Search in sources :

Example 11 with KeyInfoFactory

use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project openolat by klemens.

the class XMLDigitalSignatureUtil method signDetached.

/**
 * Create a separate XML file with the XML Digital Signature.
 *
 * of the specified XML file.
 * @param xmlFile The XML File to sign
 * @param outputSignatureFile Where the Digital Signature is saved
 * @param signatureDoc A DOM which hold the signature (optional but if you give one, the root element must exists)
 * @throws ParserConfigurationException
 * @throws GeneralSecurityException
 * @throws NoSuchAlgorithmException
 * @throws XMLSignatureException
 * @throws MarshalException
 * @throws TransformerException
 */
public static void signDetached(String uri, File xmlFile, File outputSignatureFile, Document signatureDoc, String keyName, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<Transform>();
    // Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    // transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference(uri, sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    List<Object> keyInfoList = new ArrayList<>();
    if (StringHelper.containsNonWhitespace(keyName)) {
        keyInfoList.add(kif.newKeyName(keyName));
    }
    keyInfoList.add(xd);
    KeyInfo ki = kif.newKeyInfo(keyInfoList);
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    dsc.setBaseURI(uri);
    dsc.setURIDereferencer(new FileURIDereferencer(uri, xmlFile));
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    NodeList nl = doc.getElementsByTagName("Signature");
    if (nl.getLength() == 1) {
        if (signatureDoc != null && signatureDoc.getDocumentElement() != null) {
            Element rootEl = signatureDoc.getDocumentElement();
            rootEl.appendChild(signatureDoc.importNode(nl.item(0), true));
            write(rootEl, outputSignatureFile);
        } else {
            write(nl.item(0), outputSignatureFile);
        }
    }
}
Also used : XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory) URIReference(javax.xml.crypto.URIReference) Reference(javax.xml.crypto.dsig.Reference) Node(org.w3c.dom.Node) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod) Document(org.w3c.dom.Document) X509Data(javax.xml.crypto.dsig.keyinfo.X509Data) SignedInfo(javax.xml.crypto.dsig.SignedInfo) KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext) XMLSignature(javax.xml.crypto.dsig.XMLSignature) Transform(javax.xml.crypto.dsig.Transform)

Example 12 with KeyInfoFactory

use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project openolat by klemens.

the class XMLDigitalSignatureUtil method signEmbedded.

/**
 * Produce a signed a XML file. The signature is added in the XML file.
 *
 * @param xmlFile The original XML file
 * @param xmlSignedFile The signed XML file
 * @param x509Cert
 * @param privateKey
 * @throws IOException
 * @throws SAXException
 * @throws ParserConfigurationException
 * @throws NoSuchAlgorithmException
 * @throws GeneralSecurityException
 * @throws MarshalException
 * @throws XMLSignatureException
 * @throws TransformerException
 */
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<Transform>();
    Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    write(doc, xmlSignedFile);
}
Also used : XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory) URIReference(javax.xml.crypto.URIReference) Reference(javax.xml.crypto.dsig.Reference) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod) Document(org.w3c.dom.Document) X509Data(javax.xml.crypto.dsig.keyinfo.X509Data) SignedInfo(javax.xml.crypto.dsig.SignedInfo) KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext) XMLSignature(javax.xml.crypto.dsig.XMLSignature) Transform(javax.xml.crypto.dsig.Transform)

Example 13 with KeyInfoFactory

use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project keycloak by keycloak.

the class XMLSignatureUtil method createKeyInfo.

private static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException {
    KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
    List<XMLStructure> items = new LinkedList<>();
    if (keyName != null) {
        items.add(keyInfoFactory.newKeyName(keyName));
    }
    if (x509Certificate != null) {
        items.add(keyInfoFactory.newX509Data(Collections.singletonList(x509Certificate)));
    }
    if (publicKey != null) {
        items.add(keyInfoFactory.newKeyValue(publicKey));
    }
    return keyInfoFactory.newKeyInfo(items);
}
Also used : XMLStructure(javax.xml.crypto.XMLStructure) LinkedList(java.util.LinkedList) KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)

Example 14 with KeyInfoFactory

use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project OpenOLAT by OpenOLAT.

the class XMLDigitalSignatureUtil method signEmbedded.

