Package javax.xml.crypto.dsig

Examples of javax.xml.crypto.dsig.Reference


   * @return a {@link Document} object.
   */
  public Document sign( @Nonnull Document xmlDocument ) {
    try {
      @Nonnull String elementName = xmlDocument.getFirstChild().getNodeName();
      Reference ref = SIGNATURE_FACTORY.newReference( '#' + elementName, SIGNATURE_FACTORY.newDigestMethod( DigestMethod.SHA256, null ) );

      Node invoice = xmlDocument.getDocumentElement();
      XMLStructure content = new DOMStructure( invoice );
      XMLObject obj = SIGNATURE_FACTORY.newXMLObject( Collections.singletonList( content ), elementName, null, null );

View Full Code Here


    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    // Step 2: Decide on a digest method and create the reference object. We
    // use the XMLSignatureFactory instance created in the first step to
    // create both the DigestMethod and Reference objects.
    Reference ref = fac.newReference("#invoice", fac.newDigestMethod(DigestMethod.SHA256, null));

    // Step 3: Load invoice.xml and wrap it in an XMLObject object. Not all
    // signature generation processes require this step. XMLObject in
    // JSR-105 models the optional Object element we briefly discussed
    // before.
View Full Code Here

    // generate the enveloped signature.
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    // Step 2 : Create a Reference to a remote PDF file
    // and also specify the SHA256 digest algorithm
    Reference ref = fac.newReference("http://www.actstudent.org/plan/pdf/sample.pdf", fac.newDigestMethod(DigestMethod.SHA256, null));

    // Step 3 : Create the SignedInfo.
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null),
        fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref));
View Full Code Here

    // Step 2 : Create a Reference to the enveloped document (in this case,
    // you are signing the whole document, so a URI of "" signifies
    // that, and also specify the SHA256 digest algorithm and
    // the ENVELOPED Transform.
    Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA256, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null,
        null);

    // Step 3 : Create the SignedInfo.
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
        Collections.singletonList(ref));
View Full Code Here

        policy.isBSP(isBSP);
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding )policy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm());
        Iterator itr = referencesList.iterator();
        while(itr.hasNext()){
            Reference ref = (Reference) itr.next();
            SignatureTarget.Transform transform = getSignatureTransform(ref);
            SignatureTarget target = new SignatureTarget();
            target.isBSP(isBSP);
            if(transform != null){
                target.addTransform(transform);
            }
            target.setDigestAlgorithm(ref.getDigestMethod().getAlgorithm());
      if(ref.getURI().length() >0){
               target.setValue(SecurableSoapMessage.getIdFromFragmentRef(ref.getURI()));
      }else{
               target.setValue(ref.getURI());
      }
            target.setType(SignatureTarget.TARGET_TYPE_VALUE_URI);
            featureBinding.addTargetBinding(target);
        }
    }
View Full Code Here

        //policy.isBSP(isBSP);
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding )policy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm());
        Iterator itr = referencesList.iterator();
        while(itr.hasNext()){
            Reference ref = (Reference) itr.next();
            SignatureTarget.Transform transform = getSignatureTransform(ref);
            SignatureTarget target = new SignatureTarget();
            //target.isBSP(isBSP);
            if(transform != null){
                target.addTransform(transform);
            }
            target.setDigestAlgorithm(ref.getDigestMethod().getAlgorithm());
            if(ref.getURI().length() >0){
                String Id = SecurableSoapMessage.getIdFromFragmentRef(ref.getURI());
                //SOAPElement se = secMsg.getElementByWsuId(Id);
                SOAPElement se = (SOAPElement) secMsg.getElementById(Id);
                if(se != null){
                    if(se.getNamespaceURI().equals(MessageConstants.WSSE_NS) ||
                            se.getNamespaceURI().equals(MessageConstants.WSSE11_NS) ||
View Full Code Here

