private List<AlgorithmMethod> getTransformsXsltXpath() { try { AlgorithmMethod transformXslt = XmlSignatureHelper.getXslTransform("/org/apache/camel/component/xmlsecurity/xslt_test.xsl"); Map<String, String> namespaceMap = new HashMap<String, String>(1); namespaceMap.put("n0", "https://org.apache/camel/xmlsecurity/test"); AlgorithmMethod transformXpath = XmlSignatureHelper.getXPathTransform("//n0:XMLSecurity/n0:Content", namespaceMap); // I removed base 64 transform because the JDK implementation does // not correctly support this transformation // AlgorithmMethod transformBase64 = helper.getBase64Transform(); List<AlgorithmMethod> result = new ArrayList<AlgorithmMethod>(3); result.add(XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE)); result.add(transformXslt); result.add(transformXpath); // result.add(transformBase64); return result; } catch (Exception e) { throw new IllegalStateException(e); } }
@Override public Output get(Input input) throws Exception { Transform transform = input.getSignatureFactory().newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); Reference ref = input.getSignatureFactory().newReference("#propertiesObject", input.getSignatureFactory().newDigestMethod(input.getContentDigestAlgorithm(), null), Collections.singletonList(transform), null, null); String doc2 = "<ts:timestamp xmlns:ts=\"http:/timestamp\">" + System.currentTimeMillis() + "</ts:timestamp>"; InputStream is = new ByteArrayInputStream(doc2.getBytes("UTF-8")); Document doc = XmlSignatureHelper.newDocumentBuilder(Boolean.TRUE).parse(is); DOMStructure structure = new DOMStructure(doc.getDocumentElement()); SignatureProperty prop = input.getSignatureFactory().newSignatureProperty(Collections.singletonList(structure), input.getSignatureId(), "property"); SignatureProperties properties = input.getSignatureFactory().newSignatureProperties(Collections.singletonList(prop), "properties"); XMLObject propertiesObject = input.getSignatureFactory().newXMLObject(Collections.singletonList(properties), "propertiesObject", null, null); XmlSignatureProperties.Output result = new Output(); result.setReferences(Collections.singletonList(ref)); result.setObjects(Collections.singletonList(propertiesObject)); return result; }
@Override protected DSSReference createReference(DSSDocument document, int referenceIndex) { // <ds:Reference Id="signed-data-ref" Type="http://www.w3.org/2000/09/xmldsig#Object" // URI="#signed-data-idfc5ff27ee49763d9ba88ba5bbc49f732"> final DSSReference reference = new DSSReference(); reference.setId("r-id-" + referenceIndex); reference.setContents(document); reference.setDigestMethodAlgorithm(params.getDigestAlgorithm()); if (params.isManifestSignature()) { reference.setType(HTTP_WWW_W3_ORG_2000_09_XMLDSIG_MANIFEST); reference.setUri("#" + ((params.getManifestId() == null) ? "manifest" : params.getManifestId())); DSSTransform xmlTransform = new DSSTransform(); xmlTransform.setAlgorithm(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS); reference.setTransforms(Arrays.asList(xmlTransform)); } else { reference.setType(HTTP_WWW_W3_ORG_2000_09_XMLDSIG_OBJECT); reference.setUri("#o-id-" + referenceIndex); DSSTransform base64Transform = new DSSTransform(); base64Transform.setAlgorithm(CanonicalizationMethod.BASE64); reference.setTransforms(Arrays.asList(base64Transform)); } return reference; }
@Before public void init() throws Exception { documentToSign = new FileDocument(new File("src/test/resources/sample.xml")); signatureParameters = new XAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); // Will add the signature within the tr tag signatureParameters.setXPathLocationString("//*[local-name() = 'tr']"); service = new XAdESService(getCompleteCertificateVerifier()); }
private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception { Reference ref = initReference(fac); String cm = null; cm = map.getProperty(CANONICALIZATIONMETHOD); String sigmethod = null; sigmethod = map.getProperty(SIGNATURE_METHOD); if (sigmethod == null) { sigmethod = SignatureMethod.RSA_SHA1; } if (cm == null) { cm = CanonicalizationMethod.EXCLUSIVE; } SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod( cm, (C14NMethodParameterSpec) null), fac.newSignatureMethod(sigmethod, null), Collections.singletonList(ref)); return si; }
public XmlSignatureHandler() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { this.builderFactory = DocumentBuilderFactory.newInstance(); this.builderFactory.setNamespaceAware(true); this.transformerFactory = TransformerFactory.newInstance(); this.signatureFactory = XMLSignatureFactory.getInstance("DOM"); this.digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); this.transformList = new ArrayList<Transform>(2); this.transformList.add( signatureFactory.newTransform( Transform.ENVELOPED, (TransformParameterSpec) null)); this.transformList.add( signatureFactory.newTransform( "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (TransformParameterSpec) null)); this.canonicalizationMethod = this.signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null); this.signatureMethod = this.signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); this.keyInfoFactory = this.signatureFactory.getKeyInfoFactory(); }
