/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
/** * This method takes an (empty) Element and a BigInteger and adds the * base64 encoded BigInteger to the Element. * * @param element * @param biginteger */ public static final void fillElementWithBigInteger(Element element, BigInteger biginteger) { String encodedInt = encode(biginteger); if (!XMLUtils.ignoreLineBreaks() && encodedInt.length() > BASE64DEFAULTLENGTH) { encodedInt = "\n" + encodedInt + "\n"; } Document doc = element.getOwnerDocument(); Text text = doc.createTextNode(encodedInt); element.appendChild(text); }
/** * Base64 encodes and sets the bytes as the content of the SignatureValue * Node. * * @param bytes bytes to be used by SignatureValue before Base64 encoding */ private void setSignatureValueElement(byte[] bytes) { while (signatureValueElement.hasChildNodes()) { signatureValueElement.removeChild(signatureValueElement.getFirstChild()); } String base64codedValue = XMLUtils.encodeToString(bytes); if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) { base64codedValue = "\n" + base64codedValue + "\n"; } Text t = createText(base64codedValue); signatureValueElement.appendChild(t); }
/** * Encode a byte array and fold lines at the standard 76th character unless * ignore line breaks property is set. * * @param binaryData <code>byte[]</code> to be base64 encoded * @return the <code>String</code> with encoded data */ public static final String encode(byte[] binaryData) { return XMLUtils.ignoreLineBreaks() ? encode(binaryData, Integer.MAX_VALUE) : encode(binaryData, BASE64DEFAULTLENGTH); }
/** * Method addBase64Text * * @param bytes */ public void addBase64Text(byte[] bytes) { if (bytes != null) { Text t = XMLUtils.ignoreLineBreaks() ? createText(XMLUtils.encodeToString(bytes)) : createText("\n" + XMLUtils.encodeToString(bytes) + "\n"); appendSelf(t); } }
/** * Method addBase64Element * * @param bytes * @param localname */ public void addBase64Element(byte[] bytes, String localname) { if (bytes != null) { Element el = XMLUtils.createElementInSignatureSpace(getDocument(), localname); Text text = getDocument().createTextNode(XMLUtils.encodeToString(bytes)); el.appendChild(text); appendSelf(el); if (!XMLUtils.ignoreLineBreaks()) { appendSelf(createText("\n")); } } }
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }