Example 11 with DOMSignContext
use of javax.xml.crypto.dsig.dom.DOMSignContext in project OpenAttestation by OpenAttestation.
the class SAMLSignature method signSAMLObject.
/**
* Adds an enveloped signature to the given element. Then moves the
* signature element so that it is in the correct position according to the
* SAML assertion and protocol schema: it must immediately follow any Issuer
* and precede everything else.
*/
public void signSAMLObject(Element target) throws GeneralSecurityException, XMLSignatureException, MarshalException {
Reference ref = factory.newReference("#" + target.getAttribute("ID"), factory.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo signedInfo = factory.newSignedInfo(factory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo);
DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(), target);
signature.sign(signContext);
// For the result to be schema-valid, we have to move the signature
// element from its place at the end of the child list to live
// between Issuer and Subject elements. So, deep breath, and:
Node signatureElement = target.getLastChild();
boolean foundIssuer = false;
Node elementAfterIssuer = null;
NodeList children = target.getChildNodes();
for (int c = 0; c < children.getLength(); ++c) {
Node child = children.item(c);
if (foundIssuer) {
elementAfterIssuer = child;
break;
}
if (child.getNodeType() == Node.ELEMENT_NODE && child.getLocalName().equals("Issuer")) {
foundIssuer = true;
}
}
// Place after the Issuer, or as first element if no Issuer:
if (!foundIssuer || elementAfterIssuer != null) {
target.removeChild(signatureElement);
target.insertBefore(signatureElement, foundIssuer ? elementAfterIssuer : target.getFirstChild());
}
}
Also used :
Reference(javax.xml.crypto.dsig.Reference)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
SignedInfo(javax.xml.crypto.dsig.SignedInfo)
C14NMethodParameterSpec(javax.xml.crypto.dsig.spec.C14NMethodParameterSpec)
Example 12 with DOMSignContext
use of javax.xml.crypto.dsig.dom.DOMSignContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_signature_enveloping.
private static void test_create_signature_enveloping(DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks, boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference("#object", dm, Collections.singletonList(fac.newTransform(Transform.BASE64, (TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference("#object", dm);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm, Collections.singletonList(ref));
Document doc = db.newDocument();
// create Objects
String text = b64 ? "c29tZSB0ZXh0" : "some text";
XMLObject obj = fac.newXMLObject(Collections.singletonList(new DOMStructure(doc.createTextNode(text))), "object", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki, Collections.singletonList(obj), null, null);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext(ks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Also used :
URIReference(javax.xml.crypto.URIReference)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
URIReferenceException(javax.xml.crypto.URIReferenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 13 with DOMSignContext
use of javax.xml.crypto.dsig.dom.DOMSignContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_signature_reference_dependency.
static void test_create_signature_reference_dependency() throws Exception {
System.out.println("* Generating signature-reference-dependency.xml");
// create references
List<Reference> refs = Collections.singletonList(fac.newReference("#object-1", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create objects
List<XMLStructure> objs = new ArrayList<XMLStructure>();
// Object 1
List<Reference> manRefs = Collections.singletonList(fac.newReference("#object-2", sha1));
objs.add(fac.newXMLObject(Collections.singletonList(fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
// Object 2
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
nc.appendChild(doc.createComment(" Commentandum "));
objs.add(fac.newXMLObject(Collections.singletonList(new DOMStructure(nc)), "object-2", null, null));
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext(kvks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Also used :
URIReference(javax.xml.crypto.URIReference)
XMLStructure(javax.xml.crypto.XMLStructure)
URIReferenceException(javax.xml.crypto.URIReferenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
Example 14 with DOMSignContext
use of javax.xml.crypto.dsig.dom.DOMSignContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_sign_spec.
