DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(pub); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); new XmlGenerator().generate(doc.getDocumentElement(), os);
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream()); NodeList nl = (NodeList)xpath.compile("//*[@Id]").evaluate(doc, XPathConstants.NODESET); final int length = nl.getLength(); for (int i=0; i<length; i++) { ((Element)nl.item(i)).setIdAttribute("Id", true); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc); domValidateContext.setProperty(XMLSEC_VALIDATE_MANIFEST, Boolean.TRUE); domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer()); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean valid = xmlSignature.validate(domValidateContext);
public static Reference newReference( String uri , List<Transform> transforms , String type , String id , byte digestValue[] , SignatureConfig signatureConfig) throws XMLSignatureException { // the references appear in the package signature or the package object // so we can use the default digest algorithm String digestMethodUri = signatureConfig.getDigestMethodUri(); XMLSignatureFactory sigFac = signatureConfig.getSignatureFactory(); DigestMethod digestMethod; try { digestMethod = sigFac.newDigestMethod(digestMethodUri, null); } catch (GeneralSecurityException e) { throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e); } Reference reference; if (digestValue == null) { reference = sigFac.newReference(uri, digestMethod, transforms, type, id); } else { reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue); } return reference; } }
signatureConfig.init(false); final Document document = (Document)xmlSignContext.getParent(); xmlSignContext.setURIDereferencer(uriDereferencer); xmlSignContext.putNamespacePrefix(me.getKey(), me.getValue()); xmlSignContext.setDefaultNamespacePrefix(""); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod (signatureConfig.getSignatureMethodUri(), null); CanonicalizationMethod canonicalizationMethod = signatureFactory .newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(), (C14NMethodParameterSpec) null); signedInfo = signatureFactory.newSignedInfo( canonicalizationMethod, signatureMethod, references); } catch (GeneralSecurityException e) { .newXMLSignature(signedInfo, null, objects, signatureConfig.getPackageSignatureId(), signatureValueId); xmlSignature.sign(xmlSignContext);
/** * Check the xmldsig signature of the XML document. * * @param document * the document to test * @param publicKey * the public key corresponding to the key pair the document was signed with * @return true if a correct signature is present, false otherwise */ public static boolean validSignature(Document document, Key publicKey) { Node signatureNode = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").item(0); KeySelector keySelector = KeySelector.singletonKeySelector(publicKey); try { String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); DOMValidateContext valContext = new DOMValidateContext(keySelector, signatureNode); XMLSignature signature = fac.unmarshalXMLSignature(valContext); return signature.validate(valContext); } catch (Exception e) { Logger.warn("Error validating an XML signature.", e); return false; } }
final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.config.getCertificadoSenha().toCharArray()); final KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) config.getCertificadoKeyStore().getEntry(certificateAlias, passwordProtection); final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); final List<Transform> transforms = new ArrayList<>(2); transforms.add(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add(signatureFactory.newTransform(AssinaturaDigital.C14N_TRANSFORM_METHOD, (TransformParameterSpec) null)); final KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory(); final X509Data x509Data = keyInfoFactory.newX509Data(Collections.singletonList((X509Certificate) keyEntry.getCertificate())); final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data)); final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); final Document document = documentBuilderFactory.newDocumentBuilder().parse(new InputSource(xmlReader)); for (final String elementoAssinavel : elementosAssinaveis) { final NodeList elements = document.getElementsByTagName(elementoAssinavel); for (int i = 0; i < elements.getLength(); i++) { final Element element = (Element) elements.item(i); final String id = element.getAttribute("Id"); element.setIdAttribute("Id", true); final Reference reference = signatureFactory.newReference("#" + id, signatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null); final SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); final XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(new DOMSignContext(keyEntry.getPrivateKey(), element.getParentNode()));
org.w3c.dom.Element el = (org.w3c.dom.Element) elements.item(indexNFe); String id = el.getAttribute("Id"); el.setIdAttribute("Id", true); Reference ref = fac.newReference("#" + id, fac.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null); SignedInfo si = fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); XMLSignature signature = fac.newXMLSignature(si, ki); dsc = new DOMSignContext(privateKey, document.getFirstChild()); } else { dsc = new DOMSignContext(privateKey, document.getDocumentElement().getElementsByTagName(tipo).item(indexNFe)); dsc.setBaseURI("ok"); signature.sign(dsc);
