protected Transform newTransform(String canonicalizationMethod, TransformParameterSpec paramSpec) throws XMLSignatureException { try { return getSignatureFactory().newTransform(canonicalizationMethod, paramSpec); } catch (GeneralSecurityException e) { throw new XMLSignatureException("unknown canonicalization method: "+canonicalizationMethod, e); } }
public static Reference newReference( String uri , List<Transform> transforms , String type , String id , byte digestValue[] , SignatureConfig signatureConfig) throws XMLSignatureException { // the references appear in the package signature or the package object // so we can use the default digest algorithm String digestMethodUri = signatureConfig.getDigestMethodUri(); XMLSignatureFactory sigFac = signatureConfig.getSignatureFactory(); DigestMethod digestMethod; try { digestMethod = sigFac.newDigestMethod(digestMethodUri, null); } catch (GeneralSecurityException e) { throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e); } Reference reference; if (digestValue == null) { reference = sigFac.newReference(uri, digestMethod, transforms, type, id); } else { reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue); } return reference; } }
DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(pub); KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc);
final Document document = (Document)xmlSignContext.getParent(); xmlSignContext.setURIDereferencer(uriDereferencer); xmlSignContext.putNamespacePrefix(me.getKey(), me.getValue()); xmlSignContext.setDefaultNamespacePrefix(""); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod (signatureConfig.getSignatureMethodUri(), null); CanonicalizationMethod canonicalizationMethod = signatureFactory .newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(), (C14NMethodParameterSpec) null); signedInfo = signatureFactory.newSignedInfo( canonicalizationMethod, signatureMethod, references); } catch (GeneralSecurityException e) { throw new XMLSignatureException(e); .newXMLSignature(signedInfo, null, objects, signatureConfig.getPackageSignatureId(), signatureValueId); xmlSignature.sign(xmlSignContext); List<XMLStructure> objectContentList = object.getContent(); for (XMLStructure objectContent : objectContentList) { LOG.log(POILogger.DEBUG, "object content java type: " + objectContent.getClass().getName()); List<Reference> manifestReferences = manifest.getReferences(); for (Reference manifestReference : manifestReferences) {
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc); domValidateContext.setProperty(XMLSEC_VALIDATE_MANIFEST, Boolean.TRUE); domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer()); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean valid = xmlSignature.validate(domValidateContext);
@SuppressWarnings("unchecked") public static String findReferenceUri(XMLSignature xmlSignature, String type) { SignedInfo signedInfo = xmlSignature.getSignedInfo(); List<Reference> references = signedInfo.getReferences(); for (Reference reference : references) { if (type.equals(reference.getType())) { return reference.getURI(); } } return null; }
/** * @return the xml signature factory (thread-local) */ public XMLSignatureFactory getSignatureFactory() { XMLSignatureFactory sigFac = signatureFactory.get(); if (sigFac == null) { sigFac = XMLSignatureFactory.getInstance("DOM", getProvider()); setSignatureFactory(sigFac); } return sigFac; }
private void extractConfig(final Document doc, final XMLSignature xmlSignature) throws XPathExpressionException { if (!signatureConfig.isUpdateConfigOnValidate()) { return; } signatureConfig.setSigningCertificateChain(certChain); signatureConfig.setSignatureMethodFromUri(xmlSignature.getSignedInfo().getSignatureMethod().getAlgorithm()); final XPath xpath = XPathFactory.newInstance().newXPath(); xpath.setNamespaceContext(new XPathNSContext()); final Map<String,Consumer<String>> m = new HashMap(); m.put("//mdssi:SignatureTime/mdssi:Value", signatureConfig::setExecutionTime); m.put("//xd:ClaimedRole", signatureConfig::setXadesRole); m.put("//dsss:SignatureComments", signatureConfig::setSignatureDescription); m.put("//xd:QualifyingProperties//xd:SignedSignatureProperties//ds:DigestMethod/@Algorithm", signatureConfig::setXadesDigestAlgo); m.put("//ds:CanonicalizationMethod", signatureConfig::setCanonicalizationMethod); for (Map.Entry<String,Consumer<String>> me : m.entrySet()) { String val = (String)xpath.compile(me.getKey()).evaluate(doc, XPathConstants.STRING); me.getValue().accept(val); } }
