}
}
private ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream metaInfo, String referenceID) throws Exception {
KeyManager keyManager = config.getSigningKey();
String keyAlias = keyManager.getKeyAlias();
String keypass = keyManager.getKeyPassword();
// Create a DOM XMLSignatureFactory that will be used to
// generate the enveloped signature.
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
// that, and also specify the SHA1 digest algorithm and
// the ENVELOPED Transform.
Reference ref = fac.newReference("#" + referenceID, fac.newDigestMethod(DigestMethod.SHA1, null), Collections
.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)), null, null);
// Create the SignedInfo.
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec)null), fac
.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
// step 2
// Load the KeyStore and get the signing key and certificate.
// in case we did not specify the key alias, we assume there is only one key in the keystore ,
// we use this key's alias as default.
if (keyAlias == null || "".equals(keyAlias)) {
//keyAlias = getDefaultX509Identifier(ks);
keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
}
PrivateKey keyEntry = keyManager.getCrypto().getPrivateKey(keyAlias, keypass);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(keyAlias);
X509Certificate[] issuerCerts = keyManager.getCrypto().getX509Certificates(cryptoType);
if (issuerCerts == null || issuerCerts.length == 0) {
throw new ProcessingException(
"No issuer certs were found to sign the metadata using issuer name: "
+ keyAlias);
}