Search in sources :

Example 11 with XMLSignature

use of org.apache.xml.security.signature.XMLSignature in project OpenAM by OpenRock.

the class FMSigProvider method sign.

/**
     * Sign the xml document node whose identifying attribute value
     * is as supplied, using enveloped signatures and use exclusive xml
     * canonicalization. The resulting signature is inserted after the
     * first child node (normally Issuer element for SAML2) of the node
     * to be signed.
     * @param xmlString String representing an XML document to be signed
     * @param idValue id attribute value of the root node to be signed
     * @param privateKey Signing key
     * @param cert Certificate which contain the public key correlated to
     *             the signing key; It if is not null, then the signature
     *             will include the certificate; Otherwise, the signature
     *             will not include any certificate
     * @return Element representing the signature element
     * @throws SAML2Exception if the document could not be signed
     */
public Element sign(String xmlString, String idValue, PrivateKey privateKey, X509Certificate cert) throws SAML2Exception {
    String classMethod = "FMSigProvider.sign: ";
    if (xmlString == null || xmlString.length() == 0 || idValue == null || idValue.length() == 0 || privateKey == null) {
        SAML2SDKUtils.debug.error(classMethod + "Either input xml string or id value or " + "private key is null.");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    Document doc = XMLUtils.toDOMDocument(xmlString, SAML2SDKUtils.debug);
    if (doc == null) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
    }
    Element root = doc.getDocumentElement();
    XMLSignature sig = null;
    try {
        ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, SAMLConstants.PREFIX_DS);
    } catch (XMLSecurityException xse1) {
        throw new SAML2Exception(xse1);
    }
    root.setIdAttribute(SAML2Constants.ID, true);
    try {
        if ((sigAlg == null) || (sigAlg.trim().length() == 0)) {
            if (privateKey.getAlgorithm().equalsIgnoreCase(SAML2Constants.DSA)) {
                sigAlg = XMLSignature.ALGO_ID_SIGNATURE_DSA;
            } else {
                if (privateKey.getAlgorithm().equalsIgnoreCase(SAML2Constants.RSA)) {
                    sigAlg = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
                }
            }
        }
        sig = new XMLSignature(doc, "", sigAlg, c14nMethod);
    } catch (XMLSecurityException xse2) {
        throw new SAML2Exception(xse2);
    }
    Node firstChild = root.getFirstChild();
    while (firstChild != null && (firstChild.getLocalName() == null || !firstChild.getLocalName().equals("Issuer"))) {
        firstChild = firstChild.getNextSibling();
    }
    Node nextSibling = null;
    if (firstChild != null) {
        nextSibling = firstChild.getNextSibling();
    }
    if (nextSibling == null) {
        root.appendChild(sig.getElement());
    } else {
        root.insertBefore(sig.getElement(), nextSibling);
    }
    sig.getSignedInfo().addResourceResolver(new com.sun.identity.saml.xmlsig.OfflineResolver());
    Transforms transforms = new Transforms(doc);
    try {
        transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
    } catch (TransformationException te1) {
        throw new SAML2Exception(te1);
    }
    try {
        transforms.addTransform(transformAlg);
    } catch (TransformationException te2) {
        throw new SAML2Exception(te2);
    }
    String ref = "#" + idValue;
    try {
        sig.addDocument(ref, transforms, Constants.ALGO_ID_DIGEST_SHA1);
    } catch (XMLSignatureException sige1) {
        throw new SAML2Exception(sige1);
    }
    if (cert != null) {
        try {
            sig.addKeyInfo(cert);
        } catch (XMLSecurityException xse3) {
            throw new SAML2Exception(xse3);
        }
    }
    try {
        sig.sign(privateKey);
    } catch (XMLSignatureException sige2) {
        throw new SAML2Exception(sige2);
    }
    if (SAML2SDKUtils.debug.messageEnabled()) {
        SAML2SDKUtils.debug.message(classMethod + "Signing is successful.");
    }
    return sig.getElement();
}
Also used : TransformationException(org.apache.xml.security.transforms.TransformationException) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) Transforms(org.apache.xml.security.transforms.Transforms) Document(org.w3c.dom.Document) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) XMLSignature(org.apache.xml.security.signature.XMLSignature) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)

Aggregations

XMLSignature (org.apache.xml.security.signature.XMLSignature)11 TransformerException (javax.xml.transform.TransformerException)8 KeyInfo (org.apache.xml.security.keys.KeyInfo)7 Transforms (org.apache.xml.security.transforms.Transforms)6 Element (org.w3c.dom.Element)4 X509Certificate (java.security.cert.X509Certificate)3 Node (org.w3c.dom.Node)3 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 PublicKey (java.security.PublicKey)2 JAXBException (javax.xml.bind.JAXBException)2 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2 StorageResolver (org.apache.xml.security.keys.storage.StorageResolver)2 KeyStoreResolver (org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)2 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)2 org.w3c.dom (org.w3c.dom)2 Document (org.w3c.dom.Document)2 NodeList (org.w3c.dom.NodeList)2 XMLSignatureException (com.sun.identity.saml.xmlsig.XMLSignatureException)1 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)1 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)1