/** * Sign SAML element. * * @param element the element * @param privKey the priv key * @param pubKey the pub key * @return the element */ private static org.jdom.Element signSamlElement(final org.jdom.Element element, final PrivateKey privKey, final PublicKey pubKey) { try { final String providerName = System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS); final XMLSignatureFactory sigFactory = XMLSignatureFactory .getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); final List<Transform> envelopedTransform = Collections.singletonList(sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); final Reference ref = sigFactory.newReference(StringUtils.EMPTY, sigFactory .newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null); // Create the SignatureMethod based on the type of key final SignatureMethod signatureMethod; final String algorithm = pubKey.getAlgorithm(); switch (algorithm) { case "DSA": signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null); break; case "RSA": signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); break; default: throw new RuntimeException("Error signing SAML element: Unsupported type of key"); } final CanonicalizationMethod canonicalizationMethod = sigFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); // Create the SignedInfo final SignedInfo signedInfo = sigFactory.newSignedInfo( canonicalizationMethod, signatureMethod, Collections.singletonList(ref)); // Create a KeyValue containing the DSA or RSA PublicKey final KeyInfoFactory keyInfoFactory = sigFactory.getKeyInfoFactory(); final KeyValue keyValuePair = keyInfoFactory.newKeyValue(pubKey); // Create a KeyInfo and add the KeyValue to it final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValuePair)); // Convert the JDOM document to w3c (Java XML signature API requires w3c representation) final Element w3cElement = toDom(element); // Create a DOMSignContext and specify the DSA/RSA PrivateKey and // location of the resulting XMLSignature's parent element final DOMSignContext dsc = new DOMSignContext(privKey, w3cElement); final Node xmlSigInsertionPoint = getXmlSignatureInsertLocation(w3cElement); dsc.setNextSibling(xmlSigInsertionPoint); // Marshal, generate (and sign) the enveloped signature final XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(dsc); return toJdom(w3cElement); } catch (final Exception e) { throw new RuntimeException("Error signing SAML element: " + e.getMessage(), e); } }
public RequestSigner ( final Configuration configuration ) throws Exception { this.fac = XMLSignatureFactory.getInstance ( "DOM" ); this.md = this.fac.newDigestMethod ( configuration.getDigestMethod (), null ); this.kif = this.fac.getKeyInfoFactory (); this.t = this.fac.newTransform ( Transform.ENVELOPED, (TransformParameterSpec)null ); this.ref = this.fac.newReference ( "", this.md, Collections.singletonList ( this.t ), null, null ); this.cm = this.fac.newCanonicalizationMethod ( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null ); }
public Document sign(FileInputStream fileStream, KeyPair keyPair) throws ParserConfigurationException, SAXException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); DocumentBuilder builder = factory.newDocumentBuilder(); Document document = builder.parse(fileStream); DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); XMLSignatureFactory signFactory = XMLSignatureFactory .getInstance("DOM"); Reference ref = signFactory.newReference("", signFactory .newDigestMethod(digestMethod, null), Collections .singletonList(signFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = signFactory.newSignedInfo(signFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), signFactory .newSignatureMethod(signatureMethod, null), Collections .singletonList(ref)); KeyInfoFactory kif = signFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(keyPair.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = signFactory.newXMLSignature(si, ki); signature.sign(signContext); return document; }
