Examples with Reference javax.xml.crypto.dsig.Reference used on opensource projects

Example 6 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class OOXMLSignatureFacet method addManifestObject.

protected void addManifestObject(Document document, List<Reference> references, List<XMLObject> objects) throws XMLSignatureException {
    List<Reference> manifestReferences = new ArrayList<Reference>();
    addManifestReferences(manifestReferences);
    Manifest manifest = getSignatureFactory().newManifest(manifestReferences);
    // really has to be this value.
    String objectId = "idPackageObject";
    List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
    objectContent.add(manifest);
    addSignatureTime(document, objectContent);
    XMLObject xo = getSignatureFactory().newXMLObject(objectContent, objectId, null, null);
    objects.add(xo);
    Reference reference = newReference("#" + objectId, null, XML_DIGSIG_NS + "Object", null, null);
    references.add(reference);
}

Example 7 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class SignatureFacet method newReference.

public static Reference newReference(String uri, List<Transform> transforms, String type, String id, byte[] digestValue, SignatureConfig signatureConfig) throws XMLSignatureException {
    // the references appear in the package signature or the package object
    // so we can use the default digest algorithm
    String digestMethodUri = signatureConfig.getDigestMethodUri();
    XMLSignatureFactory sigFac = signatureConfig.getSignatureFactory();
    DigestMethod digestMethod;
    try {
        digestMethod = sigFac.newDigestMethod(digestMethodUri, null);
    } catch (GeneralSecurityException e) {
        throw new XMLSignatureException("unknown digest method uri: " + digestMethodUri, e);
    }
    Reference reference;
    if (digestValue == null) {
        reference = sigFac.newReference(uri, digestMethod, transforms, type, id);
    } else {
        reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
    }
    brokenJvmWorkaround(reference);
    return reference;
}

Example 8 with Reference

use of javax.xml.crypto.dsig.Reference in project wildfly by wildfly.

the class TestServlet method signDocument.

private static void signDocument(final Document doc, final PrivateKey privateKey) throws Exception {
    final XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM");
    final Reference ref = xsf.newReference("", xsf.newDigestMethod(DigestMethod.SHA256, null), Collections.singletonList(xsf.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
    final SignedInfo si = xsf.newSignedInfo(xsf.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xsf.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null), Collections.singletonList(ref));
    final KeyInfo ki = KeyInfoFactory.getInstance().newKeyInfo(Collections.singletonList(KeyInfoFactory.getInstance().newKeyName("dummy")));
    xsf.newXMLSignature(si, ki).sign(new DOMSignContext(privateKey, doc.getDocumentElement()));
}

Example 9 with Reference

use of javax.xml.crypto.dsig.Reference in project camel by apache.

the class XmlVerifierProcessor method verify.

@SuppressWarnings("unchecked")
protected void verify(InputStream input, final Message out) throws Exception {
    //NOPMD
    LOG.debug("Verification of XML signature document started");
    final Document doc = parseInput(input, out);
    XMLSignatureFactory fac;
    // not work
    try {
        fac = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
    } catch (NoSuchProviderException ex) {
        fac = XMLSignatureFactory.getInstance("DOM");
    }
    KeySelector selector = getConfiguration().getKeySelector();
    if (selector == null) {
        throw new IllegalStateException("Wrong configuration. Key selector is missing.");
    }
    DOMValidateContext valContext = new DOMValidateContext(selector, doc);
    valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
    valContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
    if (getConfiguration().getSecureValidation() == Boolean.TRUE) {
        valContext.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
    }
    setUriDereferencerAndBaseUri(valContext);
    setCryptoContextProperties(valContext);
    NodeList signatureNodes = getSignatureNodes(doc);
    List<XMLObject> collectedObjects = new ArrayList<XMLObject>(3);
    List<Reference> collectedReferences = new ArrayList<Reference>(3);
    int totalCount = signatureNodes.getLength();
    for (int i = 0; i < totalCount; i++) {
        Element signatureNode = (Element) signatureNodes.item(i);
        valContext.setNode(signatureNode);
        final XMLSignature signature = fac.unmarshalXMLSignature(valContext);
        if (getConfiguration().getXmlSignatureChecker() != null) {
            XmlSignatureChecker.Input checkerInput = new CheckerInputBuilder().message(out).messageBodyDocument(doc).keyInfo(signature.getKeyInfo()).currentCountOfSignatures(i + 1).currentSignatureElement(signatureNode).objects(signature.getObjects()).signatureValue(signature.getSignatureValue()).signedInfo(signature.getSignedInfo()).totalCountOfSignatures(totalCount).xmlSchemaValidationExecuted(getSchemaResourceUri(out) != null).build();
            getConfiguration().getXmlSignatureChecker().checkBeforeCoreValidation(checkerInput);
        }
        boolean coreValidity;
        try {
            coreValidity = signature.validate(valContext);
        } catch (XMLSignatureException se) {
            throw getConfiguration().getValidationFailedHandler().onXMLSignatureException(se);
        }
        // Check core validation status
        boolean goon = coreValidity;
        if (!coreValidity) {
            goon = handleSignatureValidationFailed(valContext, signature);
        }
        if (goon) {
            LOG.debug("XML signature {} verified", i + 1);
        } else {
            throw new XmlSignatureInvalidException("XML signature validation failed");
        }
        collectedObjects.addAll(signature.getObjects());
        collectedReferences.addAll(signature.getSignedInfo().getReferences());
    }
    map2Message(collectedReferences, collectedObjects, out, doc);
}

Example 10 with Reference

use of javax.xml.crypto.dsig.Reference in project camel by apache.

the class XmlVerifierProcessor method handleSignatureValidationFailed.

@SuppressWarnings("unchecked")
protected boolean handleSignatureValidationFailed(DOMValidateContext valContext, XMLSignature signature) throws Exception {
    //NOPMD
    ValidationFailedHandler handler = getConfiguration().getValidationFailedHandler();
    LOG.debug("handleSignatureValidationFailed called");
    try {
        handler.start();
        // first check signature value, see
        // https://www.isecpartners.com/media/12012/XMLDSIG_Command_Injection.pdf
        SignatureValue sigValue = signature.getSignatureValue();
        boolean sv = sigValue.validate(valContext);
        if (!sv) {
            handler.signatureValueValidationFailed(sigValue);
        }
        // check the validation status of each Reference
        for (Reference ref : (List<Reference>) signature.getSignedInfo().getReferences()) {
            boolean refValid = ref.validate(valContext);
            if (!refValid) {
                handler.referenceValidationFailed(ref);
            }
        }
        // validate Manifests, if property set
        if (Boolean.TRUE.equals(valContext.getProperty("org.jcp.xml.dsig.validateManifests"))) {
            for (XMLObject xo : (List<XMLObject>) signature.getObjects()) {
                List<XMLStructure> content = xo.getContent();
                for (XMLStructure xs : content) {
                    if (xs instanceof Manifest) {
                        Manifest man = (Manifest) xs;
                        for (Reference ref : (List<Reference>) man.getReferences()) {
                            boolean refValid = ref.validate(valContext);
                            if (!refValid) {
                                handler.manifestReferenceValidationFailed(ref);
                            }
                        }
                    }
                }
            }
        }
        boolean goon = handler.ignoreCoreValidationFailure();
        LOG.debug("Ignore Core Validation failure: {}", goon);
        return goon;
    } finally {
        handler.end();
    }
}