Example 1 with KeyValue
use of javax.xml.crypto.dsig.keyinfo.KeyValue in project poi by apache.
the class KeyInfoSignatureFacet method postSign.
@Override
public void postSign(Document document) throws MarshalException {
LOG.log(POILogger.DEBUG, "postSign");
NodeList nl = document.getElementsByTagNameNS(XML_DIGSIG_NS, "Object");
/*
* Make sure we insert right after the ds:SignatureValue element, just
* before the first ds:Object element.
*/
Node nextSibling = (nl.getLength() == 0) ? null : nl.item(0);
/*
* Construct the ds:KeyInfo element using JSR 105.
*/
KeyInfoFactory keyInfoFactory = signatureConfig.getKeyInfoFactory();
List<Object> x509DataObjects = new ArrayList<Object>();
X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0);
List<XMLStructure> keyInfoContent = new ArrayList<XMLStructure>();
if (signatureConfig.isIncludeKeyValue()) {
KeyValue keyValue;
try {
keyValue = keyInfoFactory.newKeyValue(signingCertificate.getPublicKey());
} catch (KeyException e) {
throw new RuntimeException("key exception: " + e.getMessage(), e);
}
keyInfoContent.add(keyValue);
}
if (signatureConfig.isIncludeIssuerSerial()) {
x509DataObjects.add(keyInfoFactory.newX509IssuerSerial(signingCertificate.getIssuerX500Principal().toString(), signingCertificate.getSerialNumber()));
}
if (signatureConfig.isIncludeEntireCertificateChain()) {
x509DataObjects.addAll(signatureConfig.getSigningCertificateChain());
} else {
x509DataObjects.add(signingCertificate);
}
if (!x509DataObjects.isEmpty()) {
X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects);
keyInfoContent.add(x509Data);
}
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent);
DOMKeyInfo domKeyInfo = (DOMKeyInfo) keyInfo;
Key key = new Key() {
private static final long serialVersionUID = 1L;
public String getAlgorithm() {
return null;
}
public byte[] getEncoded() {
return null;
}
public String getFormat() {
return null;
}
};
Element n = document.getDocumentElement();
DOMSignContext domSignContext = (nextSibling == null) ? new DOMSignContext(key, n) : new DOMSignContext(key, n, nextSibling);
for (Map.Entry<String, String> me : signatureConfig.getNamespacePrefixes().entrySet()) {
domSignContext.putNamespacePrefix(me.getKey(), me.getValue());
}
DOMStructure domStructure = new DOMStructure(n);
domKeyInfo.marshal(domStructure, domSignContext);
// move keyinfo into the right place
if (nextSibling != null) {
NodeList kiNl = document.getElementsByTagNameNS(XML_DIGSIG_NS, "KeyInfo");
if (kiNl.getLength() != 1) {
throw new RuntimeException("KeyInfo wasn't set");
}
nextSibling.getParentNode().insertBefore(kiNl.item(0), nextSibling);
}
}
Also used :
KeyValue(javax.xml.crypto.dsig.keyinfo.KeyValue)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
XMLStructure(javax.xml.crypto.XMLStructure)
X509Data(javax.xml.crypto.dsig.keyinfo.X509Data)
X509Certificate(java.security.cert.X509Certificate)
KeyException(java.security.KeyException)
KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)
KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo)
DOMKeyInfo(org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
DOMKeyInfo(org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo)
DOMStructure(javax.xml.crypto.dom.DOMStructure)
Map(java.util.Map)
Key(java.security.Key)
Example 2 with KeyValue
use of javax.xml.crypto.dsig.keyinfo.KeyValue in project cas by apereo.
the class AbstractSamlObjectBuilder method signSamlElement.
/**
* Sign SAML element.
