Java 类javax.xml.crypto.dsig.CanonicalizationMethod 实例源码

private List<AlgorithmMethod> getTransformsXsltXpath() {
    try {
        AlgorithmMethod transformXslt = XmlSignatureHelper.getXslTransform("/org/apache/camel/component/xmlsecurity/xslt_test.xsl");
        Map<String, String> namespaceMap = new HashMap<String, String>(1);
        namespaceMap.put("n0", "https://org.apache/camel/xmlsecurity/test");
        AlgorithmMethod transformXpath = XmlSignatureHelper.getXPathTransform("//n0:XMLSecurity/n0:Content", namespaceMap);
        // I removed base 64 transform because the JDK implementation does
        // not correctly support this transformation
        // AlgorithmMethod transformBase64 = helper.getBase64Transform();
        List<AlgorithmMethod> result = new ArrayList<AlgorithmMethod>(3);
        result.add(XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE));
        result.add(transformXslt);
        result.add(transformXpath);
        // result.add(transformBase64);
        return result;
    } catch (Exception e) {
        throw new IllegalStateException(e);
    }
}

@Override
public Output get(Input input) throws Exception {

    Transform transform = input.getSignatureFactory().newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null);
    Reference ref = input.getSignatureFactory().newReference("#propertiesObject",
            input.getSignatureFactory().newDigestMethod(input.getContentDigestAlgorithm(), null), Collections.singletonList(transform),
            null, null);

    String doc2 = "<ts:timestamp xmlns:ts=\"http:/timestamp\">" + System.currentTimeMillis() + "</ts:timestamp>";
    InputStream is = new ByteArrayInputStream(doc2.getBytes("UTF-8"));
    Document doc = XmlSignatureHelper.newDocumentBuilder(Boolean.TRUE).parse(is);
    DOMStructure structure = new DOMStructure(doc.getDocumentElement());

    SignatureProperty prop = input.getSignatureFactory().newSignatureProperty(Collections.singletonList(structure),
            input.getSignatureId(), "property");
    SignatureProperties properties = input.getSignatureFactory().newSignatureProperties(Collections.singletonList(prop), "properties");
    XMLObject propertiesObject = input.getSignatureFactory().newXMLObject(Collections.singletonList(properties), "propertiesObject",
            null, null);

    XmlSignatureProperties.Output result = new Output();
    result.setReferences(Collections.singletonList(ref));
    result.setObjects(Collections.singletonList(propertiesObject));

    return result;
}

@Override
protected DSSReference createReference(DSSDocument document, int referenceIndex) {
    // <ds:Reference Id="signed-data-ref" Type="http://www.w3.org/2000/09/xmldsig#Object"
    // URI="#signed-data-idfc5ff27ee49763d9ba88ba5bbc49f732">
    final DSSReference reference = new DSSReference();
    reference.setId("r-id-" + referenceIndex);
    reference.setContents(document);
    reference.setDigestMethodAlgorithm(params.getDigestAlgorithm());

    if (params.isManifestSignature()) {
        reference.setType(HTTP_WWW_W3_ORG_2000_09_XMLDSIG_MANIFEST);
        reference.setUri("#" + ((params.getManifestId() == null) ? "manifest" : params.getManifestId()));

        DSSTransform xmlTransform = new DSSTransform();
        xmlTransform.setAlgorithm(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS);
        reference.setTransforms(Arrays.asList(xmlTransform));
    } else {
        reference.setType(HTTP_WWW_W3_ORG_2000_09_XMLDSIG_OBJECT);
        reference.setUri("#o-id-" + referenceIndex);

        DSSTransform base64Transform = new DSSTransform();
        base64Transform.setAlgorithm(CanonicalizationMethod.BASE64);
        reference.setTransforms(Arrays.asList(base64Transform));
    }
    return reference;
}

@Before
public void init() throws Exception {
    documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));

    signatureParameters = new XAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    // Will add the signature within the tr tag
    signatureParameters.setXPathLocationString("//*[local-name() = 'tr']");

    service = new XAdESService(getCompleteCertificateVerifier());
}

private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception {
        Reference ref = initReference(fac);
        String cm = null;
        cm = map.getProperty(CANONICALIZATIONMETHOD);
        String sigmethod = null;
        sigmethod = map.getProperty(SIGNATURE_METHOD);
        if (sigmethod == null) {
                sigmethod = SignatureMethod.RSA_SHA1;
        }
        if (cm == null) {
                cm = CanonicalizationMethod.EXCLUSIVE;
        }
        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(
                cm,
                (C14NMethodParameterSpec) null),
                fac.newSignatureMethod(sigmethod,
                        null), Collections.singletonList(ref));
        return si;
}

