/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, Certificate[] chain) throws DocumentException, GeneralSecurityException, IOException { signXmlDSig(sap, externalSignature, generateKeyInfo(chain, sap)); }
throws GeneralSecurityException, DocumentException, IOException { verifyArguments(sap, externalSignature); signatureMethod = SignatureMethod.DSA_SHA1; String contentReferenceId = SecurityConstants.Reference_ + getRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + getRandomId(); String signatureId = SecurityConstants.Signature_ + getRandomId(); XMLSignatureFactory fac = createSignatureFactory(); KeyInfo keyInfo = generateKeyInfo(chain, sap); String[] signaturePolicy = null; if (includeSignaturePolicy) { XMLObject xmlObject = generateXadesObject(fac, sap, signatureId, contentReferenceId, signedPropertiesId, signaturePolicy); Reference contentReference = generateContentReference(fac, sap, contentReferenceId); Reference signedPropertiesReference = generateCustomReference(fac, "#"+signedPropertiesId, SecurityConstants.SignedProperties_Type, null); fac.newSignatureMethod(signatureMethod, null), references, null); sign(fac, externalSignature, sap.getXmlLocator(), signedInfo, xmlObject, keyInfo, signatureId);
/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, KeyInfo keyInfo) throws GeneralSecurityException, IOException, DocumentException { verifyArguments(sap, externalSignature); XMLSignatureFactory fac = createSignatureFactory(); Reference reference = generateContentReference(fac, sap, null); String signatureMethod = null; if (externalSignature.getEncryptionAlgorithm().equals(SecurityConstants.RSA)) signatureMethod = SignatureMethod.RSA_SHA1; else if (externalSignature.getEncryptionAlgorithm().equals(SecurityConstants.DSA)) signatureMethod = SignatureMethod.DSA_SHA1; // Create the SignedInfo DOMSignedInfo signedInfo = (DOMSignedInfo)fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(signatureMethod, null), Collections.singletonList(reference)); //sign and update document with XmlLocator sign(fac, externalSignature, sap.getXmlLocator(), signedInfo, null, keyInfo, null); sap.close(); }
Element IssueSerial = doc.createElementNS(SecurityConstants.XADES_132_URI, SecurityConstants.XADES_IssuerSerial); Element X509IssuerName = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.X509IssuerName); X509IssuerName.appendChild(doc.createTextNode(getX509IssuerName((X509Certificate)cert))); IssueSerial.appendChild(X509IssuerName); Element X509SerialNumber = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.X509SerialNumber); X509SerialNumber.appendChild(doc.createTextNode(getX509SerialNumber((X509Certificate) cert))); IssueSerial.appendChild(X509SerialNumber); Cert.appendChild(IssueSerial); SigPolicyHash.appendChild(DigestMethod); DigestValue = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.DigestValue); byte[] policyIdContent = getByteArrayOfNode(SigPolicyId); DigestValue.appendChild(doc.createTextNode(Base64.encode(md.digest(policyIdContent)))); SigPolicyHash.appendChild(DigestValue);
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
throws GeneralSecurityException, DocumentException, IOException { verifyArguments(sap, externalSignature); signatureMethod = SignatureMethod.DSA_SHA1; String contentReferenceId = SecurityConstants.Reference_ + getRandomId(); String signedPropertiesId = SecurityConstants.SignedProperties_ + getRandomId(); String signatureId = SecurityConstants.Signature_ + getRandomId(); XMLSignatureFactory fac = createSignatureFactory(); KeyInfo keyInfo = generateKeyInfo(chain, sap); String[] signaturePolicy = null; if (includeSignaturePolicy) { XMLObject xmlObject = generateXadesObject(fac, sap, signatureId, contentReferenceId, signedPropertiesId, signaturePolicy); Reference contentReference = generateContentReference(fac, sap, contentReferenceId); Reference signedPropertiesReference = generateCustomReference(fac, "#"+signedPropertiesId, SecurityConstants.SignedProperties_Type, null); fac.newSignatureMethod(signatureMethod, null), references, null); sign(fac, externalSignature, sap.getXmlLocator(), signedInfo, xmlObject, keyInfo, signatureId);
/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param keyInfo KeyInfo for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, KeyInfo keyInfo) throws GeneralSecurityException, IOException, DocumentException { verifyArguments(sap, externalSignature); XMLSignatureFactory fac = createSignatureFactory(); Reference reference = generateContentReference(fac, sap, null); String signatureMethod = null; if (externalSignature.getEncryptionAlgorithm().equals(SecurityConstants.RSA)) signatureMethod = SignatureMethod.RSA_SHA1; else if (externalSignature.getEncryptionAlgorithm().equals(SecurityConstants.DSA)) signatureMethod = SignatureMethod.DSA_SHA1; // Create the SignedInfo DOMSignedInfo signedInfo = (DOMSignedInfo)fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(signatureMethod, null), Collections.singletonList(reference)); //sign and update document with XmlLocator sign(fac, externalSignature, sap.getXmlLocator(), signedInfo, null, keyInfo, null); sap.close(); }
Element IssueSerial = doc.createElementNS(SecurityConstants.XADES_132_URI, SecurityConstants.XADES_IssuerSerial); Element X509IssuerName = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.X509IssuerName); X509IssuerName.appendChild(doc.createTextNode(getX509IssuerName((X509Certificate)cert))); IssueSerial.appendChild(X509IssuerName); Element X509SerialNumber = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.X509SerialNumber); X509SerialNumber.appendChild(doc.createTextNode(getX509SerialNumber((X509Certificate) cert))); IssueSerial.appendChild(X509SerialNumber); Cert.appendChild(IssueSerial); SigPolicyHash.appendChild(DigestMethod); DigestValue = doc.createElementNS(SecurityConstants.XMLDSIG_URI, SecurityConstants.DigestValue); byte[] policyIdContent = getByteArrayOfNode(SigPolicyId); DigestValue.appendChild(doc.createTextNode(Base64.encode(md.digest(policyIdContent)))); SigPolicyHash.appendChild(DigestValue);
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param publicKey PublicKey for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, PublicKey publicKey) throws GeneralSecurityException, DocumentException, IOException { signXmlDSig(sap, externalSignature, generateKeyInfo(publicKey)); }
/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param publicKey PublicKey for verification * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, PublicKey publicKey) throws GeneralSecurityException, DocumentException, IOException { signXmlDSig(sap, externalSignature, generateKeyInfo(publicKey)); }
/** * Signs the xml with XmlDSig using the enveloped mode, with optional xpath transform (see XmlSignatureAppearance). * @param sap the XmlSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void signXmlDSig(XmlSignatureAppearance sap, ExternalSignature externalSignature, Certificate[] chain) throws DocumentException, GeneralSecurityException, IOException { signXmlDSig(sap, externalSignature, generateKeyInfo(chain, sap)); }