Search in sources :

Example 1 with SignerOutputStream

use of org.apache.xml.security.utils.SignerOutputStream in project santuario-java by apache.

the class XMLSignature method sign.

/**
 * Digests all References in the SignedInfo, calculates the signature value
 * and sets it in the SignatureValue Element.
 *
 * @param signingKey the {@link java.security.PrivateKey} or
 * {@link javax.crypto.SecretKey} that is used to sign.
 * @throws XMLSignatureException
 */
public void sign(Key signingKey) throws XMLSignatureException {
    if (signingKey instanceof PublicKey) {
        throw new IllegalArgumentException(I18n.translate("algorithms.operationOnlyVerification"));
    }
    // Create a SignatureAlgorithm object
    SignedInfo si = this.getSignedInfo();
    SignatureAlgorithm sa = si.getSignatureAlgorithm();
    try (SignerOutputStream output = new SignerOutputStream(sa);
        OutputStream so = new UnsyncBufferedOutputStream(output)) {
        // generate digest values for all References in this SignedInfo
        si.generateDigestValues();
        // initialize SignatureAlgorithm for signing
        sa.initSign(signingKey);
        // get the canonicalized bytes from SignedInfo
        si.signInOctetStream(so);
        // set them on the SignatureValue element
        this.setSignatureValueElement(sa.sign());
    } catch (XMLSignatureException ex) {
        throw ex;
    } catch (CanonicalizationException ex) {
        throw new XMLSignatureException(ex);
    } catch (InvalidCanonicalizerException ex) {
        throw new XMLSignatureException(ex);
    } catch (XMLSecurityException ex) {
        throw new XMLSignatureException(ex);
    } catch (IOException ex) {
        throw new XMLSignatureException(ex);
    }
}
Also used : SignerOutputStream(org.apache.xml.security.utils.SignerOutputStream) PublicKey(java.security.PublicKey) CanonicalizationException(org.apache.xml.security.c14n.CanonicalizationException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) SignerOutputStream(org.apache.xml.security.utils.SignerOutputStream) OutputStream(java.io.OutputStream) UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream) SignatureAlgorithm(org.apache.xml.security.algorithms.SignatureAlgorithm) IOException(java.io.IOException) UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 2 with SignerOutputStream

use of org.apache.xml.security.utils.SignerOutputStream in project santuario-java by apache.

the class XMLSignature method checkSignatureValue.

/**
 * Verifies if the signature is valid by redigesting all References,
 * comparing those against the stored DigestValues and then checking to see
 * if the Signatures match on the SignedInfo.
 *
 * @param pk {@link java.security.PublicKey} part of the keypair or
 * {@link javax.crypto.SecretKey} that was used to sign
 * @return true if the signature is valid, false otherwise
 * @throws XMLSignatureException
 */
public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
    // check to see if the key is not null
    if (pk == null) {
        Object[] exArgs = { "Didn't get a key" };
        throw new XMLSignatureException("empty", exArgs);
    }
    // References inside a Manifest.
    try {
        SignedInfo si = this.getSignedInfo();
        // create a SignatureAlgorithms from the SignatureMethod inside
        // SignedInfo. This is used to validate the signature.
        SignatureAlgorithm sa = si.getSignatureAlgorithm();
        LOG.debug("signatureMethodURI = {}", sa.getAlgorithmURI());
        LOG.debug("jceSigAlgorithm = {}", sa.getJCEAlgorithmString());
        LOG.debug("jceSigProvider = {}", sa.getJCEProviderName());
        LOG.debug("PublicKey = {}", pk);
        byte[] sigBytes = null;
        try (SignerOutputStream so = new SignerOutputStream(sa);
            OutputStream bos = new UnsyncBufferedOutputStream(so)) {
            sa.initVerify(pk);
            // Get the canonicalized (normalized) SignedInfo
            si.signInOctetStream(bos);
            // retrieve the byte[] from the stored signature
            sigBytes = this.getSignatureValue();
        } catch (IOException ex) {
            LOG.debug(ex.getMessage(), ex);
        // Impossible...
        } catch (XMLSecurityException ex) {
            throw ex;
        }
        // the bytes that were stored in the signature.
        if (!sa.verify(sigBytes)) {
            LOG.warn("Signature verification failed.");
            return false;
        }
        return si.verify(this.followManifestsDuringValidation);
    } catch (XMLSignatureException ex) {
        throw ex;
    } catch (XMLSecurityException ex) {
        throw new XMLSignatureException(ex);
    }
}
Also used : SignerOutputStream(org.apache.xml.security.utils.SignerOutputStream) SignerOutputStream(org.apache.xml.security.utils.SignerOutputStream) OutputStream(java.io.OutputStream) UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream) SignatureAlgorithm(org.apache.xml.security.algorithms.SignatureAlgorithm) IOException(java.io.IOException) UnsyncBufferedOutputStream(org.apache.xml.security.utils.UnsyncBufferedOutputStream) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Aggregations

IOException (java.io.IOException)2 OutputStream (java.io.OutputStream)2 SignatureAlgorithm (org.apache.xml.security.algorithms.SignatureAlgorithm)2 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2 SignerOutputStream (org.apache.xml.security.utils.SignerOutputStream)2 UnsyncBufferedOutputStream (org.apache.xml.security.utils.UnsyncBufferedOutputStream)2 PublicKey (java.security.PublicKey)1 CanonicalizationException (org.apache.xml.security.c14n.CanonicalizationException)1 InvalidCanonicalizerException (org.apache.xml.security.c14n.InvalidCanonicalizerException)1