                        logger.log(Level.FINEST, "SignedInfo val id "+id);
                   
                    targetURI = "#"+id;
                   
                    byte [] digestValue = fpContext.getDigestValue();
                    Reference reference = null;
                    if(!verify && digestValue != null){
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null,digestValue);
                    }else{
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
                    }
                    references.add(reference);
                }
                continue;  
            }else if(signatureType ==SignatureTarget.TARGET_TYPE_VALUE_URI){
                targetURI = signatureTarget.getValue();
               
                if(targetURI == null){
                    targetURI="";
                }
                if(targetURI == MessageConstants.PROCESS_ALL_ATTACHMENTS){
                    Iterator itr = secureMessage.getAttachments();
                    if ( !itr.hasNext()) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1372_NO_ATTACHMENT_FOUND());
                        throw new XWSSecurityException("No attachment present in the message");
                        //logger.log(Level.WARNING, "No Attachment Part present in the message to be secured");
                        //continue;
                    }
                    while(itr.hasNext()){
                        String cid = null;
                        AttachmentPart ap = (AttachmentPart)itr.next();
                        String _cid = ap.getContentId();
                        if (_cid.charAt(0) == '<' && _cid.charAt(_cid.length()-1) == '>'){
                            int lindex = _cid.lastIndexOf('>');
                            int sindex = _cid.indexOf('<');
                            if(lindex < sindex || lindex == sindex){
                                //log error
                                logger.log(Level.SEVERE,LogStringsMessages.WSS_1303_CID_ERROR());
                            }
                            cid = "cid:"+_cid.substring(sindex+1,lindex);
                        }else{
                            cid = "cid:"+_cid;
                        }
                        Reference reference = signatureFactory.newReference(cid,digestMethod,transformList,null,null);
                        references.add(reference);
                    }
                    continue;
                }else{
                    if (exclTransformToBeAdded) {
                        // exc-14-n must be one of the last transforms under ReferenceList by default.
//                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
//                        ExcC14NParameterSpec spec = null;
//                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
//                        transformList.add(transform);
                        SOAPElement dataElement = null;
                        if (featureBinding != null && featureBinding.isBSP()) {
                           
//                            try {
                                String _uri = targetURI;
                                if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
                                    _uri = targetURI.substring(1);
                                }
                                dataElement =(SOAPElement) secureMessage.getElementById(_uri);
//                            } catch (TransformerException te) {
//                                logger.log(Level.SEVERE, "WSS1373.failedto.resolve.elementbyID", te);
//                                throw new XWSSecurityException(te.getMessage(), te);
//                            }
                        }
                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                        ExcC14NParameterSpec spec = null;
                        if(dataElement != null && !disableInclusivePrefix){
                            spec =   new ExcC14NParameterSpec(getReferenceNamespacePrefixes(dataElement));
                        }
                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                        transformList.add(transform);
                    }
                    if(targetURI.equals(SignatureTarget.ALL_MESSAGE_HEADERS)){
                        SOAPHeader soapHeader=null;
                        try{
                            soapHeader = secureMessage.getSOAPHeader();
                        }catch(SOAPException se) {
                            se.printStackTrace();
                        }
                        NodeList headers = soapHeader.getChildNodes();
                        Reference reference = null;
                        for(int i=0;i<headers.getLength();i++){
                            if(((Node)headers.item(i)).getNodeType() ==  Node.ELEMENT_NODE){
                            Element element = (Element)headers.item(i);
                                if(!("Security".equals(element.getLocalName()) &&
                                    MessageConstants.WSSE_NS.equals(element.getNamespaceURI())) ){
                                    reference = signatureFactory.newReference("#"+generateReferenceID(element, secureMessage),digestMethod,transformList,null,null);
                                    references.add(reference);
                                }
                            }
                        }
                        continue;
                    }
                }
            }
           
            byte [] digestValue = fpContext.getDigestValue();
            Reference reference = null;
            if(!verify && digestValue != null){
                reference = signatureFactory.newReference(targetURI,digestMethod,transformList,null,null,digestValue);
            }else{
                reference = signatureFactory.newReference(targetURI,digestMethod,transformList,null,null);
            }
View Full Code Here