public HMACSignatureAlgorithmTest() throws Exception { // // If the BouncyCastle provider is not installed, then try to load it // via reflection. // if (Security.getProvider("BC") == null) { Constructor<?> cons = null; try { Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); cons = c.getConstructor(new Class[] {}); } catch (Exception e) { //ignore } if (cons != null) { Provider provider = (Provider)cons.newInstance(); Security.insertProviderAt(provider, 2); bcInstalled = true; } } db = XMLUtils.createDocumentBuilder(false); // create common objects fac = XMLSignatureFactory.getInstance("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI()); withoutComments = fac.newCanonicalizationMethod (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null); // Digest Methods sha1 = fac.newDigestMethod(DigestMethod.SHA1, null); hmacSha1 = fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#hmac-sha1", null); hmacSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha224", null); hmacSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null); hmacSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null); hmacSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null); ripemd160 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160", null); sks = new KeySelectors.SecretKeySelector("testkey".getBytes("ASCII")); }
public void dsig() throws Exception { XMLSignatureFactory fac = XMLSignatureFactory.getInstance ("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI()); long start = System.currentTimeMillis(); for (int i = 0; i < 100; i++) { fac.newCanonicalizationMethod (CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); } long end = System.currentTimeMillis(); long elapsed = end - start; if (log.isDebugEnabled()) { log.debug("Elapsed: " + elapsed); log.debug("dsig succeeded"); } }
public String assinarDocumento(final String conteudoXml) throws Exception { final KeyStore keyStore = KeyStore.getInstance("PKCS12"); try (InputStream certificadoStream = new ByteArrayInputStream(this.config.getCertificado())) { keyStore.load(certificadoStream, this.config.getCertificadoSenha().toCharArray()); } final KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyStore.aliases().nextElement(), new KeyStore.PasswordProtection(this.config.getCertificadoSenha().toCharArray())); final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); final List<Transform> transforms = new ArrayList<>(2); transforms.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add(signatureFactory.newTransform(AssinaturaDigital.C14N_TRANSFORM_METHOD, (TransformParameterSpec) null)); final KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory(); final X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList((X509Certificate) keyEntry.getCertificate())); final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data)); final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); try (StringReader stringReader = new StringReader(conteudoXml)) { final Document document = documentBuilderFactory.newDocumentBuilder().parse(new InputSource(stringReader)); for (final String elementoAssinavel : AssinaturaDigital.ELEMENTOS_ASSINAVEIS) { final NodeList elements = document.getElementsByTagName(elementoAssinavel); for (int i = 0; i < elements.getLength(); i++) { final Element element = (Element) elements.item(i); final String id = element.getAttribute("Id"); element.setIdAttribute("Id", true); final Reference reference = signatureFactory.newReference("#" + id, signatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null); final SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); final XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(new DOMSignContext(keyEntry.getPrivateKey(), element.getParentNode())); } } return this.converteDocumentParaXml(document); } }
protected Reference createKeyInfoReference(XMLSignatureFactory fac, String keyInfoId, String digestAlgorithm) throws Exception { //NOPMD if (keyInfoId == null) { return null; } if (getConfiguration().getAddKeyInfoReference() == null) { return null; } if (!getConfiguration().getAddKeyInfoReference()) { return null; } LOG.debug("Creating reference to key info element with Id: {}", keyInfoId); List<Transform> transforms = new ArrayList<Transform>(1); Transform transform = fac.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null); transforms.add(transform); return fac.newReference("#" + keyInfoId, fac.newDigestMethod(digestAlgorithm, null), transforms, null, null); }
private List<AlgorithmMethod> getTransformsXPath2() { List<XPathAndFilter> list = new ArrayList<XPathAndFilter>(3); XPathAndFilter xpath1 = new XPathAndFilter("//n0:ToBeSigned", XPathType.Filter.INTERSECT.toString()); list.add(xpath1); XPathAndFilter xpath2 = new XPathAndFilter("//n0:NotToBeSigned", XPathType.Filter.SUBTRACT.toString()); list.add(xpath2); XPathAndFilter xpath3 = new XPathAndFilter("//n0:ReallyToBeSigned", XPathType.Filter.UNION.toString()); list.add(xpath3); List<AlgorithmMethod> result = new ArrayList<AlgorithmMethod>(2); result.add(XmlSignatureHelper.getCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE)); result.add(XmlSignatureHelper.getXPath2Transform(list, getNamespaceMap())); return result; }