public XmlSignatureHandler() throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException {
    this.builderFactory = DocumentBuilderFactory.newInstance();
    this.builderFactory.setNamespaceAware(true);
    this.transformerFactory = TransformerFactory.newInstance();
    this.signatureFactory = XMLSignatureFactory.getInstance("DOM");
    this.digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
    this.transformList = new ArrayList<Transform>(2);

    this.transformList.add(
            signatureFactory.newTransform(
                    Transform.ENVELOPED,
                    (TransformParameterSpec) null));

    this.transformList.add(
            signatureFactory.newTransform(
                    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
                    (TransformParameterSpec) null));

    this.canonicalizationMethod = this.signatureFactory.newCanonicalizationMethod(
            CanonicalizationMethod.INCLUSIVE,
            (C14NMethodParameterSpec) null);

    this.signatureMethod = this.signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    this.keyInfoFactory = this.signatureFactory.getKeyInfoFactory();

}

/**
 * Sign SAML element.
 *
 * @param element the element
 * @param privKey the priv key
 * @param pubKey  the pub key
 * @return the element
 */
private static org.jdom.Element signSamlElement(final org.jdom.Element element, final PrivateKey privKey, final PublicKey pubKey) {
    try {
        final String providerName = System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS);

        final XMLSignatureFactory sigFactory = XMLSignatureFactory
                .getInstance("DOM", (Provider) Class.forName(providerName).newInstance());

        final List<Transform> envelopedTransform = Collections.singletonList(sigFactory.newTransform(Transform.ENVELOPED,
                (TransformParameterSpec) null));

        final Reference ref = sigFactory.newReference(StringUtils.EMPTY, sigFactory
                .newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null);

        // Create the SignatureMethod based on the type of key
        final SignatureMethod signatureMethod;
        final String algorithm = pubKey.getAlgorithm();
        switch (algorithm) {
            case "DSA":
                signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null);
                break;
            case "RSA":
                signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
                break;
            default:
                throw new RuntimeException("Error signing SAML element: Unsupported type of key");
        }

        final CanonicalizationMethod canonicalizationMethod = sigFactory
                .newCanonicalizationMethod(
                        CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                        (C14NMethodParameterSpec) null);

        // Create the SignedInfo
        final SignedInfo signedInfo = sigFactory.newSignedInfo(
                canonicalizationMethod, signatureMethod, Collections.singletonList(ref));

        // Create a KeyValue containing the DSA or RSA PublicKey
        final KeyInfoFactory keyInfoFactory = sigFactory.getKeyInfoFactory();
        final KeyValue keyValuePair = keyInfoFactory.newKeyValue(pubKey);

        // Create a KeyInfo and add the KeyValue to it
        final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValuePair));
        // Convert the JDOM document to w3c (Java XML signature API requires w3c representation)
        final Element w3cElement = toDom(element);

        // Create a DOMSignContext and specify the DSA/RSA PrivateKey and
        // location of the resulting XMLSignature's parent element
        final DOMSignContext dsc = new DOMSignContext(privKey, w3cElement);

        final Node xmlSigInsertionPoint = getXmlSignatureInsertLocation(w3cElement);
        dsc.setNextSibling(xmlSigInsertionPoint);

        // Marshal, generate (and sign) the enveloped signature
        final XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo);
        signature.sign(dsc);

        return toJdom(w3cElement);

    } catch (final Exception e) {
        throw new RuntimeException("Error signing SAML element: " + e.getMessage(), e);
    }
}

public RequestSigner ( final Configuration configuration ) throws Exception
{
    this.fac = XMLSignatureFactory.getInstance ( "DOM" );
    this.md = this.fac.newDigestMethod ( configuration.getDigestMethod (), null );
    this.kif = this.fac.getKeyInfoFactory ();

    this.t = this.fac.newTransform ( Transform.ENVELOPED, (TransformParameterSpec)null );
    this.ref = this.fac.newReference ( "", this.md, Collections.singletonList ( this.t ), null, null );
    this.cm = this.fac.newCanonicalizationMethod ( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null );
}

public Document sign(FileInputStream fileStream, KeyPair keyPair)
        throws ParserConfigurationException, SAXException, IOException,
        NoSuchAlgorithmException, InvalidAlgorithmParameterException,
        KeyException, MarshalException, XMLSignatureException {

    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);

    DocumentBuilder builder = factory.newDocumentBuilder();
    Document document = builder.parse(fileStream);

    DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
            document.getDocumentElement());
    XMLSignatureFactory signFactory = XMLSignatureFactory
            .getInstance("DOM");
    Reference ref = signFactory.newReference("", signFactory
            .newDigestMethod(digestMethod, null), Collections
            .singletonList(signFactory.newTransform(Transform.ENVELOPED,
                    (TransformParameterSpec) null)), null, null);
    SignedInfo si = signFactory.newSignedInfo(signFactory
            .newCanonicalizationMethod(
                    CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                    (C14NMethodParameterSpec) null), signFactory
            .newSignatureMethod(signatureMethod, null), Collections
            .singletonList(ref));

