Java Code Examples for javax.xml.crypto.dsig.XMLSignature#sign()
The following examples show how to use
javax.xml.crypto.dsig.XMLSignature#sign() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DigitalSignatures.java From org.hl7.fhir.core with Apache License 2.0 | 8 votes |
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // create a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // sign the document DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = System.out; new XmlGenerator().generate(doc.getDocumentElement(), os); }
Example 2
Source File: DigitalSignatures.java From org.hl7.fhir.core with Apache License 2.0 | 7 votes |
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // create a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // sign the document DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = System.out; new XmlGenerator().generate(doc.getDocumentElement(), os); }
Example 3
Source File: STSServiceImpl.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList(); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null)); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null); CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null); SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = null; if (keyInfoValue instanceof PublicKey) { keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue))); } else { if (!(keyInfoValue instanceof X509Certificate)) { throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]"); } keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue)))); } XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
Example 4
Source File: STSServiceImpl.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList(); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null)); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null); CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null); SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = null; if (keyInfoValue instanceof PublicKey) { keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue))); } else { if (!(keyInfoValue instanceof X509Certificate)) { throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]"); } keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue)))); } XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
Example 5
Source File: STSServiceImpl.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList(); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null)); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null); CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null); SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = null; if (keyInfoValue instanceof PublicKey) { keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue))); } else { if (!(keyInfoValue instanceof X509Certificate)) { throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]"); } keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue)))); } XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
Example 6
Source File: STSServiceImpl.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList(); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null)); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null); CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null); SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = null; if (keyInfoValue instanceof PublicKey) { keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue))); } else { if (!(keyInfoValue instanceof X509Certificate)) { throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]"); } keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue)))); } XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
Example 7
Source File: STSServiceImpl.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList(); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null)); transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null); CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null); SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = null; if (keyInfoValue instanceof PublicKey) { keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue))); } else { if (!(keyInfoValue instanceof X509Certificate)) { throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]"); } keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue)))); } XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
Example 8
Source File: XMLSignatureUtil.java From keycloak with Apache License 2.0 | 5 votes |
private static void signImpl(DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, String keyName, PublicKey publicKey, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException { dsc.setDefaultNamespacePrefix("dsig"); DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); List<Transform> transformList = new ArrayList<>(); transformList.add(transform1); transformList.add(transform2); Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null); CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null); List<Reference> referenceList = Collections.singletonList(ref); SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList); KeyInfo ki; if (includeKeyInfoInSignature) { ki = createKeyInfo(keyName, publicKey, x509Certificate); } else { ki = createKeyInfo(keyName, null, null); } XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); }