public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<X509Certificate> signingCertificateChain, List<Reference> references, List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { DigestMethod digestMethod = signatureFactory.newDigestMethod(this.digestAlgo.getXmlAlgoId(), null); List<Transform> transforms = new LinkedList<Transform>(); Map<String, String> xpathNamespaceMap = new HashMap<String, String>(); xpathNamespaceMap.put("ds", "http://www.w3.org/2000/09/xmldsig#"); // XPath v1 - slow... // Transform envelopedTransform = signatureFactory.newTransform( // CanonicalizationMethod.XPATH, new XPathFilterParameterSpec( // "not(ancestor-or-self::ds:Signature)", // xpathNamespaceMap)); // XPath v2 - fast... List<XPathType> types = new ArrayList<XPathType>(1); types.add(new XPathType("/descendant::*[name()='ds:Signature']", XPathType.Filter.SUBTRACT, xpathNamespaceMap)); Transform envelopedTransform = signatureFactory.newTransform(CanonicalizationMethod.XPATH2, new XPathFilter2ParameterSpec(types)); transforms.add(envelopedTransform); Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); transforms.add(exclusiveTransform); Reference reference = signatureFactory.newReference("", digestMethod, transforms, null, this.dsReferenceId); references.add(reference); }
public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<X509Certificate> signingCertificateChain, List<Reference> references, List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { DigestMethod digestMethod = signatureFactory.newDigestMethod(this.digestAlgo.getXmlAlgoId(), null); List<Transform> transforms = new LinkedList<Transform>(); Transform envelopedTransform = signatureFactory.newTransform(CanonicalizationMethod.ENVELOPED, (TransformParameterSpec) null); transforms.add(envelopedTransform); Transform exclusiveTransform = signatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); transforms.add(exclusiveTransform); Reference reference = signatureFactory.newReference("", digestMethod, transforms, null, null); references.add(reference); }
@Test public void testJsr105ReferenceUri() throws Exception { String uri = FilenameUtils.getName(new File("foo bar.txt").toURI().toURL().getFile()); KeyPair keyPair = generateKeyPair(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document); byte[] externalDocument = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(externalDocument); byte[] documentDigestValue = messageDigest.digest(); DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null); Reference reference = signatureFactory.newReference(uri, digestMethod, null, null, null, documentDigestValue); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); javax.xml.crypto.dsig.SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); xmlSignature.sign(signContext); }
protected byte[][] getWrapperTags() throws Exception { String ns = myThreadSafeData.getWrapperNS(), prefix = myThreadSafeData.getWrapperPrefix(), xsi = null, xsiSchemaLoc = null; boolean isXsi = myThreadSafeData.isWrapperXsi(), isXsiSchemaLoc = myThreadSafeData.isWrapperXsiSchemaLoc(); if (isXsi) { xsi = myThreadSafeData.getWrapperXsi(); if (isXsiSchemaLoc) xsiSchemaLoc = myThreadSafeData.getWrapperXsiSchemaLoc(); } if ("".equals(ns) && !"".equals(prefix)) throw new Exception("non-empty wrapperPrefix not allower for empty wrapperNS"); byte[][] tags = new byte[2][]; String startTag, endTag; Canonicalizer canonicalizer = Canonicalizer.getInstance(CanonicalizationMethod.INCLUSIVE); if ("".equals(prefix)) { //<Wrapper xmlns="urn:xmpp:xml-element" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:xmpp:xml-element FATCA-IDES-FileWrapper-1.1.xsd"> startTag = "<Wrapper xmlns=\"" + ns + "\"" + (xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">"; endTag = "</Wrapper>"; } else { //<xyz:Wrapper xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xyz="urn:xmpp:xml-element" xsi:schemaLocation="urn:xmpp:xml-element FATCA-IDES-FileWrapper-1.1.xsd"> startTag = "<" + prefix + ":Wrapper xmlns" + ":" + prefix + "=\"" + ns + "\"" + (xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">"; endTag = "</" + prefix + ":Wrapper>"; } startTag = new String(canonicalizer.canonicalize((startTag + endTag).getBytes())); startTag = startTag.replaceFirst(endTag, ""); tags[0] = startTag.getBytes(); tags[1] = endTag.getBytes(); return tags; }
protected String getCanonicalizationMethod(SigXmlTransform sigXmlTransform) { switch(sigXmlTransform) { case InclusiveWithComments: return CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS; case Exclusive: return CanonicalizationMethod.EXCLUSIVE; case ExclusiveWithComments: return CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; case Inclusive: case None: default: return CanonicalizationMethod.INCLUSIVE; } }