    KeyInfoFactory kif = signFactory.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(keyPair.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    XMLSignature signature = signFactory.newXMLSignature(si, ki);
    signature.sign(signContext);

    return document;
}

public HMACSignatureAlgorithmTest() throws Exception {
    //
    // If the BouncyCastle provider is not installed, then try to load it
    // via reflection.
    //
    if (Security.getProvider("BC") == null) {
        Constructor<?> cons = null;
        try {
            Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
            cons = c.getConstructor(new Class[] {});
        } catch (Exception e) {
            //ignore
        }
        if (cons != null) {
            Provider provider = (Provider)cons.newInstance();
            Security.insertProviderAt(provider, 2);
            bcInstalled = true;
        }
    }

    db = XMLUtils.createDocumentBuilder(false);
    // create common objects
    fac = XMLSignatureFactory.getInstance("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI());
    withoutComments = fac.newCanonicalizationMethod
        (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);

    // Digest Methods
    sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);

    hmacSha1 = fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#hmac-sha1", null);
    hmacSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha224", null);
    hmacSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);
    hmacSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);
    hmacSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);
    ripemd160 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160", null);

    sks = new KeySelectors.SecretKeySelector("testkey".getBytes("ASCII"));
}

public void dsig() throws Exception {

        XMLSignatureFactory fac = XMLSignatureFactory.getInstance
            ("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI());
        long start = System.currentTimeMillis();
        for (int i = 0; i < 100; i++) {
            fac.newCanonicalizationMethod
                (CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
        }
        long end = System.currentTimeMillis();
        long elapsed = end - start;
        if (log.isDebugEnabled()) {
            log.debug("Elapsed: " + elapsed);
            log.debug("dsig succeeded");
        }
    }

public String assinarDocumento(final String conteudoXml) throws Exception {
    final KeyStore keyStore = KeyStore.getInstance("PKCS12");
    try (InputStream certificadoStream = new ByteArrayInputStream(this.config.getCertificado())) {
        keyStore.load(certificadoStream, this.config.getCertificadoSenha().toCharArray());
    }

    final KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyStore.aliases().nextElement(), new KeyStore.PasswordProtection(this.config.getCertificadoSenha().toCharArray()));
    final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");

    final List<Transform> transforms = new ArrayList<>(2);
    transforms.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
    transforms.add(signatureFactory.newTransform(AssinaturaDigital.C14N_TRANSFORM_METHOD, (TransformParameterSpec) null));

    final KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
    final X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList((X509Certificate) keyEntry.getCertificate()));
    final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data));

    final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);

    try (StringReader stringReader = new StringReader(conteudoXml)) {
        final Document document = documentBuilderFactory.newDocumentBuilder().parse(new InputSource(stringReader));
        for (final String elementoAssinavel : AssinaturaDigital.ELEMENTOS_ASSINAVEIS) {
            final NodeList elements = document.getElementsByTagName(elementoAssinavel);
            for (int i = 0; i < elements.getLength(); i++) {
                final Element element = (Element) elements.item(i);
                final String id = element.getAttribute("Id");
                element.setIdAttribute("Id", true);

                final Reference reference = signatureFactory.newReference("#" + id, signatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null);
                final SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));

                final XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo);
                signature.sign(new DOMSignContext(keyEntry.getPrivateKey(), element.getParentNode()));
            }
        }
        return this.converteDocumentParaXml(document);
    }
}

protected Reference createKeyInfoReference(XMLSignatureFactory fac, String keyInfoId, String digestAlgorithm) throws Exception { //NOPMD

        if (keyInfoId == null) {
            return null;
        }
        if (getConfiguration().getAddKeyInfoReference() == null) {
            return null;
        }

        if (!getConfiguration().getAddKeyInfoReference()) {
            return null;
        }

        LOG.debug("Creating reference to key info element with Id: {}", keyInfoId);
        List<Transform> transforms = new ArrayList<Transform>(1);
        Transform transform = fac.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null);
        transforms.add(transform);
        return fac.newReference("#" + keyInfoId, fac.newDigestMethod(digestAlgorithm, null), transforms, null, null);
    }

private List<AlgorithmMethod> getTransformsXPath2() {

        List<XPathAndFilter> list = new ArrayList<XPathAndFilter>(3);
        XPathAndFilter xpath1 = new XPathAndFilter("//n0:ToBeSigned", XPathType.Filter.INTERSECT.toString());
        list.add(xpath1);
        XPathAndFilter xpath2 = new XPathAndFilter("//n0:NotToBeSigned", XPathType.Filter.SUBTRACT.toString());
        list.add(xpath2);
        XPathAndFilter xpath3 = new XPathAndFilter("//n0:ReallyToBeSigned", XPathType.Filter.UNION.toString());
        list.add(xpath3);
        List<AlgorithmMethod> result = new ArrayList<AlgorithmMethod>(2);
        result.add(XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE));
        result.add(XmlSignatureHelper.getXPath2Transform(list, getNamespaceMap()));
        return result;
    }

public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId,
        List<X509Certificate> signingCertificateChain, List<Reference> references, List<XMLObject> objects)
                throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
    DigestMethod digestMethod = signatureFactory.newDigestMethod(this.digestAlgo.getXmlAlgoId(), null);