/**
 * Produce a signed a XML file. The signature is added in the XML file.
 *
 * @param xmlFile The original XML file
 * @param xmlSignedFile The signed XML file
 * @param x509Cert
 * @param privateKey
 * @throws IOException
 * @throws SAXException
 * @throws ParserConfigurationException
 * @throws NoSuchAlgorithmException
 * @throws GeneralSecurityException
 * @throws MarshalException
 * @throws XMLSignatureException
 * @throws TransformerException
 */
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
    Document doc = getDocument(xmlFile);
    // Create the signature factory for creating the signature.
    XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
    List<Transform> transforms = new ArrayList<>();
    Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    transforms.add(envelopped);
    // Create the canonicalization transform to be applied after the XSLT.
    CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
    transforms.add(c14n);
    // Create the Reference to the XML to be signed specifying the hash algorithm to be used
    // and the list of transforms to apply. Also specify the XML to be signed as the current
    // document (specified by the first parameter being an empty string).
    Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
    // Create the Signed Info node of the signature by specifying the canonicalization method
    // to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
    SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
    // Create the KeyInfo node containing the public key information to include in the signature.
    KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
    X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
    // Get the node to attach the signature.
    Node signatureInfoNode = doc.getDocumentElement();
    // Create a signing context using the private key.
    DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
    // Create the signature from the signing context and key info
    XMLSignature signature = sigFactory.newXMLSignature(si, ki);
    signature.sign(dsc);
    write(doc, xmlSignedFile);
}
Also used : XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory) URIReference(javax.xml.crypto.URIReference) Reference(javax.xml.crypto.dsig.Reference) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod) Document(org.w3c.dom.Document) X509Data(javax.xml.crypto.dsig.keyinfo.X509Data) SignedInfo(javax.xml.crypto.dsig.SignedInfo) KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext) XMLSignature(javax.xml.crypto.dsig.XMLSignature) Transform(javax.xml.crypto.dsig.Transform)

Example 15 with KeyInfoFactory

use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project cxf by apache.

the class RequestParser method parseKeyInfoElement.

/**
 * Parse the KeyInfo Element to return a ReceivedCredential object containing the found certificate or
 * public key.
 */
private static ReceivedCredential parseKeyInfoElement(Element keyInfoElement) throws STSException {
    KeyInfoFactory keyInfoFactory;
    try {
        keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
    } catch (NoSuchProviderException ex) {
        keyInfoFactory = KeyInfoFactory.getInstance("DOM");
    }
    try {
        KeyInfo keyInfo = keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
        List<?> list = keyInfo.getContent();
        for (int i = 0; i < list.size(); i++) {
            if (list.get(i) instanceof KeyValue) {
                KeyValue keyValue = (KeyValue) list.get(i);
                ReceivedCredential receivedKey = new ReceivedCredential();
                receivedKey.setPublicKey(keyValue.getPublicKey());
                return receivedKey;
            } else if (list.get(i) instanceof X509Certificate) {
                ReceivedCredential receivedKey = new ReceivedCredential();
                receivedKey.setX509Cert((X509Certificate) list.get(i));
                return receivedKey;
            } else if (list.get(i) instanceof X509Data) {
                X509Data x509Data = (X509Data) list.get(i);
                for (int j = 0; j < x509Data.getContent().size(); j++) {
                    if (x509Data.getContent().get(j) instanceof X509Certificate) {
                        ReceivedCredential receivedKey = new ReceivedCredential();
                        receivedKey.setX509Cert((X509Certificate) x509Data.getContent().get(j));
                        return receivedKey;
                    }
                }
            }
        }
    } catch (MarshalException | KeyException e) {
        LOG.log(Level.WARNING, "", e);
        throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
    }
    return null;
}
Also used : MarshalException(javax.xml.crypto.MarshalException) KeyValue(javax.xml.crypto.dsig.keyinfo.KeyValue) STSException(org.apache.cxf.ws.security.sts.provider.STSException) X509Data(javax.xml.crypto.dsig.keyinfo.X509Data) X509Certificate(java.security.cert.X509Certificate) KeyException(java.security.KeyException) KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) DOMStructure(javax.xml.crypto.dom.DOMStructure) NoSuchProviderException(java.security.NoSuchProviderException)

Aggregations

KeyInfoFactory (javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)26 DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)20 KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)20 SignedInfo (javax.xml.crypto.dsig.SignedInfo)17 XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)16 X509Data (javax.xml.crypto.dsig.keyinfo.X509Data)16 Reference (javax.xml.crypto.dsig.Reference)15 XMLSignature (javax.xml.crypto.dsig.XMLSignature)14 Document (org.w3c.dom.Document)13 C14NMethodParameterSpec (javax.xml.crypto.dsig.spec.C14NMethodParameterSpec)12 ArrayList (java.util.ArrayList)11 Element (org.w3c.dom.Element)11 X509Certificate (java.security.cert.X509Certificate)9 KeyValue (javax.xml.crypto.dsig.keyinfo.KeyValue)9 CanonicalizationMethod (javax.xml.crypto.dsig.CanonicalizationMethod)8 Transform (javax.xml.crypto.dsig.Transform)8 DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)8 DocumentBuilder (javax.xml.parsers.DocumentBuilder)7 Node (org.w3c.dom.Node)7 NodeList (org.w3c.dom.NodeList)7