@Test() public void select_publicKey_exception() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); KeyValue struct = mock(KeyValue.class); list.add(struct); doReturn(list).when(keyinfo).getContent(); doThrow(new KeyException("test")).when(struct).getPublicKey(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getCause().getMessage().contains("test")); } }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (!(obj instanceof KeyValue)) { return false; } try { KeyValue kv = (KeyValue)obj; if (publicKey == null ) { if (kv.getPublicKey() != null) { return false; } } else if (!publicKey.equals(kv.getPublicKey())) { return false; } } catch (KeyException ke) { // no practical way to determine if the keys are equal return false; } return true; }
static KeyValue unmarshal(Element kvElem) throws MarshalException { Element kvtElem = DOMUtils.getFirstChildElement(kvElem); if (kvtElem == null) { throw new MarshalException("KeyValue must contain at least one type"); } String namespace = kvtElem.getNamespaceURI(); if (kvtElem.getLocalName().equals("DSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) { return new DSA(kvtElem); } else if (kvtElem.getLocalName().equals("RSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) { return new RSA(kvtElem); } else if (kvtElem.getLocalName().equals("ECKeyValue") && XMLDSIG_11_XMLNS.equals(namespace)) { return new EC(kvtElem); } else { return new Unknown(kvtElem); } }
public boolean equals(Object obj) { if (this == obj) { return true; } if (!(obj instanceof KeyValue)) { return false; } try { KeyValue kv = (KeyValue) obj; if (publicKey == null ) { if (kv.getPublicKey() != null) { return false; } } else if (!publicKey.equals(kv.getPublicKey())) { return false; } } catch (KeyException ke) { // no practical way to determine if the keys are equal return false; } return true; }
/** * Sign SAML element. * * @param element the element * @param privKey the priv key * @param pubKey the pub key * @return the element */ private static org.jdom.Element signSamlElement(final org.jdom.Element element, final PrivateKey privKey, final PublicKey pubKey) { try { final String providerName = System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS); final XMLSignatureFactory sigFactory = XMLSignatureFactory .getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); final List<Transform> envelopedTransform = Collections.singletonList(sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); final Reference ref = sigFactory.newReference(StringUtils.EMPTY, sigFactory .newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null); // Create the SignatureMethod based on the type of key final SignatureMethod signatureMethod; final String algorithm = pubKey.getAlgorithm(); switch (algorithm) { case "DSA": signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null); break; case "RSA": signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); break; default: throw new RuntimeException("Error signing SAML element: Unsupported type of key"); } final CanonicalizationMethod canonicalizationMethod = sigFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); // Create the SignedInfo final SignedInfo signedInfo = sigFactory.newSignedInfo( canonicalizationMethod, signatureMethod, Collections.singletonList(ref)); // Create a KeyValue containing the DSA or RSA PublicKey final KeyInfoFactory keyInfoFactory = sigFactory.getKeyInfoFactory(); final KeyValue keyValuePair = keyInfoFactory.newKeyValue(pubKey); // Create a KeyInfo and add the KeyValue to it final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValuePair)); // Convert the JDOM document to w3c (Java XML signature API requires w3c representation) final Element w3cElement = toDom(element); // Create a DOMSignContext and specify the DSA/RSA PrivateKey and // location of the resulting XMLSignature's parent element final DOMSignContext dsc = new DOMSignContext(privKey, w3cElement); final Node xmlSigInsertionPoint = getXmlSignatureInsertLocation(w3cElement); dsc.setNextSibling(xmlSigInsertionPoint); // Marshal, generate (and sign) the enveloped signature final XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(dsc); return toJdom(w3cElement); } catch (final Exception e) { throw new RuntimeException("Error signing SAML element: " + e.getMessage(), e); } }
@Override public KeySelectorResult select ( final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context ) throws KeySelectorException { if ( keyInfo == null ) { throw new KeySelectorException ( "Null KeyInfo object!" ); } final SignatureMethod sm = (SignatureMethod)method; final List<?> list = keyInfo.getContent (); for ( int i = 0; i < list.size (); i++ ) { final XMLStructure xmlStructure = (XMLStructure)list.get ( i ); if ( xmlStructure instanceof KeyValue ) { try { final PublicKey pk = ( (KeyValue)xmlStructure ).getPublicKey (); // make sure algorithm is compatible with method if ( algEquals ( sm.getAlgorithm (), pk.getAlgorithm () ) ) { return new SimpleKeySelectorResult ( pk ); } } catch ( final KeyException ke ) { throw new KeySelectorException ( ke ); } } } throw new KeySelectorException ( "No KeyValue element found!" ); }
public Document sign(FileInputStream fileStream, KeyPair keyPair) throws ParserConfigurationException, SAXException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); DocumentBuilder builder = factory.newDocumentBuilder(); Document document = builder.parse(fileStream); DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); XMLSignatureFactory signFactory = XMLSignatureFactory .getInstance("DOM"); Reference ref = signFactory.newReference("", signFactory .newDigestMethod(digestMethod, null), Collections .singletonList(signFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = signFactory.newSignedInfo(signFactory .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), signFactory .newSignatureMethod(signatureMethod, null), Collections .singletonList(ref)); KeyInfoFactory kif = signFactory.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(keyPair.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = signFactory.newXMLSignature(si, ki); signature.sign(signContext); return document; }