Example 9
Source File: XML.java From restcommander with Apache License 2.0 | 5 votes |
/** * Sign the XML document using xmldsig. * @param document the document to sign; it will be modified by the method. * @param publicKey the public key from the key pair to sign the document. * @param privateKey the private key from the key pair to sign the document. * @return the signed document for chaining. */ public static Document sign(Document document, RSAPublicKey publicKey, RSAPrivateKey privateKey) { XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory(); try { Reference ref =fac.newReference( "", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); DOMSignContext dsc = new DOMSignContext(privateKey, document.getDocumentElement()); KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey); KeyInfo ki = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); } catch (Exception e) { Logger.warn("Error while signing an XML document.", e); } return document; }
Example 10
Source File: XmlSignatureApplet.java From juddi with Apache License 2.0 | 5 votes |
private void signDOM(Node node, PrivateKey privateKey, Certificate origCert) { XMLSignatureFactory fac = initXMLSigFactory(); X509Certificate cert = (X509Certificate) origCert; // Create the KeyInfo containing the X509Data. KeyInfoFactory kif = fac.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<Object>(); //x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); X509Data xd = kif.newX509Data(x509Content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); // Create a DOMSignContext and specify the RSA PrivateKey and // location of the resulting XMLSignature's parent element. DOMSignContext dsc = new DOMSignContext(privateKey, node); dsc.putNamespacePrefix(XML_DIGSIG_NS, "ns2"); // Create the XMLSignature, but don't sign it yet. try { SignedInfo si = initSignedInfo(fac); XMLSignature signature = fac.newXMLSignature(si, ki); // Marshal, generate, and sign the enveloped signature. signature.sign(dsc); } catch (Exception e) { throw new RuntimeException(e); } }
Example 11
Source File: TckSigningUtil.java From juddi with Apache License 2.0 | 5 votes |
public static void signDOM(Node node, PrivateKey privateKey, Certificate origCert) { XMLSignatureFactory fac = initXMLSigFactory(); X509Certificate cert = (X509Certificate) origCert; // Create the KeyInfo containing the X509Data. KeyInfoFactory kif = fac.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<Object>(); x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); X509Data xd = kif.newX509Data(x509Content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); // Create a DOMSignContext and specify the RSA PrivateKey and // location of the resulting XMLSignature's parent element. DOMSignContext dsc = new DOMSignContext(privateKey, node); dsc.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ns2"); // Create the XMLSignature, but don't sign it yet. try { SignedInfo si = initSignedInfo(fac); XMLSignature signature = fac.newXMLSignature(si, ki); // Marshal, generate, and sign the enveloped signature. signature.sign(dsc); } catch (Exception e) { throw new RuntimeException(e); } }
Example 12
Source File: XMLSignatureBuilder.java From development with Apache License 2.0 | 5 votes |
public Document sign(FileInputStream fileStream, KeyPair keyPair) throws ParserConfigurationException, SAXException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); DocumentBuilder builder = factory.newDocumentBuilder(); Document document = builder.parse(fileStream); DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); XMLSignatureFactory signFactory = XMLSignatureFactory .getInstance("DOM"); Reference ref = signFactory.newReference("", signFactory .newDigestMethod(digestMethod, null), Collections .singletonList(signFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = signFactory.newSignedInfo(signFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), signFactory .newSignatureMethod(signatureMethod, null), Collections .singletonList(ref)); KeyInfoFactory kif = signFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(keyPair.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = signFactory.newXMLSignature(si, ki); signature.sign(signContext); return document; }
Example 13
Source File: RequestSigner.java From neoscada with Eclipse Public License 1.0 | 5 votes |
synchronized void sign ( final Key privateKey, final PublicKey publicKey, final Certificate cert, final Document doc ) throws Exception { final DOMSignContext dsc = new DOMSignContext ( privateKey, doc.getDocumentElement () ); final SignatureMethod sm = this.fac.newSignatureMethod ( fromAlg ( privateKey.getAlgorithm () ), null ); final SignedInfo si = this.fac.newSignedInfo ( this.cm, sm, Collections.singletonList ( this.ref ) ); final List<Object> data = new LinkedList<Object> (); if ( cert != null ) { data.add ( this.kif.newKeyValue ( cert.getPublicKey () ) ); data.add ( this.kif.newX509Data ( Collections.singletonList ( cert ) ) ); } else { data.add ( this.kif.newKeyValue ( publicKey ) ); } final KeyInfo ki = this.kif.newKeyInfo ( data ); final XMLSignature signature = this.fac.newXMLSignature ( si, ki ); // finally sign signature.sign ( dsc ); }
