/** * Convenience method for creating the signature context * * @param document the document the signature is based on * * @return the initialized signature context */ public DOMSignContext createXMLSignContext(final Document document) { return new DOMSignContext(signatureConfig.getKey(), document); }
? new DOMSignContext(key, n) : new DOMSignContext(key, n, nextSibling); for (Map.Entry<String,String> me : signatureConfig.getNamespacePrefixes().entrySet()) { domSignContext.putNamespacePrefix(me.getKey(), me.getValue());
DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
/** * Convenience method for creating the signature context * * @param document the document the signature is based on * * @return the initialized signature context */ public DOMSignContext createXMLSignContext(final Document document) { return new DOMSignContext(signatureConfig.getKey(), document); }
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
/** * Sign the root element * * @param doc * @param signingKey * @param publicKey * @param digestMethod * @param signatureMethod * @param referenceURI * @return * @throws GeneralSecurityException * @throws XMLSignatureException * @throws MarshalException * @since 2.5.0 */ public static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { logger.trace("Document to be signed=" + DocumentUtil.asString(doc)); PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); return doc; }
/** * Sign the root element * * @param doc * @param signingKey * @param publicKey * @param digestMethod * @param signatureMethod * @param referenceURI * * @return * * @throws GeneralSecurityException * @throws XMLSignatureException * @throws MarshalException * @since 2.5.0 */ public static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { logger.trace("Document to be signed=" + DocumentUtil.asString(doc)); PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); return doc; }
/** * Sign the root element * * @param doc * @param signingKey * @param publicKey * @param digestMethod * @param signatureMethod * @param referenceURI * * @return * * @throws GeneralSecurityException * @throws XMLSignatureException * @throws MarshalException * @since 2.5.0 */ public static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { logger.trace("Document to be signed=" + DocumentUtil.asString(doc)); PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); return doc; }
synchronized void sign ( final Key privateKey, final PublicKey publicKey, final Certificate cert, final Document doc ) throws Exception { final DOMSignContext dsc = new DOMSignContext ( privateKey, doc.getDocumentElement () ); final SignatureMethod sm = this.fac.newSignatureMethod ( fromAlg ( privateKey.getAlgorithm () ), null ); final SignedInfo si = this.fac.newSignedInfo ( this.cm, sm, Collections.singletonList ( this.ref ) ); final List<Object> data = new LinkedList<Object> (); if ( cert != null ) { data.add ( this.kif.newKeyValue ( cert.getPublicKey () ) ); data.add ( this.kif.newX509Data ( Collections.singletonList ( cert ) ) ); } else { data.add ( this.kif.newKeyValue ( publicKey ) ); } final KeyInfo ki = this.kif.newKeyInfo ( data ); final XMLSignature signature = this.fac.newXMLSignature ( si, ki ); // finally sign signature.sign ( dsc ); }
public static void signDOM(Node node, PrivateKey privateKey, Certificate origCert) { XMLSignatureFactory fac = initXMLSigFactory(); X509Certificate cert = (X509Certificate) origCert; // Create the KeyInfo containing the X509Data. KeyInfoFactory kif = fac.getKeyInfoFactory(); List<Object> x509Content = new ArrayList<Object>(); x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); X509Data xd = kif.newX509Data(x509Content); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd)); // Create a DOMSignContext and specify the RSA PrivateKey and // location of the resulting XMLSignature's parent element. DOMSignContext dsc = new DOMSignContext(privateKey, node); dsc.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ns2"); // Create the XMLSignature, but don't sign it yet. try { SignedInfo si = initSignedInfo(fac); XMLSignature signature = fac.newXMLSignature(si, ki); // Marshal, generate, and sign the enveloped signature. signature.sign(dsc); } catch (Exception e) { throw new RuntimeException(e); } }
synchronized void sign ( final Key privateKey, final PublicKey publicKey, final Certificate cert, final Document doc ) throws Exception { final DOMSignContext dsc = new DOMSignContext ( privateKey, doc.getDocumentElement () ); final SignatureMethod sm = this.fac.newSignatureMethod ( fromAlg ( privateKey.getAlgorithm () ), null ); final SignedInfo si = this.fac.newSignedInfo ( this.cm, sm, Collections.singletonList ( this.ref ) ); final List<Object> data = new LinkedList<Object> (); if ( cert != null ) { data.add ( this.kif.newKeyValue ( cert.getPublicKey () ) ); data.add ( this.kif.newX509Data ( Collections.singletonList ( cert ) ) ); } else { data.add ( this.kif.newKeyValue ( publicKey ) ); } final KeyInfo ki = this.kif.newKeyInfo ( data ); final XMLSignature signature = this.fac.newXMLSignature ( si, ki ); // finally sign signature.sign ( dsc ); }
final SignedInfo signedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); final XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo); signature.sign(new DOMSignContext(keyEntry.getPrivateKey(), element.getParentNode()));
/** {@inheritDoc} */ @Override protected boolean doExecute(@Nonnull final Item<Element> item) throws StageProcessingException { Element element = item.unwrap(); XMLSignature signature = xmlSigFactory.newXMLSignature(buildSignedInfo(element), buildKeyInfo()); try { XMLSignContext context = new DOMSignContext(privKey, element, element.getFirstChild()); // Enable caching reference values if required for debugging. if (isDebugPreDigest() && log.isDebugEnabled()) { context.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); } // Perform the signature operation signature.sign(context); // Log the pre-digest data for debugging if (isDebugPreDigest() && log.isDebugEnabled()) { Reference ref = (Reference) signature.getSignedInfo().getReferences().get(0); String preDigest = CharStreams.toString(new InputStreamReader(ref.getDigestInputStream(), "UTF-8")); log.debug("pre digest: {}", preDigest); } } catch (Exception e) { log.error("Unable to create signature for element", e); throw new StageProcessingException("Unable to create signature for element", e); } return true; }
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
public void assinarTag(XMLSignatureFactory fac, ArrayList<Transform> transformList, PrivateKey privateKey, KeyInfo ki, Document doc, int i) { NodeList elements = doc.getLastChild().getChildNodes(); Element el = (Element) elements.item(i); el.setIdAttribute("Id", true); Reference ref; SignedInfo si; try { ref = fac.newReference("", fac.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", null), transformList, null, null); si = fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null), Collections.singletonList(ref)); XMLSignature signature = fac.newXMLSignature(si, ki); DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement()); signature.sign(dsc); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | MarshalException | XMLSignatureException ex) { LOGGER.error("Erro ao assinar", ex); } } }
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
/** * Sign the XML document using xmldsig. * * @param document * the document to sign; it will be modified by the method. * @param publicKey * the public key from the key pair to sign the document. * @param privateKey * the private key from the key pair to sign the document. * @return the signed document for chaining. */ public static Document sign(Document document, RSAPublicKey publicKey, RSAPrivateKey privateKey) { XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory(); try { Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo( fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); DOMSignContext dsc = new DOMSignContext(privateKey, document.getDocumentElement()); KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey); KeyInfo ki = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); } catch (Exception e) { Logger.warn("Error while signing an XML document.", e); } return document; }
private void addSignature(Element parentElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext( this.sessionKey.getPrivate(), parentElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); Reference reference = xmlSignatureFactory.newReference("#" + this.prototypeKeyBindingId, xmlSignatureFactory .newDigestMethod(DigestMethod.SHA1, null), Collections .singletonList(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature( signedInfo, null); xmlSignature.sign(domSignContext); }