    List<Transform> transforms = new LinkedList<Transform>();
    Map<String, String> xpathNamespaceMap = new HashMap<String, String>();
    xpathNamespaceMap.put("ds", "http://www.w3.org/2000/09/xmldsig#");

    // XPath v1 - slow...
    // Transform envelopedTransform = signatureFactory.newTransform(
    // CanonicalizationMethod.XPATH, new XPathFilterParameterSpec(
    // "not(ancestor-or-self::ds:Signature)",
    // xpathNamespaceMap));

    // XPath v2 - fast...
    List<XPathType> types = new ArrayList<XPathType>(1);
    types.add(new XPathType("/descendant::*[name()='ds:Signature']", XPathType.Filter.SUBTRACT, xpathNamespaceMap));
    Transform envelopedTransform = signatureFactory.newTransform(CanonicalizationMethod.XPATH2,
            new XPathFilter2ParameterSpec(types));

    transforms.add(envelopedTransform);

    Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE,
            (TransformParameterSpec) null);
    transforms.add(exclusiveTransform);

    Reference reference = signatureFactory.newReference("", digestMethod, transforms, null, this.dsReferenceId);

    references.add(reference);
}

public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId,
        List<X509Certificate> signingCertificateChain, List<Reference> references, List<XMLObject> objects)
                throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
    DigestMethod digestMethod = signatureFactory.newDigestMethod(this.digestAlgo.getXmlAlgoId(), null);

    List<Transform> transforms = new LinkedList<Transform>();
    Transform envelopedTransform = signatureFactory.newTransform(CanonicalizationMethod.ENVELOPED,
            (TransformParameterSpec) null);
    transforms.add(envelopedTransform);
    Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE,
            (TransformParameterSpec) null);
    transforms.add(exclusiveTransform);

    Reference reference = signatureFactory.newReference("", digestMethod, transforms, null, null);

    references.add(reference);
}

@Test
public void testJsr105ReferenceUri() throws Exception {
    String uri = FilenameUtils.getName(new File("foo bar.txt").toURI().toURL().getFile());

    KeyPair keyPair = generateKeyPair();

    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    Document document = documentBuilder.newDocument();

    XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document);

    byte[] externalDocument = "hello world".getBytes();
    MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
    messageDigest.update(externalDocument);
    byte[] documentDigestValue = messageDigest.digest();

    DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
    Reference reference = signatureFactory.newReference(uri, digestMethod, null, null, null, documentDigestValue);

    SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod(
            CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null);
    javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod,
            signatureMethod, Collections.singletonList(reference));

    javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null);

    xmlSignature.sign(signContext);
}

public Document sign(FileInputStream fileStream, KeyPair keyPair)
        throws ParserConfigurationException, SAXException, IOException,
        NoSuchAlgorithmException, InvalidAlgorithmParameterException,
        KeyException, MarshalException, XMLSignatureException {

    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);

    DocumentBuilder builder = factory.newDocumentBuilder();
    Document document = builder.parse(fileStream);

    DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
            document.getDocumentElement());
    XMLSignatureFactory signFactory = XMLSignatureFactory
            .getInstance("DOM");
    Reference ref = signFactory.newReference("", signFactory
            .newDigestMethod(digestMethod, null), Collections
            .singletonList(signFactory.newTransform(Transform.ENVELOPED,
                    (TransformParameterSpec) null)), null, null);
    SignedInfo si = signFactory.newSignedInfo(signFactory
            .newCanonicalizationMethod(
                    CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                    (C14NMethodParameterSpec) null), signFactory
            .newSignatureMethod(signatureMethod, null), Collections
            .singletonList(ref));

