LOG.log(POILogger.DEBUG, "postSign"); final Document document = (Document)xmlSignContext.getParent();
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
signatureConfig.init(false); final Document document = (Document)xmlSignContext.getParent();
LOG.log(POILogger.DEBUG, "postSign"); final Document document = (Document)xmlSignContext.getParent();
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
private static void sign(XMLSignatureFactory fac, ExternalSignature externalSignature, XmlLocator locator, DOMSignedInfo si, XMLObject xo, KeyInfo ki, String signatureId) throws DocumentException { Document doc = locator.getDocument(); DOMSignContext domSignContext = new DOMSignContext(EmptyKey.getInstance(), doc.getDocumentElement()); List objects = null; if (xo != null) objects = Collections.singletonList(xo); DOMXMLSignature signature = (DOMXMLSignature)fac.newXMLSignature(si, ki, objects, signatureId, null); ByteArrayOutputStream byteRange = new ByteArrayOutputStream(); try { signature.marshal(domSignContext.getParent(), domSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(domSignContext), domSignContext); Element signElement = findElement(doc.getDocumentElement().getChildNodes(), SecurityConstants.Signature); if (signatureId != null) signElement.setAttributeNS(SecurityConstants.XMLNS_URI, SecurityConstants.XMLNS_XADES, SecurityConstants.XADES_132_URI); List references = si.getReferences(); for (int i = 0; i < references.size(); i++) ((DOMReference)references.get(i)).digest(domSignContext); si.canonicalize(domSignContext, byteRange); Element signValue = findElement(signElement.getChildNodes(), SecurityConstants.SignatureValue); //Sign with ExternalSignature String valueBase64 = Base64.encode(externalSignature.sign(byteRange.toByteArray())); //Set calculated SignatureValue signValue.appendChild(doc.createTextNode(valueBase64)); locator.setDocument(doc); } catch (Exception e) { throw new DocumentException(e); } }
/** * Transforms the specified data using the underlying transform algorithm. * This method invokes the {@link #marshal marshal} method and passes it * the specified <code>DOMSignContext</code> before transforming the data. * * @param data the data to be transformed * @param sc the <code>XMLCryptoContext</code> containing * additional context (may be <code>null</code> if not applicable) * @param context the marshalling context * @return the transformed data * @throws MarshalException if an exception occurs while marshalling * @throws NullPointerException if <code>data</code> or <code>context</code> * is <code>null</code> * @throws XMLSignatureException if an unexpected error occurs while * executing the transform */ Data transform(Data data, XMLCryptoContext xc, DOMSignContext context) throws MarshalException, TransformException { Node parent = context.getParent(); XmlWriter xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), parent); marshal(xwriter, DOMUtils.getSignaturePrefix(context), context); return transform(data, xc); } }
Node nextSibling = context.getNextSibling(); XmlWriterToTree xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), context.getParent(), nextSibling); marshal(xwriter, DOMUtils.getSignaturePrefix(signContext), signContext);
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
signatureConfig.init(false); final Document document = (Document)xmlSignContext.getParent();