@Override public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Null KeyInfo object!"); } @SuppressWarnings("unchecked") List<XMLStructure> list = keyInfo.getContent(); for (XMLStructure xmlStructure : list) { if (xmlStructure instanceof KeyValue) { PublicKey publicKey = null; try { publicKey = ((KeyValue) xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } if (algorithmCompatibleWithMethod( algorithmMethod.getAlgorithm(), publicKey.getAlgorithm())) { return new SimpleKeySelectorResult(publicKey); } } } throw new KeySelectorException("No RSA/DSA KeyValue element found"); }
static KeyValue unmarshal(Element kvElem) throws MarshalException { Element kvtElem = DOMUtils.getFirstChildElement(kvElem); if (kvtElem.getLocalName().equals("DSAKeyValue")) { return new DSA(kvtElem); } else if (kvtElem.getLocalName().equals("RSAKeyValue")) { return new RSA(kvtElem); } else if (kvtElem.getLocalName().equals("ECKeyValue")) { return new EC(kvtElem); } else { return new Unknown(kvtElem); } }
@Override public void marshalObject(XmlWriter xwriter, KeyValue toMarshal, String dsPrefix, XMLCryptoContext context) throws MarshalException { // Since DOMKeyValue allows for deserializing unrecognized keys, and that // capability isn't available via the KeyValue interface, this must continue // to cast to DOMKeyValue. DOMKeyValue<?> dkv = (DOMKeyValue<?>) toMarshal; dkv.marshal( xwriter, dsPrefix, context); }
public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Null KeyInfo object!"); } SignatureMethod sm = (SignatureMethod) method; @SuppressWarnings("rawtypes") List list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { XMLStructure xmlStructure = (XMLStructure) list.get(i); if (xmlStructure instanceof KeyValue) { PublicKey pk = null; try { pk = ((KeyValue) xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } // make sure algorithm is compatible with method if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) { return new SimpleKeySelectorResult(pk); } } } throw new KeySelectorException("No KeyValue element found!"); }
@Override public KeySelectorResult select(final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("null KeyInfo"); } List<?> list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { XMLStructure xmlStructure = (XMLStructure) list.get(i); PublicKey pk = null; if (xmlStructure instanceof KeyValue) { try { pk = ((KeyValue)xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } } else if (xmlStructure instanceof X509Data) { List<sun.security.x509.X509CertImpl> certs = ((X509Data)xmlStructure).getContent(); pk = certs.get(0).getPublicKey(); } else { log.error(xmlStructure + " not supported"); continue; } return new SimpleKeySelectorResult(pk); } throw new KeySelectorException("No supported KeyValue element found"); }
public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) throw new KeySelectorException("Null KeyInfo"); List<?> list = keyInfo.getContent(); PublicKey pk = null; for (int i = 0; i < list.size(); i++) { XMLStructure xmlStructure = (XMLStructure) list.get(i); if (xmlStructure instanceof KeyValue) { try { pk = ((KeyValue)xmlStructure).getPublicKey(); } catch(KeyException ke) { throw new KeySelectorException(ke.getMessage()); } break; } else if (xmlStructure instanceof X509Data) { X509Data x509data = (X509Data)xmlStructure; List<?> x509datalist = x509data.getContent(); for (int j = 0; j < x509datalist.size(); j++) { if (x509datalist.get(j) instanceof X509Certificate) { X509Certificate cert = (X509Certificate)x509datalist.get(j); pk = cert.getPublicKey(); break; } } } } if (pk != null) { final PublicKey retpk = pk; logger.debug("PublicKey from XML=" + pk); return new KeySelectorResult() {public Key getKey(){return retpk;}}; } throw new KeySelectorException("Missing KeyValue"); }
/** * Sign the XML document using xmldsig. * * @param document the document to sign; it will be modified by the method. * @param publicKey the public key from the key pair to sign the document. * @param privateKey the private key from the key pair to sign the document. * @return the signed document for chaining. */ public static Document sign(Document document, RSAPublicKey publicKey, RSAPrivateKey privateKey) { XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory(); try { Reference ref = fac.newReference( "", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList( fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); DOMSignContext dsc = new DOMSignContext(privateKey, document.getDocumentElement()); KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey); KeyInfo ki = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); } catch (Exception e) { logger.warn("Error while signing an XML document.", e); } return document; }
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException { // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html // byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes(); // load the document that's going to be signed DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(inputXml)); // create a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // sign the document DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); OutputStream os = System.out; new XmlGenerator().generate(doc.getDocumentElement(), os); }