                    boolean sv = signature.getSignatureValue().validate(validationContext);
                    logger.log(Level.FINEST,"Signature validation status: " + sv);
                    // check the validation status of each Reference
                    Iterator i = signature.getSignedInfo().getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference ref = (Reference) i.next();
                        logger.log(Level.FINEST,"Reference ID "+ref.getId());
                        logger.log(Level.FINEST,"Reference URI "+ref.getURI());
                        boolean refValid =
                                ref.validate(validationContext);
                        logger.log(Level.FINEST,"Reference["+j+"] validity status: " + refValid);
                    }
                }
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1315_SIGNATURE_VERIFICATION_FAILED());
                XWSSecurityException xwsse =   new XWSSecurityException("Signature verification failed");
                throw SecurableSoapMessage.newSOAPFaultException(
                        MessageConstants.WSSE_FAILED_CHECK,"Signature verification failed ",xwsse);
            } else {
                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINE,"Signature Passed Core Validation");
                }
                SignedInfo signInfo = signature.getSignedInfo();
                if (isBSP) {
                    Iterator i = signInfo.getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference reference = (Reference) i.next();
                       
                        Iterator t = reference.getTransforms().iterator();
                        for (int index=0; t.hasNext(); index++) {
                            Transform transform = (Transform) t.next();
                            if (Transform.ENVELOPED.equals(transform.getAlgorithm())) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1336_ILLEGAL_ENVELOPEDSIGNATURE());
                                throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
View Full Code Here

        List signedReferences = signedInfo.getReferences();
        Iterator sr = signedReferences.listIterator();
        ArrayList signedDataList = new ArrayList();
        ArrayList signedReferenceList = new ArrayList();
        while(sr.hasNext()){
            Reference reference = (Reference)sr.next();
            Data tmpObj = getData(reference,validationContext);
            signedDataList.add(new DataWrapper(tmpObj));
            //TODO:Should use cached data from References of already validated
            //messages when sean provides on . For now get the Data again.
            signedReferenceList.add(reference);
        }
       
        ArrayList optionalReqList = new ArrayList();
        ArrayList requiredDataList = new ArrayList();
        ArrayList requiredReferenceList = new ArrayList();
        ArrayList optionalDataList = new ArrayList();
        ArrayList optionalReferenceList = new ArrayList();
        //It would have been better If I had optional list
        //seperated
       
        Iterator targetItr = targets.iterator();
        SecurableSoapMessage secureMessage = context.getSecurableSoapMessage();
        while(targetItr.hasNext()){
            SignatureTarget signatureTarget = (SignatureTarget) targetItr.next();
            boolean requiredTarget = signatureTarget.getEnforce();
            List referenceList = null;
            try{
                if(requiredTarget){
                    referenceList = dsigUtil.generateReferenceList(Collections.singletonList(signatureTarget),secureMessage,context,true, featureBinding.isEndorsingSignature());
                }else{
                    //dont resolve it now.
                    optionalReqList.add(signatureTarget);
                }
            }catch(Exception ex){
                logger.log(Level.SEVERE,LogStringsMessages.WSS_1302_REFLIST_ERROR(),ex);
                if(requiredTarget){
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                    throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                            signatureTarget.getValue()+" is not met");
                }
                //log
            }
            if(!requiredTarget){
                continue;
            }
            if( referenceList.size() <= 0){
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                        signatureTarget.getValue()+" is not met");
            }
            boolean allRef = false;
            //Verify all attachments are signed.              || all header elements are signed
           /* if(signatureTarget.getValue().startsWith("cid:*") || signatureTarget.getValue().equals(SignatureTarget.ALL_MESSAGE_HEADERS)){
                allRef = true;
            }*/
            for(int i =0; i<referenceList.size(); i++){
                Reference reference = (Reference)referenceList.get(i);
                Data data = null;
                try{
                    data = getData(reference,validationContext);
                    if(requiredTarget && data != null){
                        DataWrapper tmpObj = new DataWrapper(data);
                        tmpObj.setTarget(signatureTarget);
                        //It would still have cid:*
                        requiredDataList.add(tmpObj);
                        requiredReferenceList.add(reference);
                    }
                }catch(Exception ex){
                    if(requiredTarget){
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                        throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                                signatureTarget.getValue()+" is not met");
                    }
                }
                /*if(!allRef){
                    break;
                }*/
            }
        }
       
        if(optionalReqList.size() ==0 && requiredReferenceList.size() != signedReferenceList.size()){
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1340_ILLEGAL_UNMATCHED_NOOF_TARGETS());
            throw new XWSSecurityException("Number of Targets in the message"+
                    " dont match number of Targets in receiver requirements");
        }
       