    KeyInfoFactory kif = signFactory.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(keyPair.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    XMLSignature signature = signFactory.newXMLSignature(si, ki);
    signature.sign(signContext);

    return document;
}

protected byte[][] getWrapperTags() throws Exception {
    String ns = myThreadSafeData.getWrapperNS(), prefix = myThreadSafeData.getWrapperPrefix(), xsi = null, xsiSchemaLoc = null;
    boolean isXsi = myThreadSafeData.isWrapperXsi(), isXsiSchemaLoc = myThreadSafeData.isWrapperXsiSchemaLoc();
    if (isXsi) {
        xsi = myThreadSafeData.getWrapperXsi();
        if (isXsiSchemaLoc)
            xsiSchemaLoc = myThreadSafeData.getWrapperXsiSchemaLoc();
    }
    if ("".equals(ns) && !"".equals(prefix))
        throw new Exception("non-empty wrapperPrefix not allower for empty wrapperNS");
    byte[][] tags = new byte[2][];
    String startTag, endTag;
Canonicalizer canonicalizer = Canonicalizer.getInstance(CanonicalizationMethod.INCLUSIVE);
    if ("".equals(prefix)) {
        //<Wrapper xmlns="urn:xmpp:xml-element" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:xmpp:xml-element FATCA-IDES-FileWrapper-1.1.xsd">
        startTag = "<Wrapper xmlns=\"" + ns + "\"" + (xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">";
        endTag = "</Wrapper>";
    } else {
        //<xyz:Wrapper xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xyz="urn:xmpp:xml-element" xsi:schemaLocation="urn:xmpp:xml-element FATCA-IDES-FileWrapper-1.1.xsd">
        startTag = "<" + prefix + ":Wrapper xmlns" + ":" + prefix + "=\"" + ns + "\"" + 
                (xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">";
        endTag = "</" + prefix + ":Wrapper>";
    }
startTag = new String(canonicalizer.canonicalize((startTag + endTag).getBytes()));
startTag = startTag.replaceFirst(endTag, "");
tags[0] = startTag.getBytes();
tags[1] = endTag.getBytes();
return tags;
  }

protected String getCanonicalizationMethod(SigXmlTransform sigXmlTransform) {
       switch(sigXmlTransform) {
       case InclusiveWithComments:
        return CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS;
       case Exclusive:
        return CanonicalizationMethod.EXCLUSIVE;
       case ExclusiveWithComments:
        return CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
       case Inclusive:
       case None:
       default:
        return CanonicalizationMethod.INCLUSIVE;
       }
}

private Element signSignature(String id, Element env, KeyInfoFactory keyInfoFactory, X509Credential credential) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {
    if (endorsingToken == null) return env;

    NodeList nl = env.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    for (int i = 0; i < nl.getLength(); i++) {
        Element e = (Element) nl.item(i);
        if (e.hasAttributeNS(null, "Id")) {
            e.setAttributeNS(WSSecurityConstants.WSU_NS, "Id", e.getAttribute("Id"));
            e.setIdAttributeNS(WSSecurityConstants.WSU_NS, "Id", true);
        }
    }
    env = SAMLUtil.loadElementFromString(XMLHelper.nodeToString(env));


    DigestMethod digestMethod = xsf.newDigestMethod(DigestMethod.SHA1, null);
    List<Transform> transforms = new ArrayList<Transform>(2);
    transforms.add(xsf.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#",new ExcC14NParameterSpec(Collections.singletonList("xsd"))));


    List<Reference> refs = new ArrayList<Reference>();
    Reference r = xsf.newReference("#"+id, digestMethod, transforms, null, null);
    refs.add(r);

    CanonicalizationMethod canonicalizationMethod = xsf.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    SignatureMethod signatureMethod = xsf.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    SignedInfo signedInfo = xsf.newSignedInfo(canonicalizationMethod, signatureMethod, refs);

    KeyInfo ki = generateKeyInfo(credential, keyInfoFactory, false);
    XMLSignature signature = xsf.newXMLSignature(signedInfo, ki);

       Node security = env.getElementsByTagNameNS(WSSecurityConstants.WSSE_NS, "Security").item(0);

       DOMSignContext signContext = new DOMSignContext(credential.getPrivateKey(), security); 
       signContext.putNamespacePrefix(SAMLConstants.XMLSIG_NS, SAMLConstants.XMLSIG_PREFIX);
       signContext.putNamespacePrefix(SAMLConstants.XMLENC_NS, SAMLConstants.XMLENC_PREFIX);

       signature.sign(signContext);

       return env;
}

@Override
protected DSSReference createReference(DSSDocument document, int referenceIndex) {

    DSSReference dssReference = new DSSReference();
    dssReference.setId("r-id-" + referenceIndex);
    dssReference.setUri("");
    dssReference.setContents(document);
    dssReference.setDigestMethodAlgorithm(params.getDigestAlgorithm());

    final List<DSSTransform> dssTransformList = new ArrayList<DSSTransform>();

    // For parallel signatures
    DSSTransform dssTransform = new DSSTransform();
    dssTransform.setAlgorithm(Transforms.TRANSFORM_XPATH);
    dssTransform.setElementName(DS_XPATH);
    dssTransform.setNamespace(XMLSignature.XMLNS);
    dssTransform.setTextContent(NOT_ANCESTOR_OR_SELF_DS_SIGNATURE);
    dssTransformList.add(dssTransform);