static void test_create_sign_spec() throws Exception {
System.out.println("* Generating sign-spec.xml");
List<Reference> refs = new ArrayList<Reference>(2);
// create reference 1
List<XPathType> types = new ArrayList<XPathType>(3);
types.add(new XPathType(" //ToBeSigned ", XPathType.Filter.INTERSECT));
types.add(new XPathType(" //NotToBeSigned ", XPathType.Filter.SUBTRACT));
types.add(new XPathType(" //ReallyToBeSigned ", XPathType.Filter.UNION));
XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
refs.add(fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)), null, null));
// create reference 2
List<Transform> trans2 = new ArrayList<Transform>(2);
trans2.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
XPathFilter2ParameterSpec xp2 = new XPathFilter2ParameterSpec(Collections.singletonList(new XPathType(" / ", XPathType.Filter.UNION)));
trans2.add(fac.newTransform(Transform.XPATH2, xp2));
refs.add(fac.newReference("#signature-value", fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
List<Object> xds = new ArrayList<Object>(2);
xds.add("CN=User");
xds.add(signingCert);
kits.add(kifac.newX509Data(xds));
KeyInfo ki = kifac.newKeyInfo(kits);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki, null, null, "signature-value");
Document doc = db.newDocument();
Element tbs1 = doc.createElementNS(null, "ToBeSigned");
Comment tbs1Com = doc.createComment(" comment ");
Element tbs1Data = doc.createElementNS(null, "Data");
Element tbs1ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs1rtbs = doc.createElementNS(null, "ReallyToBeSigned");
Comment tbs1rtbsCom = doc.createComment(" comment ");
Element tbs1rtbsData = doc.createElementNS(null, "Data");
tbs1rtbs.appendChild(tbs1rtbsCom);
tbs1rtbs.appendChild(tbs1rtbsData);
tbs1ntbs.appendChild(tbs1rtbs);
tbs1.appendChild(tbs1Com);
tbs1.appendChild(tbs1Data);
tbs1.appendChild(tbs1ntbs);
Element tbs2 = doc.createElementNS(null, "ToBeSigned");
Element tbs2Data = doc.createElementNS(null, "Data");
Element tbs2ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs2ntbsData = doc.createElementNS(null, "Data");
tbs2ntbs.appendChild(tbs2ntbsData);
tbs2.appendChild(tbs2Data);
tbs2.appendChild(tbs2ntbs);
Element document = doc.createElementNS(null, "Document");
document.appendChild(tbs1);
document.appendChild(tbs2);
doc.appendChild(document);
DOMSignContext dsc = new DOMSignContext(signingKey, document);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext(new KeySelectors.KeyValueKeySelector(), document.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Also used :
XMLStructure(javax.xml.crypto.XMLStructure)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
URIReference(javax.xml.crypto.URIReference)
URIReferenceException(javax.xml.crypto.URIReferenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
Example 15 with DOMSignContext
use of javax.xml.crypto.dsig.dom.DOMSignContext in project jdk8u_jdk by JetBrains.
the class GenerationTests method test_create_signature_with_empty_id.
static void test_create_signature_with_empty_id() throws Exception {
System.out.println("* Generating signature-with-empty-id.xml");
// create references
List<Reference> refs = Collections.singletonList(fac.newReference("#", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create object with empty id
Document doc = db.newDocument();
XMLObject obj = fac.newXMLObject(Collections.singletonList(new DOMStructure(doc.createTextNode("I am the text."))), "", "text/plain", null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa, Collections.singletonList(obj), "signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
sig.sign(dsc);
}
Also used :
URIReference(javax.xml.crypto.URIReference)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
Aggregations
DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)19
DOMValidateContext (javax.xml.crypto.dsig.dom.DOMValidateContext)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
URIReference (javax.xml.crypto.URIReference)8
URIReferenceException (javax.xml.crypto.URIReferenceException)8
XMLStructure (javax.xml.crypto.XMLStructure)6
SignedInfo (javax.xml.crypto.dsig.SignedInfo)6
Reference (javax.xml.crypto.dsig.Reference)5
XMLSignature (javax.xml.crypto.dsig.XMLSignature)5
KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)5
Key (java.security.Key)4
ArrayList (java.util.ArrayList)4
XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)4
Node (org.w3c.dom.Node)4
KeyInfoFactory (javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)3
C14NMethodParameterSpec (javax.xml.crypto.dsig.spec.C14NMethodParameterSpec)3
GeneralSecurityException (java.security.GeneralSecurityException)2
InvalidKeyException (java.security.InvalidKeyException)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