Example 14
Source File: XmlSignatureHelper.java From secure-data-service with Apache License 2.0 | 5 votes |
/** * Signs the SAML assertion using the specified public and private keys. * * @param document * SAML assertion be signed. * @param privateKey * Private key used to sign SAML assertion. * @param publicKey * Public key used to sign SAML asserion. * @return w3c element representation of specified document. * @throws NoSuchAlgorithmException * @throws InvalidAlgorithmParameterException * @throws KeyException * @throws MarshalException * @throws XMLSignatureException */ private Element signSamlAssertion(Document document, PrivateKey privateKey, X509Certificate certificate) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException { XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); List<Transform> envelopedTransform = Collections.singletonList(signatureFactory.newTransform( Transform.ENVELOPED, (TransformParameterSpec) null)); Reference ref = signatureFactory.newReference("", signatureFactory.newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null); SignatureMethod signatureMethod = null; if (certificate.getPublicKey() instanceof DSAPublicKey) { signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null); } else if (certificate.getPublicKey() instanceof RSAPublicKey) { signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); } CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(ref)); KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory(); X509Data data = keyInfoFactory.newX509Data(Collections.singletonList(certificate)); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(data)); Element w3cElement = document.getDocumentElement(); Node xmlSigInsertionPoint = getXmlSignatureInsertionLocation(w3cElement); DOMSignContext dsc = new DOMSignContext(privateKey, w3cElement, xmlSigInsertionPoint); XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(dsc); return w3cElement; }
Example 15
Source File: DigitalSignatures.java From org.hl7.fhir.core with Apache License 2.0 | 5 votes |
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // create a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // sign the document DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = System.out; new XmlGenerator().generate(doc.getDocumentElement(), os); }
Example 16
Source File: DigitalSignatures.java From org.hl7.fhir.core with Apache License 2.0 | 5 votes |
public static void main(String[] args) throws Exception { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // // create a key pair // KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); // kpg.initialize(512); // KeyPair kp = kpg.generateKeyPair(); PublicKey pub = getPublicKey("C:\\work\\fhirserver\\tests\\signatures\\public_key.der"); PrivateKey priv = getPrivateKey("C:\\work\\fhirserver\\tests\\signatures\\private_key.der"); // sign the document DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(pub); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = new FileOutputStream("c:\\temp\\java-digsig.xml"); new XmlGenerator().generate(doc.getDocumentElement(), os); }
Example 17
Source File: DigitalSignatures.java From org.hl7.fhir.core with Apache License 2.0 | 5 votes |
public static void main(String[] args) throws Exception { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // // create a key pair // KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); // kpg.initialize(512); // KeyPair kp = kpg.generateKeyPair(); PublicKey pub = getPublicKey("C:\\work\\fhirserver\\tests\\signatures\\public_key.der"); PrivateKey priv = getPrivateKey("C:\\work\\fhirserver\\tests\\signatures\\private_key.der"); // sign the document DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(pub); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = new FileOutputStream("c:\\temp\\java-digsig.xml"); new XmlGenerator().generate(doc.getDocumentElement(), os); }
Example 18
Source File: SoapMultiSignature.java From cstc with GNU General Public License v3.0 | 5 votes |
protected byte[] perform(byte[] input) throws Exception { String signMethod = (String)signatureMethod.getSelectedItem(); PrivateKeyEntry keyEntry = this.selectedEntry; XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); ArrayList<Reference> references = getReferences(fac); SignedInfo signatureInfo = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null), fac.newSignatureMethod(signatureMethods.get(signMethod), null), references); KeyInfo keyInfo = this.getKeyInfo(fac, keyEntry); XMLSignature signature = fac.newXMLSignature(signatureInfo, keyInfo); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(input)); try { validateIdAttributes(doc); } catch( Exception e ) { throw new IllegalArgumentException("Provided Id identifier seems to be invalid."); } DOMSignContext dsc = new DOMSignContext (keyEntry.getPrivateKey(), doc.getDocumentElement()); signature.sign(dsc); DOMSource source = new DOMSource(doc); ByteArrayOutputStream bos = new ByteArrayOutputStream(); StreamResult result = new StreamResult(bos); TransformerFactory transformerFactory = TransformerFactory.newInstance(); Transformer transformer = transformerFactory.newTransformer(); transformer.transform(source, result); return bos.toByteArray(); }
