Examples of javax.xml.crypto.dsig.XMLSignature

• javax.xml.crypto.dsig.XMLSignature
  3.org/TR/xmldsig-core/"> W3C Recommendation for XML-Signature Syntax and Processing. This class contains methods for signing and validating XML signatures with behavior as defined by the W3C specification. The XML Schema Definition is defined as:

   <element name="Signature" type="ds:SignatureType"/> <complexType name="SignatureType"> <sequence>  <element ref="ds:SignedInfo"/>  <element ref="ds:SignatureValue"/>  <element ref="ds:KeyInfo" minOccurs="0"/>  <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>  </sequence>   <attribute name="Id" type="ID" use="optional"/> </complexType> 

  An XMLSignature instance may be created by invoking one of the {@link XMLSignatureFactory#newXMLSignature newXMLSignature} methods of the{@link XMLSignatureFactory} class.

  If the contents of the underlying document containing the XMLSignature are subsequently modified, the behavior is undefined.

  Note that this class is named XMLSignature rather than Signature to avoid naming clashes with the existing {@link Signature java.security.Signature} class. @see XMLSignatureFactory#newXMLSignature(SignedInfo,KeyInfo) @see XMLSignatureFactory#newXMLSignature(SignedInfo,KeyInfo,List,String,String) @author Joyce L. Leung @author Sean Mullan @author Erwin van der Koogh @author JSR 105 Expert Group

            KeyInfo ki = getKeyInfo(signFactory, keyEntry);

            DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),
                    target);

            XMLSignature signature = signFactory.newXMLSignature(si, ki);

            signature.sign(dsc);

        } catch (Exception e) {
            throw new STSException("Cannot sign xml document: "
                    + e.getMessage(), e);
        }

            KeyInfo ki = getKeyInfo(signFactory, keyEntry);

            DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),
                    target);

            XMLSignature signature = signFactory.newXMLSignature(si, ki);

            signature.sign(dsc);

        } catch (Exception e) {
            throw new STSException("Cannot sign xml document: "
                    + e.getMessage(), e);
        }

        ByteArrayInputStream inputStream = new ByteArrayInputStream(currentData);

        Document document = this.documentBuilderFactory.newDocumentBuilder().parse(inputStream);
        DOMSignContext signContext = new DOMSignContext(privateKey, document.getDocumentElement());
        XMLSignature signature = this.xmlSignatureFactory.newXMLSignature(this.signedInfo, this.keyInfo);

        signature.sign(signContext);

        StringWriter writer = new StringWriter();
        StreamResult streamResult = new StreamResult(writer);

        TransformerFactory transformerFactory = TransformerFactory.newInstance();

        if ((nodeList != null) && (nodeList.getLength() > 0)) {
          Node node = nodeList.item(0);
          if (node.getNodeType() == Node.ELEMENT_NODE) {
            Element element = (Element) node;
            DOMValidateContext domValidateContext = new DOMValidateContext(KeySelector.singletonKeySelector(publicKey), element);
            XMLSignature xmlSignature = this.xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
            valid = xmlSignature.getSignatureValue().validate(domValidateContext);
            if (!valid) {
              break;
            }
          }
        } else {

      XMLObject obj = SIGNATURE_FACTORY.newXMLObject( Collections.singletonList( content ), elementName, null, null );

      SignedInfo si = SIGNATURE_FACTORY.newSignedInfo( SIGNATURE_FACTORY.newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, ( C14NMethodParameterSpec ) null ),
                                                       SIGNATURE_FACTORY.newSignatureMethod( SignatureMethod.RSA_SHA1, null ), Collections.singletonList( ref ) );

      XMLSignature signature = SIGNATURE_FACTORY.newXMLSignature( si, null, Collections.singletonList( obj ), null, null );

      DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
      documentBuilderFactory.setNamespaceAware( true );
      Document signedDoc = documentBuilderFactory.newDocumentBuilder().newDocument();
      DOMSignContext dsc = new DOMSignContext( x509Support.getPrivateKey(), signedDoc );

      signature.sign( dsc );

      return signedDoc;
    } catch ( Exception e ) {
      throw new RuntimeException( e );
    }

    if ( nl.getLength() == 0 ) {
      throw new IllegalStateException( "Cannot find Signature element!" );
    }

    DOMValidateContext valContext = new DOMValidateContext( x509Support.getCertificate().getPublicKey(), nl.item( 0 ) );
    XMLSignature signature = SIGNATURE_FACTORY.unmarshalXMLSignature( valContext );
    return signature.validate( valContext );

    //    if ( signature.validate( valContext ) ) {
    //      System.out.println( "Signature passed core validation!" );
    //    } else {
    //      System.err.println( "Signature failed core validation!" );

            throw new RuntimeException("Cannot find Signature element");
        }
        DOMValidateContext valContext = new DOMValidateContext(validatingKey, nl.item(0));
        try {
            valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
            XMLSignature signature = fac.unmarshalXMLSignature(valContext);
            boolean coreValidity = signature.validate(valContext);
            // Check core validation status.
            if (coreValidity == false) {
                System.err.println("Signature failed core validation");
                boolean sv = signature.getSignatureValue().validate(valContext);
                System.out.println("signature validation status: " + sv);
                // Check the validation status of each Reference.
                @SuppressWarnings("unchecked")
                Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
                System.out.println("---------------------------------------------");
                for (int j = 0; i.hasNext(); j++) {
                    Reference ref = (Reference) i.next();
                    boolean refValid = ref.validate(valContext);
                    System.out.println("ref[" + j + "] validity status: " + refValid);

        dsc.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ns2");

        // Create the XMLSignature, but don't sign it yet.
        try {
            SignedInfo si = initSignedInfo(fac);
            XMLSignature signature = fac.newXMLSignature(si, ki);

            // Marshal, generate, and sign the enveloped signature.
            signature.sign(dsc);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

            && secretKey == null
            && publicKey == null) {
            throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
        }

        XMLSignature xmlSignature =
            verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, wsDocInfo);
        byte[] signatureValue = xmlSignature.getSignatureValue().getValue();
        String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
        // The c14n algorithm must be as specified by the BSP spec
        if (data.getWssConfig().isWsiBSPCompliant()
            && !WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
            throw new WSSecurityException(
                WSSecurityException.INVALID_SECURITY, "badC14nAlgo"
            );
        }
        List<WSDataRef> dataRefs =
            buildProtectedRefs(
                elem.getOwnerDocument(), xmlSignature.getSignedInfo(), data.getWssConfig(), wsDocInfo
            );
        if (dataRefs.size() == 0) {
            throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
        }

        XMLValidateContext context = new DOMValidateContext(key, elem);
        context.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        context.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);

        try {
            XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
            setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo, elem.getOwnerDocument());
            boolean signatureOk = xmlSignature.validate(context);
            if (signatureOk) {
                return xmlSignature;
            }
            //
            // Log the exact signature error
            //
            if (LOG.isDebugEnabled()) {
                LOG.debug("XML Signature verification has failed");
                boolean signatureValidationCheck =
                    xmlSignature.getSignatureValue().validate(context);
                LOG.debug("Signature Validation check: " + signatureValidationCheck);
                java.util.Iterator<?> referenceIterator =
                    xmlSignature.getSignedInfo().getReferences().iterator();
                while (referenceIterator.hasNext()) {
                    Reference reference = (Reference)referenceIterator.next();
                    boolean referenceValidationCheck = reference.validate(context);
                    String id = reference.getId();
                    if (id == null) {