protected void addSignatureInfo(Document document, List<Reference> references, List<XMLObject> objects) throws XMLSignatureException { List<XMLStructure> objectContent = new ArrayList<>(); SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance(); CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1(); ctSigV1.setManifestHashAlgorithm(signatureConfig.getDigestMethodUri()); if (signatureConfig.getSignatureDescription() != null) { ctSigV1.setSignatureComments(signatureConfig.getSignatureDescription()); } Element n = (Element)document.importNode(ctSigV1.getDomNode(), true); n.setAttributeNS(XML_NS, XMLConstants.XMLNS_ATTRIBUTE, MS_DIGSIG_NS); List<XMLStructure> signatureInfoContent = new ArrayList<>(); signatureInfoContent.add(new DOMStructure(n)); SignatureProperty signatureInfoSignatureProperty = getSignatureFactory() .newSignatureProperty(signatureInfoContent, "#" + signatureConfig.getPackageSignatureId(), "idOfficeV1Details"); List<SignatureProperty> signaturePropertyContent = new ArrayList<>(); signaturePropertyContent.add(signatureInfoSignatureProperty); SignatureProperties signatureProperties = getSignatureFactory() .newSignatureProperties(signaturePropertyContent, null); objectContent.add(signatureProperties); String objectId = "idOfficeObject"; objects.add(getSignatureFactory().newXMLObject(objectContent, objectId, null, null)); Reference reference = newReference("#" + objectId, null, XML_DIGSIG_NS+"Object", null, null); references.add(reference); }
protected void addManifestObject( Document document , List<Reference> references , List<XMLObject> objects) throws XMLSignatureException { List<Reference> manifestReferences = new ArrayList<>(); addManifestReferences(manifestReferences); Manifest manifest = getSignatureFactory().newManifest(manifestReferences); List<XMLStructure> objectContent = new ArrayList<>(); objectContent.add(manifest); addSignatureTime(document, objectContent); XMLObject xo = getSignatureFactory().newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null); objects.add(xo); Reference reference = newReference("#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null); references.add(reference); }
/** * Normalize a URI/part name * TODO: find a better way ... */ private static String normalizePartName(URI partName, String baseUri) throws XMLSignatureException { String pn = partName.toASCIIString(); if (!pn.startsWith(baseUri)) { pn = baseUri + pn; } try { pn = new URI(pn).normalize().getPath().replace('\\', '/'); LOG.log(POILogger.DEBUG, "part name: " + pn); } catch (URISyntaxException e) { throw new XMLSignatureException(e); } return pn; }
doc = DocumentHelper.readDocument(octetStream); } catch (Exception e) { throw new TransformException(e.getMessage(), e);
Element qualDocEl = (Element)document.importNode(qualDocElSrc, true); xadesObjectContent.add(new DOMStructure(qualDocEl)); XMLObject xadesObject = getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null); objects.add(xadesObject);
protected void addSignatureTime(Document document, List<XMLStructure> objectContent) { /* * SignatureTime */ SignatureTimeDocument sigTime = SignatureTimeDocument.Factory.newInstance(); CTSignatureTime ctTime = sigTime.addNewSignatureTime(); ctTime.setFormat("YYYY-MM-DDThh:mm:ssTZD"); ctTime.setValue(signatureConfig.formatExecutionTime()); LOG.log(POILogger.DEBUG, "execution time: " + ctTime.getValue()); Element n = (Element)document.importNode(ctTime.getDomNode(),true); List<XMLStructure> signatureTimeContent = new ArrayList<>(); signatureTimeContent.add(new DOMStructure(n)); SignatureProperty signatureTimeSignatureProperty = getSignatureFactory() .newSignatureProperty(signatureTimeContent, "#" + signatureConfig.getPackageSignatureId(), "idSignatureTime"); List<SignatureProperty> signaturePropertyContent = new ArrayList<>(); signaturePropertyContent.add(signatureTimeSignatureProperty); SignatureProperties signatureProperties = getSignatureFactory() .newSignatureProperties(signaturePropertyContent, null); objectContent.add(signatureProperties); }
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
public Data dereference(URIReference uriReference, XMLCryptoContext context) throws URIReferenceException { if (baseUriDereferencer == null) { baseUriDereferencer = signatureConfig.getSignatureFactory().getURIDereferencer();
@SuppressWarnings("unchecked") private static List<XMLStructure> getContent(SignatureProperty prop) { return prop.getContent(); } private boolean equalsContent(List<XMLStructure> otherContent) {
public SAMLTokenProcessor() { // Try to install the Santuario Provider - fall back to the JDK provider if this does // not work try { signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig"); } catch (NoSuchProviderException ex) { signatureFactory = XMLSignatureFactory.getInstance("DOM"); } }
prc.parseRelationshipsPart(pp); } catch (InvalidFormatException e) { throw new XMLSignatureException("Invalid relationship descriptor: "+pp.getPartName().getName(), e); contentType = pp2.getContentType(); } catch (InvalidFormatException e) { throw new XMLSignatureException(e);