Examples of javax.xml.crypto.dsig.XMLSignature

• javax.xml.crypto.dsig.XMLSignature
  3.org/TR/xmldsig-core/"> W3C Recommendation for XML-Signature Syntax and Processing. This class contains methods for signing and validating XML signatures with behavior as defined by the W3C specification. The XML Schema Definition is defined as:

   <element name="Signature" type="ds:SignatureType"/> <complexType name="SignatureType"> <sequence>  <element ref="ds:SignedInfo"/>  <element ref="ds:SignatureValue"/>  <element ref="ds:KeyInfo" minOccurs="0"/>  <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>  </sequence>   <attribute name="Id" type="ID" use="optional"/> </complexType> 

  An XMLSignature instance may be created by invoking one of the {@link XMLSignatureFactory#newXMLSignature newXMLSignature} methods of the{@link XMLSignatureFactory} class.

  If the contents of the underlying document containing the XMLSignature are subsequently modified, the behavior is undefined.

  Note that this class is named XMLSignature rather than Signature to avoid naming clashes with the existing {@link Signature java.security.Signature} class. @see XMLSignatureFactory#newXMLSignature(SignedInfo,KeyInfo) @see XMLSignatureFactory#newXMLSignature(SignedInfo,KeyInfo,List,String,String) @author Joyce L. Leung @author Sean Mullan @author Erwin van der Koogh @author JSR 105 Expert Group

      }

      try
      {
         DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
         XMLSignature signature = fac.unmarshalXMLSignature(valContext);
         boolean signatureValid = signature.validate(valContext);

         if (log.isTraceEnabled() && !signatureValid)
         {
            boolean sv = signature.getSignatureValue().validate(valContext);
            log.trace("Signature validation status: " + sv);

            @SuppressWarnings("unchecked")
            List<Reference> references = signature.getSignedInfo().getReferences();
            for (Reference ref : references)
            {
               log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
            }
         }

        context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        context.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);

        try {
            XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
            if (data.getWssConfig().isWsiBSPCompliant()) {
                checkBSPCompliance(xmlSignature);
            }

            // Check for compliance against the defined AlgorithmSuite
            AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new
                    AlgorithmSuiteValidator(algorithmSuite);
                algorithmSuiteValidator.checkSignatureAlgorithms(xmlSignature);
            }

            // Test for replay attacks
            testMessageReplay(elem, xmlSignature.getSignatureValue().getValue(), data, wsDocInfo);

            setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo, elem.getOwnerDocument());
            boolean signatureOk = xmlSignature.validate(context);
            if (signatureOk) {
                return xmlSignature;
            }
            //
            // Log the exact signature error
            //
            if (LOG.isDebugEnabled()) {
                LOG.debug("XML Signature verification has failed");
                boolean signatureValidationCheck =
                    xmlSignature.getSignatureValue().validate(context);
                LOG.debug("Signature Validation check: " + signatureValidationCheck);
                java.util.Iterator<?> referenceIterator =
                    xmlSignature.getSignedInfo().getReferences().iterator();
                while (referenceIterator.hasNext()) {
                    Reference reference = (Reference)referenceIterator.next();
                    boolean referenceValidationCheck = reference.validate(context);
                    String id = reference.getId();
                    if (id == null) {

                // structure for testing the transform/digest algorithms etc.
                XMLValidateContext context = new DOMValidateContext(key, sig.getDOM());
                context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
                context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);

                XMLSignature xmlSignature;
                try {
                    xmlSignature = signatureFactory.unmarshalXMLSignature(context);
                } catch (MarshalException ex) {
                    throw new WSSecurityException(
                        WSSecurityException.FAILED_CHECK, "invalidSAMLsecurity",

                    algorithmSuiteValidator.checkSymmetricKeyLength(secretKey.length);
                }
            }
        }

        XMLSignature xmlSignature =
            verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, data, wsDocInfo);
        byte[] signatureValue = xmlSignature.getSignatureValue().getValue();
        String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();

        List<WSDataRef> dataRefs =
            buildProtectedRefs(
                elem.getOwnerDocument(), xmlSignature.getSignedInfo(), data.getWssConfig(), wsDocInfo
            );
        if (dataRefs.size() == 0) {
            throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
        }

        context.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        context.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);

        try {
            XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
            if (data.getWssConfig().isWsiBSPCompliant()) {
                checkBSPCompliance(xmlSignature);
            }

