use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project openolat by klemens.
the class XMLDigitalSignatureUtil method signDetached.
/**
* Create a separate XML file with the XML Digital Signature.
*
* of the specified XML file.
* @param xmlFile The XML File to sign
* @param outputSignatureFile Where the Digital Signature is saved
* @param signatureDoc A DOM which hold the signature (optional but if you give one, the root element must exists)
* @throws ParserConfigurationException
* @throws GeneralSecurityException
* @throws NoSuchAlgorithmException
* @throws XMLSignatureException
* @throws MarshalException
* @throws TransformerException
*/
public static void signDetached(String uri, File xmlFile, File outputSignatureFile, Document signatureDoc, String keyName, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
Document doc = getDocument(xmlFile);
// Create the signature factory for creating the signature.
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
List<Transform> transforms = new ArrayList<Transform>();
// Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
// transforms.add(envelopped);
// Create the canonicalization transform to be applied after the XSLT.
CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
transforms.add(c14n);
// Create the Reference to the XML to be signed specifying the hash algorithm to be used
// and the list of transforms to apply. Also specify the XML to be signed as the current
// document (specified by the first parameter being an empty string).
Reference reference = sigFactory.newReference(uri, sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
// Create the Signed Info node of the signature by specifying the canonicalization method
// to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
// Create the KeyInfo node containing the public key information to include in the signature.
KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
List<Object> keyInfoList = new ArrayList<>();
if (StringHelper.containsNonWhitespace(keyName)) {
keyInfoList.add(kif.newKeyName(keyName));
}
keyInfoList.add(xd);
KeyInfo ki = kif.newKeyInfo(keyInfoList);
// Get the node to attach the signature.
Node signatureInfoNode = doc.getDocumentElement();
// Create a signing context using the private key.
DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
dsc.setBaseURI(uri);
dsc.setURIDereferencer(new FileURIDereferencer(uri, xmlFile));
// Create the signature from the signing context and key info
XMLSignature signature = sigFactory.newXMLSignature(si, ki);
signature.sign(dsc);
NodeList nl = doc.getElementsByTagName("Signature");
if (nl.getLength() == 1) {
if (signatureDoc != null && signatureDoc.getDocumentElement() != null) {
Element rootEl = signatureDoc.getDocumentElement();
rootEl.appendChild(signatureDoc.importNode(nl.item(0), true));
write(rootEl, outputSignatureFile);
} else {
write(nl.item(0), outputSignatureFile);
}
}
}
use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project openolat by klemens.
the class XMLDigitalSignatureUtil method signEmbedded.
/**
* Produce a signed a XML file. The signature is added in the XML file.
*
* @param xmlFile The original XML file
* @param xmlSignedFile The signed XML file
* @param x509Cert
* @param privateKey
* @throws IOException
* @throws SAXException
* @throws ParserConfigurationException
* @throws NoSuchAlgorithmException
* @throws GeneralSecurityException
* @throws MarshalException
* @throws XMLSignatureException
* @throws TransformerException
*/
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, NoSuchAlgorithmException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
Document doc = getDocument(xmlFile);
// Create the signature factory for creating the signature.
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
List<Transform> transforms = new ArrayList<Transform>();
Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
transforms.add(envelopped);
// Create the canonicalization transform to be applied after the XSLT.
CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
transforms.add(c14n);
// Create the Reference to the XML to be signed specifying the hash algorithm to be used
// and the list of transforms to apply. Also specify the XML to be signed as the current
// document (specified by the first parameter being an empty string).
Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
// Create the Signed Info node of the signature by specifying the canonicalization method
// to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
// Create the KeyInfo node containing the public key information to include in the signature.
KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
// Get the node to attach the signature.
Node signatureInfoNode = doc.getDocumentElement();
// Create a signing context using the private key.
DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
// Create the signature from the signing context and key info
XMLSignature signature = sigFactory.newXMLSignature(si, ki);
signature.sign(dsc);
write(doc, xmlSignedFile);
}
use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project keycloak by keycloak.
the class XMLSignatureUtil method createKeyInfo.
private static KeyInfo createKeyInfo(String keyName, PublicKey publicKey, X509Certificate x509Certificate) throws KeyException {
KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
List<XMLStructure> items = new LinkedList<>();
if (keyName != null) {
items.add(keyInfoFactory.newKeyName(keyName));
}
if (x509Certificate != null) {
items.add(keyInfoFactory.newX509Data(Collections.singletonList(x509Certificate)));
}
if (publicKey != null) {
items.add(keyInfoFactory.newKeyValue(publicKey));
}
return keyInfoFactory.newKeyInfo(items);
}
use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project OpenOLAT by OpenOLAT.
the class XMLDigitalSignatureUtil method signEmbedded.
/**
* Produce a signed a XML file. The signature is added in the XML file.
*
* @param xmlFile The original XML file
* @param xmlSignedFile The signed XML file
* @param x509Cert
* @param privateKey
* @throws IOException
* @throws SAXException
* @throws ParserConfigurationException
* @throws NoSuchAlgorithmException
* @throws GeneralSecurityException
* @throws MarshalException
* @throws XMLSignatureException
* @throws TransformerException
*/
public static void signEmbedded(File xmlFile, File xmlSignedFile, X509Certificate x509Cert, PrivateKey privateKey) throws IOException, SAXException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException, TransformerException {
Document doc = getDocument(xmlFile);
// Create the signature factory for creating the signature.
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
List<Transform> transforms = new ArrayList<>();
Transform envelopped = sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
transforms.add(envelopped);
// Create the canonicalization transform to be applied after the XSLT.
CanonicalizationMethod c14n = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
transforms.add(c14n);
// Create the Reference to the XML to be signed specifying the hash algorithm to be used
// and the list of transforms to apply. Also specify the XML to be signed as the current
// document (specified by the first parameter being an empty string).
Reference reference = sigFactory.newReference("", sigFactory.newDigestMethod(DigestMethod.SHA256, null), transforms, null, null);
// Create the Signed Info node of the signature by specifying the canonicalization method
// to use (INCLUSIVE), the signing method (RSA_SHA1), and the Reference node to be signed.
SignedInfo si = sigFactory.newSignedInfo(c14n, sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
// Create the KeyInfo node containing the public key information to include in the signature.
KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
X509Data xd = kif.newX509Data(Collections.singletonList(x509Cert));
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
// Get the node to attach the signature.
Node signatureInfoNode = doc.getDocumentElement();
// Create a signing context using the private key.
DOMSignContext dsc = new DOMSignContext(privateKey, signatureInfoNode);
// Create the signature from the signing context and key info
XMLSignature signature = sigFactory.newXMLSignature(si, ki);
signature.sign(dsc);
write(doc, xmlSignedFile);
}
use of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory in project cxf by apache.
the class RequestParser method parseKeyInfoElement.
/**
* Parse the KeyInfo Element to return a ReceivedCredential object containing the found certificate or
* public key.
*/
private static ReceivedCredential parseKeyInfoElement(Element keyInfoElement) throws STSException {
KeyInfoFactory keyInfoFactory;
try {
keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
} catch (NoSuchProviderException ex) {
keyInfoFactory = KeyInfoFactory.getInstance("DOM");
}
try {
KeyInfo keyInfo = keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
List<?> list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
if (list.get(i) instanceof KeyValue) {
KeyValue keyValue = (KeyValue) list.get(i);
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setPublicKey(keyValue.getPublicKey());
return receivedKey;
} else if (list.get(i) instanceof X509Certificate) {
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setX509Cert((X509Certificate) list.get(i));
return receivedKey;
} else if (list.get(i) instanceof X509Data) {
X509Data x509Data = (X509Data) list.get(i);
for (int j = 0; j < x509Data.getContent().size(); j++) {
if (x509Data.getContent().get(j) instanceof X509Certificate) {
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setX509Cert((X509Certificate) x509Data.getContent().get(j));
return receivedKey;
}
}
}
}
} catch (MarshalException | KeyException e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
return null;
}
Aggregations