    // Canonicalization is the last operation, its better to operate the canonicalization on the smaller document
    dssTransform = new DSSTransform();
    dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE);
    dssTransformList.add(dssTransform);

    dssReference.setTransforms(dssTransformList);

    return dssReference;
}

@Before
public void init() throws Exception {
    documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));

    signatureParameters = new XAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);

    service = new XAdESService(getCompleteCertificateVerifier());
}

@Before
public void init() throws Exception {
    documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));

    signatureParameters = new XAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);

    service = new XAdESService(getCompleteCertificateVerifier());

    final List<DSSReference> references = new ArrayList<DSSReference>();

    DSSReference dssReference = new DSSReference();
    dssReference.setId("xml_ref_id");
    dssReference.setUri("");
    dssReference.setContents(documentToSign);
    dssReference.setDigestMethodAlgorithm(signatureParameters.getDigestAlgorithm());

    final List<DSSTransform> transforms = new ArrayList<DSSTransform>();

    DSSTransform dssTransform = new DSSTransform();
    dssTransform.setAlgorithm(CanonicalizationMethod.ENVELOPED);
    transforms.add(dssTransform);

    dssTransform = new DSSTransform();
    dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE);
    transforms.add(dssTransform);

    dssReference.setTransforms(transforms);
    references.add(dssReference);

    signatureParameters.setReferences(references);
}

@Before
public void init() throws Exception {
    documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));

    signatureParameters = new XAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignaturePackaging(SignaturePackaging.DETACHED);
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);

    service = new XAdESService(getCompleteCertificateVerifier());
}

@Before
public void init() throws Exception {
    documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));

    signatureParameters = new XAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);

    service = new XAdESService(getCompleteCertificateVerifier());
}

@Before
public void init() throws Exception {
    documentToSign = new InMemoryDocument("Hello World !".getBytes(), "test.text");

    signatureParameters = new ASiCWithXAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E);

    service = new ASiCWithXAdESService(getCompleteCertificateVerifier());
}

@Before
public void init() throws Exception {
    documentToSign = new InMemoryDocument("Hello World !".getBytes(), "test.text");

    signatureParameters = new ASiCWithXAdESSignatureParameters();
    signatureParameters.bLevel().setSigningDate(new Date());
    signatureParameters.setSigningCertificate(getSigningCert());
    signatureParameters.setCertificateChain(getCertificateChain());
    signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
    signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
    signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E);

    service = new ASiCWithXAdESService(getCompleteCertificateVerifier());
}

public <T extends Node> T sign(T node) {
    checkNotNull(node);
    checkArgument(node instanceof Document || node instanceof Element);
    try {
        Element element = node instanceof Document ? ((Document) node).getDocumentElement() : (Element) node;
        DOMSignContext dsc = new DOMSignContext(privateKey, element);
        XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");

        List<Transform> transformList = new LinkedList<>();
        transformList.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
        transformList.add(signatureFactory.newTransform(C14N_TRANSFORM_METHOD, (TransformParameterSpec) null));

        Node child = findFirstElementChild(element);
        ((Element) child).setIdAttribute("Id", true);

        String id = child.getAttributes().getNamedItem("Id").getNodeValue();
        String uri = String.format("#%s", id);
        Reference reference = signatureFactory.newReference(uri,
                signatureFactory.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null);

        SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(
                CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory
                .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));

        KeyInfoFactory kif = signatureFactory.getKeyInfoFactory();
        X509Data x509Data = kif.newX509Data(Collections.singletonList(certificateChain[0]));
        KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(x509Data));

        XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo);

        xmlSignature.sign(dsc);

        return node;
    }
    catch (Exception ex) {
        throw new IllegalArgumentException("Erro ao assinar XML.", ex);
    }
}

private void sign(KeyStore keyStore, KeyPair keyPair, String alias, Document document, List<EbMSDataSource> dataSources) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, KeyException, MarshalException, XMLSignatureException, KeyStoreException
{
    //XMLSignatureFactory signFactory = XMLSignatureFactory.getInstance("DOM");
    XMLSignatureFactory signFactory = XMLSignatureFactory.getInstance();
    DigestMethod sha1DigestMethod = signFactory.newDigestMethod(DigestMethod.SHA1,null);

    List<Transform> transforms = new ArrayList<Transform>();
    transforms.add(signFactory.newTransform(Transform.ENVELOPED,(TransformParameterSpec)null));
    Map<String,String> m = new HashMap<String,String>();
    m.put("soap","http://schemas.xmlsoap.org/soap/envelope/");
    transforms.add(signFactory.newTransform(Transform.XPATH,new XPathFilterParameterSpec("not(ancestor-or-self::node()[@soap:actor=\"urn:oasis:names:tc:ebxml-msg:service:nextMSH\"]|ancestor-or-self::node()[@soap:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"])",m)));
    transforms.add(signFactory.newTransform(CanonicalizationMethod.INCLUSIVE,(TransformParameterSpec)null));