private Element signSignature(String id, Element env, KeyInfoFactory keyInfoFactory, X509Credential credential) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { if (endorsingToken == null) return env; NodeList nl = env.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); for (int i = 0; i < nl.getLength(); i++) { Element e = (Element) nl.item(i); if (e.hasAttributeNS(null, "Id")) { e.setAttributeNS(WSSecurityConstants.WSU_NS, "Id", e.getAttribute("Id")); e.setIdAttributeNS(WSSecurityConstants.WSU_NS, "Id", true); } } env = SAMLUtil.loadElementFromString(XMLHelper.nodeToString(env)); DigestMethod digestMethod = xsf.newDigestMethod(DigestMethod.SHA1, null); List<Transform> transforms = new ArrayList<Transform>(2); transforms.add(xsf.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#",new ExcC14NParameterSpec(Collections.singletonList("xsd")))); List<Reference> refs = new ArrayList<Reference>(); Reference r = xsf.newReference("#"+id, digestMethod, transforms, null, null); refs.add(r); CanonicalizationMethod canonicalizationMethod = xsf.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); SignatureMethod signatureMethod = xsf.newSignatureMethod(SignatureMethod.RSA_SHA1, null); SignedInfo signedInfo = xsf.newSignedInfo(canonicalizationMethod, signatureMethod, refs); KeyInfo ki = generateKeyInfo(credential, keyInfoFactory, false); XMLSignature signature = xsf.newXMLSignature(signedInfo, ki); Node security = env.getElementsByTagNameNS(WSSecurityConstants.WSSE_NS, "Security").item(0); DOMSignContext signContext = new DOMSignContext(credential.getPrivateKey(), security); signContext.putNamespacePrefix(SAMLConstants.XMLSIG_NS, SAMLConstants.XMLSIG_PREFIX); signContext.putNamespacePrefix(SAMLConstants.XMLENC_NS, SAMLConstants.XMLENC_PREFIX); signature.sign(signContext); return env; }
@Override protected DSSReference createReference(DSSDocument document, int referenceIndex) { DSSReference dssReference = new DSSReference(); dssReference.setId("r-id-" + referenceIndex); dssReference.setUri(""); dssReference.setContents(document); dssReference.setDigestMethodAlgorithm(params.getDigestAlgorithm()); final List<DSSTransform> dssTransformList = new ArrayList<DSSTransform>(); // For parallel signatures DSSTransform dssTransform = new DSSTransform(); dssTransform.setAlgorithm(Transforms.TRANSFORM_XPATH); dssTransform.setElementName(DS_XPATH); dssTransform.setNamespace(XMLSignature.XMLNS); dssTransform.setTextContent(NOT_ANCESTOR_OR_SELF_DS_SIGNATURE); dssTransformList.add(dssTransform); // Canonicalization is the last operation, its better to operate the canonicalization on the smaller document dssTransform = new DSSTransform(); dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE); dssTransformList.add(dssTransform); dssReference.setTransforms(dssTransformList); return dssReference; }
@Before public void init() throws Exception { documentToSign = new FileDocument(new File("src/test/resources/sample.xml")); signatureParameters = new XAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); service = new XAdESService(getCompleteCertificateVerifier()); }
@Before public void init() throws Exception { documentToSign = new FileDocument(new File("src/test/resources/sample.xml")); signatureParameters = new XAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); service = new XAdESService(getCompleteCertificateVerifier()); final List<DSSReference> references = new ArrayList<DSSReference>(); DSSReference dssReference = new DSSReference(); dssReference.setId("xml_ref_id"); dssReference.setUri(""); dssReference.setContents(documentToSign); dssReference.setDigestMethodAlgorithm(signatureParameters.getDigestAlgorithm()); final List<DSSTransform> transforms = new ArrayList<DSSTransform>(); DSSTransform dssTransform = new DSSTransform(); dssTransform.setAlgorithm(CanonicalizationMethod.ENVELOPED); transforms.add(dssTransform); dssTransform = new DSSTransform(); dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE); transforms.add(dssTransform); dssReference.setTransforms(transforms); references.add(dssReference); signatureParameters.setReferences(references); }
@Before public void init() throws Exception { documentToSign = new FileDocument(new File("src/test/resources/sample.xml")); signatureParameters = new XAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.DETACHED); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); service = new XAdESService(getCompleteCertificateVerifier()); }
@Before public void init() throws Exception { documentToSign = new FileDocument(new File("src/test/resources/sample.xml")); signatureParameters = new XAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); service = new XAdESService(getCompleteCertificateVerifier()); }
