Examples of org.apache.xml.security.signature.XMLSignature

• org.apache.xml.security.signature.XMLSignature
  Handles <ds:Signature> elements. This is the main class that deals with creating and verifying signatures.

  There are 2 types of constructors for this class. The ones that take a document, baseURI and 1 or more Java Objects. This is mostly used for signing purposes. The other constructor is the one that takes a DOM Element and a baseURI. This is used mostly with for verifying, when you have a SignatureElement. There are a few different types of methods:

  • The addDocument* methods are used to add References with optional transforms during signing.
  • addKeyInfo* methods are to add Certificates and Keys to the KeyInfo tags during signing.
  • appendObject allows a user to add any XML Structure as an ObjectContainer during signing.
  • sign and checkSignatureValue methods are used to sign and validate the signature.

      Document doc = this.db.parse(fileIn);
      Element signatureElement =
         (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
                                              Constants._TAG_SIGNATURE).item(0);
      XMLSignature xmlSignature = new XMLSignature(signatureElement,
                                     fileIn.toURL().toString());
      boolean verify =
         xmlSignature
            .checkSignatureValue(xmlSignature.getKeyInfo().getPublicKey());
      int length = xmlSignature.getSignedInfo().getLength();
      int numberOfPositiveReferences = 0;

      for (int i = 0; i < length; i++) {
         boolean singleResult =
            xmlSignature.getSignedInfo().getVerificationResult(i);

         if (singleResult) {
            numberOfPositiveReferences++;
         }
      }

      org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
      Element nscontext = XMLUtils.createDSctx(doc, "ds",
                                               Constants.SignatureSpecNS);
      Element sigElement = (Element) XPathAPI.selectSingleNode(doc,
                              "//ds:Signature[1]", nscontext);
      XMLSignature signature = new XMLSignature(sigElement,
                                                f.toURL().toString());

      if (resolver != null) {
         signature.addResourceResolver(resolver);
      }
      signature.setFollowNestedManifests(followManifests);

      byte keybytes[] = hmacKey;
      javax.crypto.SecretKey sk = signature.createSecretKey(keybytes);

      return signature.checkSignatureValue(sk);
   }

      org.w3c.dom.Document doc = db.parse(f);
      Element nscontext = XMLUtils.createDSctx(doc, "ds",
                                               Constants.SignatureSpecNS);
      Element sigElement = (Element) XPathAPI.selectSingleNode(doc,
                              "//ds:Signature[1]", nscontext);
      XMLSignature signature = new XMLSignature(sigElement,
                                                f.toURL().toString());

      if (resolver != null) {
         signature.addResourceResolver(resolver);
      }
      signature.setFollowNestedManifests(followManifests);


      KeyInfo ki = signature.getKeyInfo();
      boolean result=false;
      if (ki != null) {
         X509Certificate cert = ki.getX509Certificate();

         if (cert != null) {
           result=signature.checkSignatureValue(cert);
         } else {
            PublicKey pk = ki.getPublicKey();

            if (pk != null) {
              result=signature.checkSignatureValue(pk);
            } else {
               throw new RuntimeException(
                  "Did not find a public key, so I can't check the signature");
            }
         }
      } else {
         throw new RuntimeException("Did not find a KeyInfo");
      }
      if (!result) {
        StringBuffer sb = new StringBuffer();

          for (int i = 0; i < signature.getSignedInfo().getLength(); i++) {
             boolean refVerify =
                signature.getSignedInfo().getVerificationResult(i);

             if (refVerify) {
                log.debug("Reference " + i + " was OK");
             } else {
                sb.append(i + " ");
                JavaUtils.writeBytesToFilename(filename + i + ".apache.txt", signature.getSignedInfo().item(i).getContentsAfterTransformation().getBytes());


                log.debug("Reference " + i );
             }
          }

      dbf.setNamespaceAware(true);

      DocumentBuilder db = dbf.newDocumentBuilder();
      Document doc = db.newDocument();
      XMLSignature sig = new XMLSignature(doc, null,
                                          XMLSignature.ALGO_ID_MAC_HMAC_SHA1);

      doc.appendChild(sig.getElement());

      SignatureProperty prop1 = new SignatureProperty(doc,
                                   "http://www.xmlsecurity.org/#target",
                                   "prop1");

      prop1.getElement()
         .appendChild(doc.createTextNode("\n   some data for this property\n"));

      SignatureProperties props = new SignatureProperties(doc);

      props.addSignatureProperty(prop1);

      ObjectContainer object = new ObjectContainer(doc);

      object.appendChild(doc.createTextNode("\n"));
      object.appendChild(props.getElement());
      object.appendChild(doc.createTextNode("\n"));
      sig.appendObject(object);
      sig.addDocument("#prop1");