*
* @param element the element
* @param privKey the priv key
* @param pubKey the pub key
* @return the element
*/
private static org.jdom.Element signSamlElement(final org.jdom.Element element, final PrivateKey privKey, final PublicKey pubKey) {
try {
final String providerName = System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS);
final Class<?> clazz = Class.forName(providerName);
final XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM", (Provider) clazz.getDeclaredConstructor().newInstance());
final List<Transform> envelopedTransform = CollectionUtils.wrap(sigFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
final Reference ref = sigFactory.newReference(StringUtils.EMPTY, sigFactory.newDigestMethod(DigestMethod.SHA1, null), envelopedTransform, null, null);
// Create the SignatureMethod based on the type of key
final SignatureMethod signatureMethod;
final String algorithm = pubKey.getAlgorithm();
switch(algorithm) {
case "DSA":
signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null);
break;
case "RSA":
signatureMethod = sigFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
break;
default:
throw new IllegalArgumentException("Error signing SAML element: Unsupported type of key");
}
final CanonicalizationMethod canonicalizationMethod = sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null);
// Create the SignedInfo
final SignedInfo signedInfo = sigFactory.newSignedInfo(canonicalizationMethod, signatureMethod, CollectionUtils.wrap(ref));
// Create a KeyValue containing the DSA or RSA PublicKey
final KeyInfoFactory keyInfoFactory = sigFactory.getKeyInfoFactory();
final KeyValue keyValuePair = keyInfoFactory.newKeyValue(pubKey);
// Create a KeyInfo and add the KeyValue to it
final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(CollectionUtils.wrap(keyValuePair));
// Convert the JDOM document to w3c (Java XML signature API requires w3c representation)
final Element w3cElement = toDom(element);
// Create a DOMSignContext and specify the DSA/RSA PrivateKey and
// location of the resulting XMLSignature's parent element
final DOMSignContext dsc = new DOMSignContext(privKey, w3cElement);
final Node xmlSigInsertionPoint = getXmlSignatureInsertLocation(w3cElement);
dsc.setNextSibling(xmlSigInsertionPoint);
// Marshal, generate (and sign) the enveloped signature
final XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo);
signature.sign(dsc);
return toJdom(w3cElement);
} catch (final Exception e) {
throw new IllegalArgumentException("Error signing SAML element: " + e.getMessage(), e);
}
}
Also used :
XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory)
KeyValue(javax.xml.crypto.dsig.keyinfo.KeyValue)
Reference(javax.xml.crypto.dsig.Reference)
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod)
SignedInfo(javax.xml.crypto.dsig.SignedInfo)
KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)
KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo)
DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
TransformParameterSpec(javax.xml.crypto.dsig.spec.TransformParameterSpec)
SignatureMethod(javax.xml.crypto.dsig.SignatureMethod)
Transform(javax.xml.crypto.dsig.Transform)
Example 3 with KeyValue
use of javax.xml.crypto.dsig.keyinfo.KeyValue in project cxf by apache.
the class RequestParser method parseKeyInfoElement.
/**
* Parse the KeyInfo Element to return a ReceivedCredential object containing the found certificate or
* public key.
*/
private static ReceivedCredential parseKeyInfoElement(Element keyInfoElement) throws STSException {
KeyInfoFactory keyInfoFactory;
try {
keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
} catch (NoSuchProviderException ex) {
keyInfoFactory = KeyInfoFactory.getInstance("DOM");
}
try {
KeyInfo keyInfo = keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
List<?> list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
if (list.get(i) instanceof KeyValue) {
KeyValue keyValue = (KeyValue) list.get(i);
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setPublicKey(keyValue.getPublicKey());
return receivedKey;
} else if (list.get(i) instanceof X509Certificate) {
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setX509Cert((X509Certificate) list.get(i));
return receivedKey;
} else if (list.get(i) instanceof X509Data) {
X509Data x509Data = (X509Data) list.get(i);
for (int j = 0; j < x509Data.getContent().size(); j++) {
if (x509Data.getContent().get(j) instanceof X509Certificate) {
ReceivedCredential receivedKey = new ReceivedCredential();
receivedKey.setX509Cert((X509Certificate) x509Data.getContent().get(j));
return receivedKey;
}
}
}
}
} catch (MarshalException | KeyException e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
return null;
}
Also used :
MarshalException(javax.xml.crypto.MarshalException)
KeyValue(javax.xml.crypto.dsig.keyinfo.KeyValue)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
X509Data(javax.xml.crypto.dsig.keyinfo.X509Data)
X509Certificate(java.security.cert.X509Certificate)
KeyException(java.security.KeyException)
KeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)
KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo)
DOMStructure(javax.xml.crypto.dom.DOMStructure)
NoSuchProviderException(java.security.NoSuchProviderException)
Aggregations
KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)3
KeyInfoFactory (javax.xml.crypto.dsig.keyinfo.KeyInfoFactory)3
KeyValue (javax.xml.crypto.dsig.keyinfo.KeyValue)3
KeyException (java.security.KeyException)2
X509Certificate (java.security.cert.X509Certificate)2
DOMStructure (javax.xml.crypto.dom.DOMStructure)2
DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)2
X509Data (javax.xml.crypto.dsig.keyinfo.X509Data)2
Element (org.w3c.dom.Element)2
Node (org.w3c.dom.Node)2
Key (java.security.Key)1
NoSuchProviderException (java.security.NoSuchProviderException)1
ArrayList (java.util.ArrayList)1
Map (java.util.Map)1
MarshalException (javax.xml.crypto.MarshalException)1
XMLStructure (javax.xml.crypto.XMLStructure)1
CanonicalizationMethod (javax.xml.crypto.dsig.CanonicalizationMethod)1
Reference (javax.xml.crypto.dsig.Reference)1
SignatureMethod (javax.xml.crypto.dsig.SignatureMethod)1
SignedInfo (javax.xml.crypto.dsig.SignedInfo)1