@Before public void init() throws Exception { documentToSign = new InMemoryDocument("Hello World !".getBytes(), "test.text"); signatureParameters = new ASiCWithXAdESSignatureParameters(); signatureParameters.bLevel().setSigningDate(new Date()); signatureParameters.setSigningCertificate(getSigningCert()); signatureParameters.setCertificateChain(getCertificateChain()); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE); signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E); service = new ASiCWithXAdESService(getCompleteCertificateVerifier()); }
public <T extends Node> T sign(T node) { checkNotNull(node); checkArgument(node instanceof Document || node instanceof Element); try { Element element = node instanceof Document ? ((Document) node).getDocumentElement() : (Element) node; DOMSignContext dsc = new DOMSignContext(privateKey, element); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); List<Transform> transformList = new LinkedList<>(); transformList.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transformList.add(signatureFactory.newTransform(C14N_TRANSFORM_METHOD, (TransformParameterSpec) null)); Node child = findFirstElementChild(element); ((Element) child).setIdAttribute("Id", true); String id = child.getAttributes().getNamedItem("Id").getNodeValue(); String uri = String.format("#%s", id); Reference reference = signatureFactory.newReference(uri, signatureFactory.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null); SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); KeyInfoFactory kif = signatureFactory.getKeyInfoFactory(); X509Data x509Data = kif.newX509Data(Collections.singletonList(certificateChain[0])); KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(x509Data)); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(dsc); return node; } catch (Exception ex) { throw new IllegalArgumentException("Erro ao assinar XML.", ex); } }
private void sign(KeyStore keyStore, KeyPair keyPair, String alias, Document document, List<EbMSDataSource> dataSources) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, KeyException, MarshalException, XMLSignatureException, KeyStoreException { //XMLSignatureFactory signFactory = XMLSignatureFactory.getInstance("DOM"); XMLSignatureFactory signFactory = XMLSignatureFactory.getInstance(); DigestMethod sha1DigestMethod = signFactory.newDigestMethod(DigestMethod.SHA1,null); List<Transform> transforms = new ArrayList<Transform>(); transforms.add(signFactory.newTransform(Transform.ENVELOPED,(TransformParameterSpec)null)); Map<String,String> m = new HashMap<String,String>(); m.put("soap","http://schemas.xmlsoap.org/soap/envelope/"); transforms.add(signFactory.newTransform(Transform.XPATH,new XPathFilterParameterSpec("not(ancestor-or-self::node()[@soap:actor=\"urn:oasis:names:tc:ebxml-msg:service:nextMSH\"]|ancestor-or-self::node()[@soap:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"])",m))); transforms.add(signFactory.newTransform(CanonicalizationMethod.INCLUSIVE,(TransformParameterSpec)null)); List<Reference> references = new ArrayList<Reference>(); references.add(signFactory.newReference("",sha1DigestMethod,transforms,null,null)); for (EbMSDataSource dataSource : dataSources) references.add(signFactory.newReference("cid:" + dataSource.getContentId(),sha1DigestMethod,Collections.emptyList(),null,null,DigestUtils.sha(IOUtils.toByteArray(dataSource.getInputStream())))); SignedInfo signedInfo = signFactory.newSignedInfo(signFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec)null),signFactory.newSignatureMethod(SignatureMethod.RSA_SHA1,null),references); List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>(); KeyInfoFactory keyInfoFactory = signFactory.getKeyInfoFactory(); keyInfoElements.add(keyInfoFactory.newKeyValue(keyPair.getPublic())); Certificate[] certificates = keyStore.getCertificateChain(alias); //keyInfoElements.add(keyInfoFactory.newX509Data(Arrays.asList(certificates))); keyInfoElements.add(keyInfoFactory.newX509Data(Collections.singletonList(certificates[0]))); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoElements); XMLSignature signature = signFactory.newXMLSignature(signedInfo,keyInfo); Element soapHeader = getFirstChildElement(document.getDocumentElement()); DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),soapHeader); signContext.putNamespacePrefix(XMLSignature.XMLNS,"ds"); signature.sign(signContext); }
private void signRequest(Element requestElement, PrivateKey privateKey, X509Certificate certificate) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); String requestId = requestElement.getAttribute("RequestID"); requestElement.setIdAttribute("RequestID", true); List<Transform> transforms = new LinkedList<>(); transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections .singletonList(keyInfoFactory.newX509Data(Collections .singletonList(certificate)))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature( signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
