Examples with KeyInfo javax.xml.crypto.dsig.keyinfo.KeyInfo used on opensource projects

Example 11 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project OpenOLAT by OpenOLAT.

the class XMLDigitalSignatureUtil method signEmbedded.

/**
 * Produce a signed a XML file. The signature is added in the XML file.
 *
 * @param xmlFile The original XML file
 * @param xmlSignedFile The signed XML file
 * @param x509Cert
 * @param privateKey
 * @throws IOException
 * @throws SAXException
 * @throws ParserConfigurationException
 * @throws NoSuchAlgorithmException
 * @throws GeneralSecurityException
 * @throws MarshalException
 * @throws XMLSignatureException
 * @throws TransformerException
 */
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<Transform>();
    Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    write(doc, xmlSignedFile);
}

Example 12 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project wildfly by wildfly.

the class TestServlet method signDocument.

private static void signDocument(final Document doc, final PrivateKey privateKey) throws Exception {
    final XMLSignatureFactory xsf = XMLSignatureFactory.getInstance("DOM");
    final Reference ref = xsf.newReference("", xsf.newDigestMethod(DigestMethod.SHA256, null), Collections.singletonList(xsf.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
    final SignedInfo si = xsf.newSignedInfo(xsf.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), xsf.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null), Collections.singletonList(ref));
    final KeyInfo ki = KeyInfoFactory.getInstance().newKeyInfo(Collections.singletonList(KeyInfoFactory.getInstance().newKeyName("dummy")));
    xsf.newXMLSignature(si, ki).sign(new DOMSignContext(privateKey, doc.getDocumentElement()));
}

Example 13 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project openolat by klemens.

the class XMLDigitalSignatureUtil method signDetached.

/**
 * Create a separate XML file with the XML Digital Signature.
 *
 * of the specified XML file.
 * @param xmlFile The XML File to sign
 * @param outputSignatureFile Where the Digital Signature is saved
 * @param signatureDoc A DOM which hold the signature (optional but if you give one, the root element must exists)
 * @throws ParserConfigurationException
 * @throws GeneralSecurityException
 * @throws NoSuchAlgorithmException
 * @throws XMLSignatureException
 * @throws MarshalException
 * @throws TransformerException
 */
public static void signDetached(String uri, File xmlFile, File outputSignatureFile, Document signatureDoc, String keyName, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<Transform>();
    // Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    // transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference(uri, sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    List<Object> keyInfoList = new ArrayList<>();
    if (StringHelper.containsNonWhitespace(keyName)) {
        keyInfoList.add(kif.newKeyName(keyName));
    }
    keyInfoList.add(xd);
    KeyInfo ki = kif.newKeyInfo(keyInfoList);
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    dsc.setBaseURI(uri);
    dsc.setURIDereferencer(new FileURIDereferencer(uri, xmlFile));
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    NodeList nl = doc.getElementsByTagName("Signature");
    if (nl.getLength() == 1) {
        if (signatureDoc != null && signatureDoc.getDocumentElement() != null) {
            Element rootEl = signatureDoc.getDocumentElement();
            rootEl.appendChild(signatureDoc.importNode(nl.item(0), true));
            write(rootEl, outputSignatureFile);
        } else {
            write(nl.item(0), outputSignatureFile);
        }
    }
}

Example 14 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project openolat by klemens.

the class XMLDigitalSignatureUtil method signEmbedded.

/**
 * Produce a signed a XML file. The signature is added in the XML file.
 *
 * @param xmlFile The original XML file
 * @param xmlSignedFile The signed XML file
 * @param x509Cert
 * @param privateKey
 * @throws IOException
 * @throws SAXException
 * @throws ParserConfigurationException
 * @throws NoSuchAlgorithmException
 * @throws GeneralSecurityException
 * @throws MarshalException
 * @throws XMLSignatureException
 * @throws TransformerException
 */
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<Transform>();
    Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    write(doc, xmlSignedFile);
}

Example 15 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project cxf by apache.

the class MetadataWriter method signMetaInfo.

private static Document signMetaInfo(X509Certificate signingCert, Key signingKey, Document doc, String referenceID) throws Exception {
    final String signatureMethod;
    if ("SHA1withDSA".equals(signingCert.getSigAlgName())) {
        signatureMethod = SignatureMethod.DSA_SHA1;
    } else if ("SHA1withRSA".equals(signingCert.getSigAlgName())) {
        signatureMethod = SignatureMethod.RSA_SHA1;
    } else if ("SHA256withRSA".equals(signingCert.getSigAlgName())) {
        signatureMethod = SignatureMethod.RSA_SHA1;
    } else {
        LOG.error("Unsupported signature method: " + signingCert.getSigAlgName());
        throw new RuntimeException("Unsupported signature method: " + signingCert.getSigAlgName());
    }
    List<Transform> transformList = Arrays.asList(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null), XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null));
    // Create a Reference to the enveloped document (in this case,
    // you are signing the whole document, so a URI of "" signifies
    // that, and also specify the SHA1 digest algorithm and
    // the ENVELOPED Transform.
    Reference ref = XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1, null), transformList, null, null);
    // Create the SignedInfo.
    SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), XML_SIGNATURE_FACTORY.newSignatureMethod(signatureMethod, null), Collections.singletonList(ref));
    // Create the KeyInfo containing the X509Data.
    KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
    List<Object> x509Content = Arrays.asList(signingCert.getSubjectX500Principal().getName(), signingCert);
    X509Data xd = kif.newX509Data(x509Content);
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
    // Create a DOMSignContext and specify the RSA PrivateKey and
    // location of the resulting XMLSignature's parent element.
    // DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
    DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
    dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
    dsc.setNextSibling(doc.getDocumentElement().getFirstChild());
    // Create the XMLSignature, but don't sign it yet.
    XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki);
    // Marshal, generate, and sign the enveloped signature.
    signature.sign(dsc);
    // Output the resulting document.
    return doc;
}