    List<Reference> references = new ArrayList<Reference>();
    references.add(signFactory.newReference("",sha1DigestMethod,transforms,null,null));

    for (EbMSDataSource dataSource : dataSources)
        references.add(signFactory.newReference("cid:" + dataSource.getContentId(),sha1DigestMethod,Collections.emptyList(),null,null,DigestUtils.sha(IOUtils.toByteArray(dataSource.getInputStream()))));

    SignedInfo signedInfo = signFactory.newSignedInfo(signFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec)null),signFactory.newSignatureMethod(SignatureMethod.RSA_SHA1,null),references);

    List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();
    KeyInfoFactory keyInfoFactory = signFactory.getKeyInfoFactory();
    keyInfoElements.add(keyInfoFactory.newKeyValue(keyPair.getPublic()));

    Certificate[] certificates = keyStore.getCertificateChain(alias);
    //keyInfoElements.add(keyInfoFactory.newX509Data(Arrays.asList(certificates)));
    keyInfoElements.add(keyInfoFactory.newX509Data(Collections.singletonList(certificates[0])));

    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoElements);

    XMLSignature signature = signFactory.newXMLSignature(signedInfo,keyInfo);

    Element soapHeader = getFirstChildElement(document.getDocumentElement());
    DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),soapHeader);
    signContext.putNamespacePrefix(XMLSignature.XMLNS,"ds");
    signature.sign(signContext);
}

private void signRequest(Element requestElement, PrivateKey privateKey,
        X509Certificate certificate) throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {
    DOMSignContext domSignContext = new DOMSignContext(privateKey,
            requestElement, requestElement.getFirstChild());
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
            .getInstance("DOM");

    String requestId = requestElement.getAttribute("RequestID");
    requestElement.setIdAttribute("RequestID", true);

    List<Transform> transforms = new LinkedList<>();
    transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED,
            (TransformParameterSpec) null));
    transforms.add(xmlSignatureFactory.newTransform(
            CanonicalizationMethod.EXCLUSIVE,
            (C14NMethodParameterSpec) null));
    Reference reference = xmlSignatureFactory.newReference("#" + requestId,
            xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null),
            transforms, null, null);

    SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
            xmlSignatureFactory.newCanonicalizationMethod(
                    CanonicalizationMethod.EXCLUSIVE,
                    (C14NMethodParameterSpec) null), xmlSignatureFactory
                    .newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(reference));

    KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections
            .singletonList(keyInfoFactory.newX509Data(Collections
                    .singletonList(certificate))));

    XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
            signedInfo, keyInfo);
    xmlSignature.sign(domSignContext);
}

private void addSignature(Element parentElement)
        throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {
    DOMSignContext domSignContext = new DOMSignContext(
            this.sessionKey.getPrivate(), parentElement);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
            .getInstance("DOM");

    Reference reference = xmlSignatureFactory.newReference("#"
            + this.prototypeKeyBindingId, xmlSignatureFactory
            .newDigestMethod(DigestMethod.SHA1, null), Collections
            .singletonList(xmlSignatureFactory.newTransform(
                    CanonicalizationMethod.EXCLUSIVE,
                    (TransformParameterSpec) null)), null, null);

    SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
            xmlSignatureFactory.newCanonicalizationMethod(
                    CanonicalizationMethod.EXCLUSIVE,
                    (C14NMethodParameterSpec) null), xmlSignatureFactory
                    .newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(reference));

    XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
            signedInfo, null);
    xmlSignature.sign(domSignContext);
}

private void addSignature(Element parentElement)
        throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {
    DOMSignContext domSignContext = new DOMSignContext(
            this.sessionKey.getPrivate(), parentElement);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
            .getInstance("DOM");

    Reference reference = xmlSignatureFactory.newReference("#"
            + this.prototypeKeyBindingId, xmlSignatureFactory
            .newDigestMethod(DigestMethod.SHA1, null), Collections
            .singletonList(xmlSignatureFactory.newTransform(
                    CanonicalizationMethod.EXCLUSIVE,
                    (TransformParameterSpec) null)), null, null);

    SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
            xmlSignatureFactory.newCanonicalizationMethod(
                    CanonicalizationMethod.EXCLUSIVE,
                    (C14NMethodParameterSpec) null), xmlSignatureFactory
                    .newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(reference));

    XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
            signedInfo, null);
    xmlSignature.sign(domSignContext);
}

private void addSignature(Element parentElement)
        throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, MarshalException,
        XMLSignatureException {
    DOMSignContext domSignContext = new DOMSignContext(
            this.authnPrivateKey, parentElement);
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
            .getInstance("DOM");

