/** * Convenience method for creating the signature context * * @param document the document the signature is based on * * @return the initialized signature context */ public DOMSignContext createXMLSignContext(final Document document) { return new DOMSignContext(signatureConfig.getKey(), document); }
LOG.log(POILogger.DEBUG, "postSign"); final Document document = (Document)xmlSignContext.getParent();
? new DOMSignContext(key, n) : new DOMSignContext(key, n, nextSibling); for (Map.Entry<String,String> me : signatureConfig.getNamespacePrefixes().entrySet()) { domSignContext.putNamespacePrefix(me.getKey(), me.getValue());
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc); domValidateContext.setProperty(XMLSEC_VALIDATE_MANIFEST, Boolean.TRUE); domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
signatureConfig.init(false); final Document document = (Document)xmlSignContext.getParent(); xmlSignContext.setURIDereferencer(uriDereferencer); xmlSignContext.putNamespacePrefix(me.getKey(), me.getValue()); xmlSignContext.setDefaultNamespacePrefix("");
public XMLSignature getXMLSignature() throws MarshalException { DOMValidateContext valContext = new DOMValidateContext(getKeySelector(), signatureElement); XMLSignatureFactory fac = getXMLSignatureFactory(); return fac.unmarshalXMLSignature(valContext); }
/** * If this method finds an attribute with names ID (case-insensitive) then declares it to be a user-determined ID attribute. * * @param childElement */ public static void setIDIdentifier(final DOMValidateContext context, final Element childElement) { final NamedNodeMap attributes = childElement.getAttributes(); for (int jj = 0; jj < attributes.getLength(); jj++) { final Node item = attributes.item(jj); final String localName = item.getNodeName(); if (localName != null) { final String id = localName.toLowerCase(); if (ID_ATTRIBUTE_NAME.equals(id)) { context.setIdAttributeNS(childElement, null, localName); break; } } } }
DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0)); NodeList nlb = doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", "Body"); valContext.putNamespacePrefix("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu"); Node body = nlb.item(0); valContext.setIdAttributeNS((Element)body, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "id");
private void internalMarshal(javax.xml.crypto.dom.DOMStructure parent, XMLCryptoContext context) throws MarshalException { Node pNode = parent.getNode(); String dsPrefix = DOMUtils.getSignaturePrefix(context); Node nextSibling = null; if (context instanceof DOMSignContext) { nextSibling = ((DOMSignContext)context).getNextSibling(); } XmlWriterToTree xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), pNode, nextSibling); marshalInternal(xwriter, this, dsPrefix, context, true); }
@Override public XMLSignature unmarshalXMLSignature(XMLValidateContext context) throws MarshalException { if (context == null) { throw new NullPointerException("context cannot be null"); } return unmarshal(((DOMValidateContext) context).getNode(), context); }
DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
/** * Sign (encrypt) the digest with the private key. * Currently only rsa is supported. * * @param digest the hashed input * @return the encrypted hash */ public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) { final PrivateKey key = signatureConfig.getKey(); final HashAlgorithm algo = signatureConfig.getDigestAlgo(); if (algo.hashSize*4/3 > Base64.BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) { throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+ "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+ "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+ "system properties."); } try (final DigestOutputStream dos = getDigestStream(algo, key)) { dos.init(); final Document document = (Document)xmlSignContext.getParent(); final Element el = getDsigElement(document, "SignedInfo"); final DOMSubTreeData subTree = new DOMSubTreeData(el, true); signedInfo.getCanonicalizationMethod().transform(subTree, xmlSignContext, dos); return DatatypeConverter.printBase64Binary(dos.sign()); } catch (GeneralSecurityException|IOException|TransformException e) { throw new EncryptedDocumentException(e); } }
Element signature = (Element) xp.evaluate("//dsig:Signature", root, XPathConstants.NODE); DOMValidateContext ctx = new DOMValidateContext(_cert.getPublicKey(), signature); NodeList idAttributes = (NodeList) xp.evaluate("//*[@ID]", root, XPathConstants.NODESET); for (int i = 0; i < idAttributes.getLength(); i++) { ctx.setIdAttributeNS((Element) idAttributes.item(i), null, "ID"); } XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM"); XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx); if (xmlSignature.validate(ctx)) { ...
/** * Convenience method for creating the signature context * * @param document the document the signature is based on * * @return the initialized signature context */ public DOMSignContext createXMLSignContext(final Document document) { return new DOMSignContext(signatureConfig.getKey(), document); }
/** * Transforms the specified data using the underlying transform algorithm. * This method invokes the {@link #marshal marshal} method and passes it * the specified <code>DOMSignContext</code> before transforming the data. * * @param data the data to be transformed * @param sc the <code>XMLCryptoContext</code> containing * additional context (may be <code>null</code> if not applicable) * @param context the marshalling context * @return the transformed data * @throws MarshalException if an exception occurs while marshalling * @throws NullPointerException if <code>data</code> or <code>context</code> * is <code>null</code> * @throws XMLSignatureException if an unexpected error occurs while * executing the transform */ Data transform(Data data, XMLCryptoContext xc, DOMSignContext context) throws MarshalException, TransformException { Node parent = context.getParent(); XmlWriter xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), parent); marshal(xwriter, DOMUtils.getSignaturePrefix(context), context); return transform(data, xc); } }
... Node sigNode = nodeList.item(0); DOMValidateContext context = new DOMValidateContext(keySelector, sigNode); context.setIdAttributeNS((Element) sigNode.getParentNode(), null, "ID"); XMLSignatureFactory factory = XMLSignatureFactory.getInstance(); try { XMLSignature signature = factory.unmarshalXMLSignature(context); if (!signature.validate(context)) { // works now! ...
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @param x509Certificate {@link X509Certificate} to be placed in SignedInfo * * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException * @since 2.5.0 */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { PrivateKey signingKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, elementToSign, nextSibling); signImpl(dsc, digestMethod, signatureMethod, referenceURI, publicKey, x509Certificate); }
private void addSignature(Element parentElement) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException { DOMSignContext domSignContext = new DOMSignContext( this.sessionKey.getPrivate(), parentElement); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory .getInstance("DOM"); Reference reference = xmlSignatureFactory.newReference("#" + this.prototypeKeyBindingId, xmlSignatureFactory .newDigestMethod(DigestMethod.SHA1, null), Collections .singletonList(xmlSignatureFactory.newTransform( CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null)), null, null); SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo( xmlSignatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xmlSignatureFactory .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference)); XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature( signedInfo, null); xmlSignature.sign(domSignContext); }