final Reference aReference = aSignatureFactory.newReference ("", createDigestMethod (aSignatureFactory), createTransformList (aSignatureFactory), final SignedInfo aSignedInfo = aSignatureFactory.newSignedInfo (createCanonicalizationMethod (aSignatureFactory), createSignatureMethod (aSignatureFactory), ContainerHelper.<Reference> newUnmodifiableList (aReference)); final KeyInfoFactory aKeyInfoFactory = aSignatureFactory.getKeyInfoFactory (); final X509Data aX509Data = aKeyInfoFactory.newX509Data (aX509Content); final KeyValue aKeyValue = aKeyInfoFactory.newKeyValue (aCertificate.getPublicKey ()); final KeyInfo aKeyInfo = aKeyInfoFactory.newKeyInfo (ContainerHelper.<XMLStructure> newUnmodifiableList (aX509Data, aKeyValue)); final XMLSignature aXMLSignature = aSignatureFactory.newXMLSignature (aSignedInfo, aKeyInfo); final DOMSignContext aDOMSignContext = new DOMSignContext (aPrivateKey, aDocument.getDocumentElement (), aDocument.getDocumentElement ().getFirstChild ()); aDOMSignContext.setDefaultNamespacePrefix ("dsig"); aXMLSignature.sign (aDOMSignContext);
public boolean isValida(final InputStream xmlStream) throws Exception { final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); final Document document = dbf.newDocumentBuilder().parse(xmlStream); final NodeList nodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nodeList.getLength() == 0) { throw new IllegalStateException("Nao foi encontrada a assinatura do XML."); } final String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); final DOMValidateContext validateContext = new DOMValidateContext(new X509KeySelector(), nodeList.item(0)); for (final String tag : AssinaturaDigital.ELEMENTOS_ASSINAVEIS) { final NodeList elements = document.getElementsByTagName(tag); if (elements.getLength() > 0) { validateContext.setIdAttributeNS((Element) elements.item(0), null, "Id"); } } return signatureFactory.unmarshalXMLSignature(validateContext).validate(validateContext); }
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI()); List<Transform> transforms = new ArrayList<Transform>(); Transform enveloped = xmlSignatureFactory.newTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE, (XMLStructure) null); transforms.add(enveloped); Transform c14n = xmlSignatureFactory.newTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, (XMLStructure) null); transforms.add(c14n); ref = xmlSignatureFactory.newReference("#" + id, xmlSignatureFactory.newDigestMethod(digestAlgorithm, null), transforms, null, null); } catch (NoSuchAlgorithmException e) { ref = xmlSignatureFactory.newReference("#" + id, xmlSignatureFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null); signedInfo = xmlSignatureFactory.newSignedInfo(xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(signAlgorithm, null), Collections.singletonList(ref)); } catch (NoSuchAlgorithmException e) { signedInfo = xmlSignatureFactory.newSignedInfo(xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, null), Collections .singletonList(ref)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); List<X509Certificate> x509Content = new ArrayList<>(); x509Content.add(cert); X509Data x509Data = keyInfoFactory.newX509Data(x509Content);
NodeList signatureNodeList = documentSignaturesDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); for (int idx = 0; idx < signatureNodeList.getLength(); idx++) { Element signatureElement = (Element) signatureNodeList.item(idx); .getElementsByTagNameNS(XAdESXLSignatureFacet.XADES_NAMESPACE, "SignedProperties").item(0); signedPropertiesElement.setIdAttribute("Id", true); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement); ASiCURIDereferencer dereferencer = new ASiCURIDereferencer(asicDocument); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean valid = xmlSignature.validate(domValidateContext); if (!valid) { continue;
/** * Assinatura do XML de Envio de Lote da NF-e utilizando Certificado Digital. * * @param Conteudo do Xml * @param Nome do Certificado Digital * @return String do XMl Assinado * @throws Exception */ private static String assinaDocNFe(ConfiguracoesNfe config, String xml, String tipo) throws NfeException { try { Document document = documentFactory(XmlUtil.removeAcentos(xml)); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM"); ArrayList<Transform> transformList = signatureFactory(signatureFactory); loadCertificates(config, signatureFactory); for (int i = 0; i < document.getDocumentElement().getElementsByTagName(tipo).getLength(); i++) { assinarNFe(tipo, signatureFactory, transformList, privateKey, keyInfo, document, i); } return outputXML(document); } catch (SAXException | IOException | ParserConfigurationException | NoSuchAlgorithmException | InvalidAlgorithmParameterException | KeyStoreException | UnrecoverableEntryException | CertificadoException | MarshalException | XMLSignatureException e) { throw new NfeException("Erro ao Assinar Nfe" + e.getMessage()); } }
Element signature = (Element) xp.evaluate("//dsig:Signature", root, XPathConstants.NODE); DOMValidateContext ctx = new DOMValidateContext(_cert.getPublicKey(), signature); NodeList idAttributes = (NodeList) xp.evaluate("//*[@ID]", root, XPathConstants.NODESET); for (int i = 0; i < idAttributes.getLength(); i++) { ctx.setIdAttributeNS((Element) idAttributes.item(i), null, "ID"); } XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM"); XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx); if (xmlSignature.validate(ctx)) { ...
InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild()); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)); transforms.add(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null)); Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory(); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections .singletonList(keyInfoFactory.newX509Data(Collections .singletonList(certificate)))); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
public void assinarTag(XMLSignatureFactory fac, ArrayList<Transform> transformList, PrivateKey privateKey, KeyInfo ki, Document doc, int i) { NodeList elements = doc.getLastChild().getChildNodes(); Element el = (Element) elements.item(i); el.setIdAttribute("Id", true); Reference ref; SignedInfo si; try { ref = fac.newReference("", fac.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", null), transformList, null, null); si = fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null), Collections.singletonList(ref)); XMLSignature signature = fac.newXMLSignature(si, ki); DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement()); signature.sign(dsc); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | MarshalException | XMLSignatureException ex) { LOGGER.error("Erro ao assinar", ex); } } }
private void addSignatureInfo(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references, List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { List<XMLStructure> objectContent = new LinkedList<XMLStructure>(); Element signatureInfoElement = document.createElementNS(OFFICE_DIGSIG_NS, "SignatureInfoV1"); signatureInfoElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", OFFICE_DIGSIG_NS); Element manifestHashAlgorithmElement = document.createElementNS(OFFICE_DIGSIG_NS, "ManifestHashAlgorithm"); manifestHashAlgorithmElement.setTextContent("http://www.w3.org/2000/09/xmldsig#sha1"); signatureInfoElement.appendChild(manifestHashAlgorithmElement); List<XMLStructure> signatureInfoContent = new LinkedList<XMLStructure>(); signatureInfoContent.add(new DOMStructure(signatureInfoElement)); SignatureProperty signatureInfoSignatureProperty = signatureFactory.newSignatureProperty(signatureInfoContent, "#" + signatureId, "idOfficeV1Details"); List<SignatureProperty> signaturePropertyContent = new LinkedList<SignatureProperty>(); signaturePropertyContent.add(signatureInfoSignatureProperty); SignatureProperties signatureProperties = signatureFactory.newSignatureProperties(signaturePropertyContent, null); objectContent.add(signatureProperties); String objectId = "idOfficeObject"; objects.add(signatureFactory.newXMLObject(objectContent, objectId, null, null)); DigestMethod digestMethod = signatureFactory.newDigestMethod(this.digestAlgo.getXmlAlgoId(), null); Reference reference = signatureFactory.newReference("#" + objectId, digestMethod, null, "http://www.w3.org/2000/09/xmldsig#Object", null); references.add(reference); }
synchronized void sign ( final Key privateKey, final PublicKey publicKey, final Certificate cert, final Document doc ) throws Exception { final DOMSignContext dsc = new DOMSignContext ( privateKey, doc.getDocumentElement () ); final SignatureMethod sm = this.fac.newSignatureMethod ( fromAlg ( privateKey.getAlgorithm () ), null ); final SignedInfo si = this.fac.newSignedInfo ( this.cm, sm, Collections.singletonList ( this.ref ) ); final List<Object> data = new LinkedList<Object> (); if ( cert != null ) { data.add ( this.kif.newKeyValue ( cert.getPublicKey () ) ); data.add ( this.kif.newX509Data ( Collections.singletonList ( cert ) ) ); } else { data.add ( this.kif.newKeyValue ( publicKey ) ); } final KeyInfo ki = this.kif.newKeyInfo ( data ); final XMLSignature signature = this.fac.newXMLSignature ( si, ki ); // finally sign signature.sign ( dsc ); }
transformList.add(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)); transformList.add(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec)null)); XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null); XML_SIGNATURE_FACTORY.newSignedInfo( XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec)null), XML_SIGNATURE_FACTORY.newSignatureMethod(signatureMethod, null), Collections.singletonList(ref)); KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<>(); x509Content.add(signingCert.getSubjectX500Principal().getName()); x509Content.add(signingCert); X509Data xd = kif.newX509Data(x509Content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki); signature.sign(dsc);
/** {@inheritDoc} */ @Override protected boolean doExecute(@Nonnull final Item<Element> item) throws StageProcessingException { Element element = item.unwrap(); XMLSignature signature = xmlSigFactory.newXMLSignature(buildSignedInfo(element), buildKeyInfo()); try { XMLSignContext context = new DOMSignContext(privKey, element, element.getFirstChild()); // Enable caching reference values if required for debugging. if (isDebugPreDigest() && log.isDebugEnabled()) { context.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); } // Perform the signature operation signature.sign(context); // Log the pre-digest data for debugging if (isDebugPreDigest() && log.isDebugEnabled()) { Reference ref = (Reference) signature.getSignedInfo().getReferences().get(0); String preDigest = CharStreams.toString(new InputStreamReader(ref.getDigestInputStream(), "UTF-8")); log.debug("pre digest: {}", preDigest); } } catch (Exception e) { log.error("Unable to create signature for element", e); throw new StageProcessingException("Unable to create signature for element", e); } return true; }