        if(requiredDataList.size() == 0){
            if(logger.isLoggable(Level.FINER)){
                logger.log(Level.FINER,"No mandatory receiver requirements were provided");
            }
            return;
        }
       
        for(int i=0;i<requiredDataList.size();i++){
            DataWrapper rData = (DataWrapper)requiredDataList.get(i);
            boolean found = false;
            for(int j=0;j< signedDataList.size();j++){
                DataWrapper sData = null;
                sData = (DataWrapper)signedDataList.get(j);
                if(isEqual(rData,sData,(Reference)requiredReferenceList.get(i),(Reference)signedReferenceList.get(j))){
                    signedDataList.remove(j);
                    signedReferenceList.remove(j);
                    found = true;
                    break;
                }
            }
            if(!found){
                //Reference st = (Reference)requiredReferenceList.get(i);
                String uri = rData.getTarget().getValue();
                String type = rData.getTarget().getType();
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1341_ILLEGAL_UNMATCHED_TYPE_URI());
                throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                        "having " + type+" type and value " +uri+" is not met");
            }
        }
       
        if(signedDataList.size() == 0){
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST,"All receiver requirements are met");
            }
            return;
        }else{
            List referenceList = null;
           
            //Resolve All optional references if any
            for(int i=0;i<optionalReqList.size();i++){
                SignatureTarget signatureTarget = (SignatureTarget)optionalReqList.get(i);
                try{
                    referenceList = null;
                    referenceList = dsigUtil.generateReferenceList(Collections.singletonList(signatureTarget),secureMessage,context,true, featureBinding.isEndorsingSignature());
                }catch(Exception ex){
                    if(logger.isLoggable(Level.FINE)){
                        logger.log(Level.FINE,"Optional Target not found in the message ",ex);
                    }
                }
                if(referenceList == null || referenceList.size() <= 0){
                    continue;
                }
                Reference reference = (Reference)referenceList.get(0);
                Data data = null;
                try{
                    data = getData(reference,validationContext);
                }catch(Exception ex){
                    //log
                }
                if(data != null){
                    DataWrapper tmpObj  = new DataWrapper(data);
                    tmpObj.setTarget(signatureTarget);
                    optionalDataList.add(tmpObj);
                    optionalReferenceList.add(reference);
                }
            }
           
            for(int i=0;i<signedDataList.size();i++){
                DataWrapper sData = (DataWrapper)signedDataList.get(i);
                DataWrapper oData = null;
                boolean found = false;
               
                for(int j=0;j< optionalDataList.size();j++){
                    oData = (DataWrapper)optionalDataList.get(j);
                   
                    if(isEqual(oData,sData,(Reference)optionalReferenceList.get(j),(Reference)signedReferenceList.get(i))){
                        optionalDataList.remove(j);
                        optionalReferenceList.remove(j);
                        found = true;
                        break;
                    }
                }
               
                if(!found){
                    Reference st = (Reference)signedReferenceList.get(i);
                    logger.log(Level.SEVERE,LogStringsMessages.WSS_1341_ILLEGAL_UNMATCHED_TYPE_URI());
                    throw new XWSSecurityException("SignatureTarget in the message "+
                            "with URI " +st.getURI()+ " has not met receiver requirements");
                }
            }
           
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST,"All receiver requirements are met");
View Full Code Here

                    boolean sv = signature.getSignatureValue().validate(validationContext);
                    logger.log(Level.FINEST,"Signature validation status: " + sv);
                    // check the validation status of each Reference
                    Iterator i = signature.getSignedInfo().getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference ref = (Reference) i.next();
                        logger.log(Level.FINEST,"Reference ID "+ref.getId());
                        logger.log(Level.FINEST,"Reference URI "+ref.getURI());
                        boolean refValid =
                                ref.validate(validationContext);
                        logger.log(Level.FINEST,"Reference["+j+"] validity status: " + refValid);
                    }
                }
            }
            return coreValidity;
View Full Code Here

TOP

Related Classes of javax.xml.crypto.dsig.Reference

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.