private void addSignature(Element parentElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext( this.sessionKey.getPrivate(), parentElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); Reference reference = xmlSignatureFactory.newReference("#" + this.prototypeKeyBindingId, xmlSignatureFactory .newDigestMethod(DigestMethod.SHA1, null), Collections .singletonList(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature( signedInfo, null); xmlSignature.sign(domSignContext); }
private void addSignature(Element parentElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext( this.authnPrivateKey, parentElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); Reference reference = xmlSignatureFactory.newReference( this.referenceUri, xmlSignatureFactory.newDigestMethod( DigestMethod.SHA1, null), Collections .singletonList(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections .singletonList(keyInfoFactory.newX509Data(Collections .singletonList(this.authnCertificate)))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature( signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // create a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // sign the document DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = System.out; new XmlGenerator().generate(doc.getDocumentElement(), os); }
private static void sign(Document document, DigitalSignatureServiceSession session) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { Key key = new SecretKeySpec(session.getKey(), "HMACSHA1"); Node parentElement = document.getElementsByTagNameNS("urn:oasis:names:tc:dss:1.0:core:schema", "OptionalInputs") .item(0); DOMSignContext domSignContext = new DOMSignContext(key, parentElement); domSignContext.setDefaultNamespacePrefix("ds"); // XMLDSigRI Websphere work-around XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); List<Transform> transforms = new LinkedList<Transform>(); transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add( xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null)); Reference reference = xmlSignatureFactory.newReference("", xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory.newSignatureMethod(SignatureMethod.HMAC_SHA1, null), Collections.singletonList(reference)); Element securityTokenReferenceElement = getSecurityTokenReference(session); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); DOMStructure securityTokenReferenceDOMStructure = new DOMStructure(securityTokenReferenceElement); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(securityTokenReferenceDOMStructure)); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo); xmlSignature.sign(domSignContext); }
@Nonnull @OverrideOnDemand protected CanonicalizationMethod createCanonicalizationMethod (@Nonnull final XMLSignatureFactory aSignatureFactory) throws Exception { return aSignatureFactory.newCanonicalizationMethod (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); }
static void validAllSignatureElementsArePresent(List<SignatureType> sigs) { Assert.assertNotNull(sigs); Assert.assertFalse(sigs.isEmpty()); for (int i = 0; i < sigs.size(); i++) { Assert.assertFalse(sigs.get(i).getKeyInfo().getContent().isEmpty()); for (int k = 0; k < sigs.get(i).getSignedInfo().getCanonicalizationMethod().getContent().size(); k++) { Assert.assertTrue(sigs.get(i).getSignedInfo().getCanonicalizationMethod().getContent().get(k).equals(CanonicalizationMethod.EXCLUSIVE)); } } }
private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception { Reference ref = initReference(fac); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); return si; }
/** * Sign the XML document using xmldsig. * @param document the document to sign; it will be modified by the method. * @param publicKey the public key from the key pair to sign the document. * @param privateKey the private key from the key pair to sign the document. * @return the signed document for chaining. */ public static Document sign(Document document, RSAPublicKey publicKey, RSAPrivateKey privateKey) { XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory(); try { Reference ref =fac.newReference( "", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); DOMSignContext dsc = new DOMSignContext(privateKey, document.getDocumentElement()); KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey); KeyInfo ki = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); } catch (Exception e) { Logger.warn("Error while signing an XML document.", e); } return document; }