safe by specification.
  List<Reference> references = signature.getSignedInfo().getReferences();
  StringBuilder builder = new StringBuilder();
  builder.append("Signature failed core validation\n");
  boolean sv = signature.getSignatureValue().validate(context);
  builder.append(String.format("Signature validation status: %s\n", sv));
  for (Reference ref : references) {
    builder.append("references[");
    builder.append(ref.getURI());
    builder.append("] validity status: ");
    builder.append(ref.validate(context));
    builder.append("\n");
  }
  return builder.toString();
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

public Result validate ( final Document doc ) throws Exception
{
    final NodeList nl = doc.getElementsByTagNameNS ( XMLSignature.XMLNS, "Signature" ); //$NON-NLS-1$

    if ( nl.getLength () == 0 )
    {
        return new Result ( StatusCodes.VALIDATE_NO_SIGNATURE_DATA, "No signature data found" );
    }

    final DOMValidateContext dvc = new DOMValidateContext ( this.keySelector, nl.item ( 0 ) );

    final XMLSignature signature = this.factory.unmarshalXMLSignature ( dvc );

    try
    {
        final boolean result = signature.validate ( dvc );

        return new Result ( result, signature );
    }
    catch ( final XMLSignatureException e )
    {
        logger.debug ( "Failed to perform validation", e );
        return Result.INVALID;
    }
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

public void compare ( final Document sourceDoc, final Document signedDoc ) throws Exception
{
    final Document d1 = cloneDoc ( sourceDoc );
    final Document d2 = cloneDoc ( signedDoc );

    final NodeList nl = d2.getElementsByTagNameNS ( XMLSignature.XMLNS, "Signature" );

    while ( nl.getLength () > 0 )
    {
        final Node item = nl.item ( 0 );
        item.getParentNode ().removeChild ( item );
    }

    d1.normalizeDocument ();
    d2.normalizeDocument ();

    final Element root1 = d1.getDocumentElement ();
    final Element root2 = d2.getDocumentElement ();

    compareNode ( root1, root2 );
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}
 

/**
 * Check the xmldsig signature of the XML document.
 * @param document the document to test
 * @param publicKey the public key corresponding to the key pair the document was signed with
 * @return true if a correct signature is present, false otherwise
 */
public static boolean validSignature(Document document, Key publicKey) {
    Node signatureNode =  document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").item(0);
    KeySelector keySelector = KeySelector.singletonKeySelector(publicKey);

    try {
        String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());
        DOMValidateContext valContext = new DOMValidateContext(keySelector, signatureNode);

        XMLSignature signature = fac.unmarshalXMLSignature(valContext);
        return signature.validate(valContext);
    } catch (Exception e) {
        Logger.warn("Error validating an XML signature.", e);
        return false;
    }
}
 

/**
 * This method invokes the {@link #marshalParams marshalParams}
 * method to marshal any algorithm-specific parameters.
 */
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
    throws MarshalException
{
    Document ownerDoc = DOMUtils.getOwnerDocument(parent);

    Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
                                            XMLSignature.XMLNS, dsPrefix);
    DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());

    if (getParameterSpec() != null) {
        marshalParams(smElem, dsPrefix);
    }

    parent.appendChild(smElem);
}