/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
if (!xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm() .equals(CanonicalizationMethod.INCLUSIVE)) { LOG.error("Invalid c18n method on OOXML Signature");
@Override public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof CanonicalizationMethod)) { return false; } CanonicalizationMethod ocm = (CanonicalizationMethod)o; return getAlgorithm().equals(ocm.getAlgorithm()) && DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()); }
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) { throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "badC14nAlgo");
Element c14nElem = XMLUtil.createElement (ownerDoc, "CanonicalizationMethod", XMLSignature.XMLNS, dsPrefix); c14nElem.setAttributeNS(null, "Algorithm", cm.getAlgorithm()); (C14NMethodParameterSpec) cm.getParameterSpec(); if (cs != null) { TransformService cmSpi = null; try { cmSpi = TransformService.getInstance( cm.getAlgorithm(),"DOM"); cmSpi.init(cs); cmSpi.marshalParams(new DOMStructure(c14nElem), context);
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) { throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "badC14nAlgo");
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) { bspEnforcer.handleBSPRule(BSPRule.R5404); xmlSignature.getSignedInfo().getCanonicalizationMethod().getParameterSpec(); if (parameterSpec != null && !(parameterSpec instanceof ExcC14NParameterSpec)) { bspEnforcer.handleBSPRule(BSPRule.R5404);
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); checkC14nAlgorithm(c14nMethod);
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); checkC14nAlgorithm(c14nMethod);
xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm(); checkC14nAlgorithm(c14nMethod);
featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm()); Iterator itr = referencesList.iterator(); while(itr.hasNext()){
public void constructSignaturePolicy(SignedInfo signedInfo, boolean isBSP,SignaturePolicy policy){ List referencesList = signedInfo.getReferences(); //SignatureMethod sm = signedInfo.getSignatureMethod(); CanonicalizationMethod cm = signedInfo.getCanonicalizationMethod(); policy.isBSP(isBSP); SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding )policy.getFeatureBinding(); featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm()); Iterator itr = referencesList.iterator(); while(itr.hasNext()){ Reference ref = (Reference) itr.next(); SignatureTarget.Transform transform = getSignatureTransform(ref); SignatureTarget target = new SignatureTarget(); target.isBSP(isBSP); if(transform != null){ target.addTransform(transform); } target.setDigestAlgorithm(ref.getDigestMethod().getAlgorithm()); if(ref.getURI().length() >0){ target.setValue(SecurableSoapMessage.getIdFromFragmentRef(ref.getURI())); }else{ target.setValue(ref.getURI()); } target.setType(SignatureTarget.TARGET_TYPE_VALUE_URI); featureBinding.addTargetBinding(target); } }
verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, data, wsDocInfo); byte[] signatureValue = xmlSignature.getSignatureValue().getValue(); String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, data, wsDocInfo); byte[] signatureValue = xmlSignature.getSignatureValue().getValue(); String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, data, data.getWsDocInfo()); byte[] signatureValue = xmlSignature.getSignatureValue().getValue(); String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();