    Reference reference = xmlSignatureFactory.newReference(
            this.referenceUri, xmlSignatureFactory.newDigestMethod(
                    DigestMethod.SHA1, null), Collections
                    .singletonList(xmlSignatureFactory.newTransform(
                            CanonicalizationMethod.EXCLUSIVE,
                            (TransformParameterSpec) null)), null, null);

    SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
            xmlSignatureFactory.newCanonicalizationMethod(
                    CanonicalizationMethod.EXCLUSIVE,
                    (C14NMethodParameterSpec) null), xmlSignatureFactory
                    .newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(reference));

    KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections
            .singletonList(keyInfoFactory.newX509Data(Collections
                    .singletonList(this.authnCertificate))));

    XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
            signedInfo, keyInfo);
    xmlSignature.sign(domSignContext);
}

public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException {
  // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
  //
  byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
  // load the document that's going to be signed
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 
  dbf.setNamespaceAware(true);
  DocumentBuilder builder = dbf.newDocumentBuilder();  
  Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 

  // create a key pair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair(); 

  // sign the document
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 

  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));

  KeyInfoFactory kif = fac.getKeyInfoFactory(); 
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature signature = fac.newXMLSignature(si, ki); 
  signature.sign(dsc);

  OutputStream os = System.out;
  new XmlGenerator().generate(doc.getDocumentElement(), os);
}

private static void sign(Document document, DigitalSignatureServiceSession session) throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {
    Key key = new SecretKeySpec(session.getKey(), "HMACSHA1");
    Node parentElement = document.getElementsByTagNameNS("urn:oasis:names:tc:dss:1.0:core:schema", "OptionalInputs")
            .item(0);
    DOMSignContext domSignContext = new DOMSignContext(key, parentElement);
    domSignContext.setDefaultNamespacePrefix("ds");
    // XMLDSigRI Websphere work-around
    XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    List<Transform> transforms = new LinkedList<Transform>();
    transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
    transforms.add(
            xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null));
    Reference reference = xmlSignatureFactory.newReference("",
            xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null);

    SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
            xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
                    (C14NMethodParameterSpec) null),
            xmlSignatureFactory.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),
            Collections.singletonList(reference));

    Element securityTokenReferenceElement = getSecurityTokenReference(session);

    KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
    DOMStructure securityTokenReferenceDOMStructure = new DOMStructure(securityTokenReferenceElement);
    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(securityTokenReferenceDOMStructure));

    XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
    xmlSignature.sign(domSignContext);
}

@Nonnull
@OverrideOnDemand
protected CanonicalizationMethod createCanonicalizationMethod (@Nonnull final XMLSignatureFactory aSignatureFactory) throws Exception
{
  return aSignatureFactory.newCanonicalizationMethod (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                                                      (C14NMethodParameterSpec) null);
}

static void validAllSignatureElementsArePresent(List<SignatureType> sigs) {
    Assert.assertNotNull(sigs);
    Assert.assertFalse(sigs.isEmpty());
    for (int i = 0; i < sigs.size(); i++) {
        Assert.assertFalse(sigs.get(i).getKeyInfo().getContent().isEmpty());
        for (int k = 0; k < sigs.get(i).getSignedInfo().getCanonicalizationMethod().getContent().size(); k++) {
            Assert.assertTrue(sigs.get(i).getSignedInfo().getCanonicalizationMethod().getContent().get(k).equals(CanonicalizationMethod.EXCLUSIVE));
        }
    }
}

private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception {
    Reference ref = initReference(fac);
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
            (C14NMethodParameterSpec) null),
            fac.newSignatureMethod(SignatureMethod.RSA_SHA1,
            null),
            Collections.singletonList(ref));
    return si;
}

/**
 * Sign the XML document using xmldsig.
 * @param document the document to sign; it will be modified by the method.
 * @param publicKey the public key from the key pair to sign the document.
 * @param privateKey the private key from the key pair to sign the document.
 * @return the signed document for chaining.
 */
public static Document sign(Document document, RSAPublicKey publicKey, RSAPrivateKey privateKey) {
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
    KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();

    try {
        Reference ref =fac.newReference(
                "",
                fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
                null,
                null);
        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
                                                                        (C14NMethodParameterSpec) null),
                                          fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                                          Collections.singletonList(ref));
        DOMSignContext dsc = new DOMSignContext(privateKey, document.getDocumentElement());
        KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey);
        KeyInfo ki = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue));
        XMLSignature signature = fac.newXMLSignature(si, ki);
        signature.sign(dsc);
    } catch (Exception e) {
        Logger.warn("Error while signing an XML document.", e);
    }

    return document;
}