            // Check for compliance against the defined AlgorithmSuite
            AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new
                    AlgorithmSuiteValidator(algorithmSuite);
                algorithmSuiteValidator.checkSignatureAlgorithms(xmlSignature);
            }

            // Test for replay attacks
            testMessageReplay(elem, xmlSignature.getSignatureValue().getValue(), data, wsDocInfo);

            setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo, elem.getOwnerDocument());
            boolean signatureOk = xmlSignature.validate(context);
            if (signatureOk) {
                return xmlSignature;
            }
            //
            // Log the exact signature error
            //
            if (LOG.isDebugEnabled()) {
                LOG.debug("XML Signature verification has failed");
                boolean signatureValidationCheck =
                    xmlSignature.getSignatureValue().validate(context);
                LOG.debug("Signature Validation check: " + signatureValidationCheck);
                java.util.Iterator<?> referenceIterator =
                    xmlSignature.getSignedInfo().getReferences().iterator();
                while (referenceIterator.hasNext()) {
                    Reference reference = (Reference)referenceIterator.next();
                    boolean referenceValidationCheck = reference.validate(context);
                    String id = reference.getId();
                    if (id == null) {

        DOMSignContext dsc = new DOMSignContext
            (keyEntry.getPrivateKey(), document.getDocumentElement());

        // Create the XMLSignature, but don't sign it yet.
        XMLSignature signature = fac.newXMLSignature(si, ki);

        // Marshal, generate, and sign the enveloped signature.
        signature.sign(dsc);

        return document;

    }

        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");



        // Unmarshal the XMLSignature.
        XMLSignature signature = fac.unmarshalXMLSignature(valContext);


        // Validate the XMLSignature.
        boolean coreValidity = signature.validate(valContext);

        SignedInfo si = signature.getSignedInfo();

        System.out.println("Canonicalized SignedInfo:");
        InputStreamReader isr =
            new InputStreamReader(si.getCanonicalizedData());
        char[] cbuf = new char[1024];
        while (isr.read(cbuf, 0, 1024) != -1) {
            System.out.print(cbuf);
        }
        System.out.println();


     // Check core validation status.
        if (coreValidity == false) {
            System.err.println("Signature failed core validation");
            boolean sv = signature.getSignatureValue().validate(valContext);
            System.out.println("signature validation status: " + sv);
            if (sv == false) {
                // Check the validation status of each Reference.
                Iterator i = signature.getSignedInfo().getReferences().iterator();
                for (int j=0; i.hasNext(); j++) {
                    boolean refValid = ((Reference) i.next()).validate(valContext);
                    System.out.println("ref["+j+"] validity status: " + refValid);
                }
            }

        // Create a DOM XMLSignatureFactory
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        // Unmarshal the XMLSignature.
        XMLSignature signature = fac.unmarshalXMLSignature(valContext);

        // Validate the XMLSignature.
        coreValidity = signature.validate(valContext);

        // Check core validation status.
        if (coreValidity == false) {
            log.error("Signature failed core validation");
            boolean sv = signature.getSignatureValue().validate(valContext);
            log.debug("signature validation status: " + sv);
            if (sv == false) {
                // Check the validation status of each Reference.
                Iterator i = signature.getSignedInfo().getReferences().iterator();
                for (int j=0; i.hasNext(); j++) {
                    boolean refValid = ((Reference) i.next()).validate(valContext);
                    log.debug("ref["+j+"] validity status: " + refValid);
                }
            }

     // location of the resulting XMLSignature's parent element.
     DOMSignContext dsc = new DOMSignContext
         (keyEntry.getPrivateKey(), doc.getDocumentElement());

     // Create the XMLSignature, but don't sign it yet.
     XMLSignature signature = fac.newXMLSignature(si, ki);

     // Marshal, generate, and sign the enveloped signature.
     signature.sign(dsc);

     //Write signature to a binary file if you desire
     /*
     File someFile = new File();
     FileOutputStream fos = new FileOutputStream(SIGNATURE_FILE_BINARY);

            KeyInfo ki = getKeyInfo(signFactory, keyEntry);

            DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),
                    target);

            XMLSignature signature = signFactory.newXMLSignature(si, ki);

            signature.sign(dsc);

        } catch (Exception e) {
            throw new STSException("Cannot sign xml document: "
                    + e.getMessage(), e);
        }