Example 19
Source File: SamlUtils.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
private static Element signSamlElement(final Element element, final PrivateKey privKey, final PublicKey pubKey) { try { final String providerName = System.getProperty("jsr105Provider", JSR_105_PROVIDER); final XMLSignatureFactory sigFactory = XMLSignatureFactory .getInstance("DOM", (Provider) Class.forName(providerName) .newInstance()); final List envelopedTransform = Collections .singletonList(sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); final Reference ref = sigFactory.newReference("", sigFactory .newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null); // Create the SignatureMethod based on the type of key SignatureMethod signatureMethod; if (pubKey instanceof DSAPublicKey) { signatureMethod = sigFactory.newSignatureMethod( SignatureMethod.DSA_SHA1, null); } else if (pubKey instanceof RSAPublicKey) { signatureMethod = sigFactory.newSignatureMethod( SignatureMethod.RSA_SHA1, null); } else { throw new RuntimeException( "Error signing SAML element: Unsupported type of key"); } final CanonicalizationMethod canonicalizationMethod = sigFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); // Create the SignedInfo final SignedInfo signedInfo = sigFactory.newSignedInfo( canonicalizationMethod, signatureMethod, Collections .singletonList(ref)); // Create a KeyValue containing the DSA or RSA PublicKey final KeyInfoFactory keyInfoFactory = sigFactory .getKeyInfoFactory(); final KeyValue keyValuePair = keyInfoFactory.newKeyValue(pubKey); // Create a KeyInfo and add the KeyValue to it final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections .singletonList(keyValuePair)); // Convert the JDOM document to w3c (Java XML signature API requires // w3c // representation) org.w3c.dom.Element w3cElement = toDom(element); // Create a DOMSignContext and specify the DSA/RSA PrivateKey and // location of the resulting XMLSignature's parent element DOMSignContext dsc = new DOMSignContext(privKey, w3cElement); org.w3c.dom.Node xmlSigInsertionPoint = getXmlSignatureInsertLocation(w3cElement); dsc.setNextSibling(xmlSigInsertionPoint); // Marshal, generate (and sign) the enveloped signature XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(dsc); return toJdom(w3cElement); } catch (final Exception e) { throw new RuntimeException("Error signing SAML element: " + e.getMessage(), e); } }
Example 20
Source File: MetadataWriter.java From cxf with Apache License 2.0 | 4 votes |
private static Document signMetaInfo(X509Certificate signingCert, Key signingKey, Document doc, String referenceID ) throws Exception { String signatureMethod = null; if ("SHA1withDSA".equals(signingCert.getSigAlgName())) { signatureMethod = SignatureMethod.DSA_SHA1; } else if ("SHA1withRSA".equals(signingCert.getSigAlgName())) { signatureMethod = SignatureMethod.RSA_SHA1; } else if ("SHA256withRSA".equals(signingCert.getSigAlgName())) { signatureMethod = SignatureMethod.RSA_SHA1; } else { LOG.error("Unsupported signature method: " + signingCert.getSigAlgName()); throw new RuntimeException("Unsupported signature method: " + signingCert.getSigAlgName()); } List<Transform> transformList = new ArrayList<>(); transformList.add(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)); transformList.add(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec)null)); // Create a Reference to the enveloped document (in this case, // you are signing the whole document, so a URI of "" signifies // that, and also specify the SHA1 digest algorithm and // the ENVELOPED Transform. Reference ref = XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null); // Create the SignedInfo. SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo( XML_SIGNATURE_FACTORY.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec)null), XML_SIGNATURE_FACTORY.newSignatureMethod(signatureMethod, null), Collections.singletonList(ref)); // Create the KeyInfo containing the X509Data. KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<>(); x509Content.add(signingCert.getSubjectX500Principal().getName()); x509Content.add(signingCert); X509Data xd = kif.newX509Data(x509Content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); // Create a DOMSignContext and specify the RSA PrivateKey and // location of the resulting XMLSignature's parent element. //DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement()); DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID"); dsc.setNextSibling(doc.getDocumentElement().getFirstChild()); // Create the XMLSignature, but don't sign it yet. XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki); // Marshal, generate, and sign the enveloped signature. signature.sign(dsc); // Output the resulting document. return doc; }