      String secretKey = "secret";

      sig.getKeyInfo().addKeyName("The UTF-8 octets of \"" + secretKey
                                  + "\" are used for signing ("
                                  + secretKey.length() + " octets)");
      sig.sign(sig.createSecretKey(secretKey.getBytes()));

      Canonicalizer c14n =
         Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);

      System.out.println("---------------------------------------");
      System.out.println(new String(c14n.canonicalizeSubtree(doc)));
      System.out.println("---------------------------------------");
      System.out
         .println(new String(sig.getSignedInfo().item(0).getTransformsOutput()
            .getBytes()));
      System.out.println("---------------------------------------");
   }

            Element sigElement = (Element) XPathAPI.selectSingleNode(doc,
                                    "//ds:Signature[1]", nscontext);

            //Creates a XMLSignature from the element and uses the filename as
            //the baseURI. That URI is prepended to all relative URIs.
            XMLSignature signature =
               new XMLSignature(sigElement,
                                (new File(filename)).toURL().toString());

            signature.addResourceResolver(new OfflineResolver());

            //Get the KeyInfo object, which might contain some clues as to what
            //key was used to create the signature. It might also contain the
            //full cert.
            KeyInfo ki = signature.getKeyInfo();

            ki.addStorageResolver(new StorageResolver(new org.apache.xml
               .security.keys.storage.implementations
               .CertsInFilesystemDirectoryResolver(merlinsDir + "certs")));

            if (ki != null) {

               //First try to see if it is an X509Cert
               X509Certificate cert =
                  signature.getKeyInfo().getX509Certificate();

               if (cert != null) {

                  //check if the signature is valid using the cert
                  System.out.println("Check: "
                                     + signature.checkSignatureValue(cert));
               } else {

                  //Maybe it's a public key
                  PublicKey pk = signature.getKeyInfo().getPublicKey();

                  if (pk != null) {

                     //check if the signature is valid using the public key
                     System.out.println("Check: "
                                        + signature.checkSignatureValue(pk));
                  } else {

                     //No X509Cert or PublicKey could be found.
                     System.out
                        .println("Could not find Certificate or PublicKey");

      org.w3c.dom.Document doc = db.newDocument();
      String BaseURI = signatureFile.toURL().toString();

      Constants.setSignatureSpecNSprefix(null);

      XMLSignature sig = new XMLSignature(doc, BaseURI,
                                          XMLSignature.ALGO_ID_SIGNATURE_DSA);
      byte[][] memoryData = {
         "The secret data".getBytes(), "dataset 2".getBytes(),
      };

      sig.addResourceResolver(new NullURIReferenceResolver(memoryData));
      doc.appendChild(sig.getElement());

      {
         sig.addDocument(null, null, Constants.ALGO_ID_DIGEST_SHA1);
         sig.addDocument(null, null, Constants.ALGO_ID_DIGEST_SHA1);
      }

      {
         X509Certificate cert =
            (X509Certificate) ks.getCertificate(certificateAlias);

         sig.addKeyInfo(cert);
         sig.addKeyInfo(cert.getPublicKey());
         System.out.println("Start signing");
         sig.sign(privateKey);
         System.out.println("Finished signing");
      }

      FileOutputStream f = new FileOutputStream(signatureFile);

      Document doc = createDocument(db);
      Element root = doc.getDocumentElement();

      File f = new File(filename);
      XMLSignature signature = new XMLSignature(doc, f.toURL().toString(),
                                                SignatureURI);
      Transforms transforms = new Transforms(doc);

      transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
      signature.addDocument("", transforms, DigestURI);
      signature.addKeyInfo(pubkey);
      root.appendChild(signature.getElement());
      XMLUtils.addReturnToElement(root);
      signature.sign(privk);

      FileOutputStream fos = new FileOutputStream(f);

      XMLUtils.outputDOMc14nWithComments(doc, fos);

      Document doc = createDocument(db);
      Element root = doc.getDocumentElement();

      File f = new File(filename);
      XMLSignature signature = new XMLSignature(doc, f.toURL().toString(),
                                                SignatureURI);
      Transforms transforms = new Transforms(doc);

      transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
      signature.addDocument("", transforms, DigestURI);

      SecretKey secretKey = signature.createSecretKey(mackey);

      root.appendChild(signature.getElement());
      XMLUtils.addReturnToElement(root);
      signature.sign(secretKey);

      FileOutputStream fos = new FileOutputStream(f);

      XMLUtils.outputDOMc14nWithComments(doc, fos);

      log.debug("fixSubtree took " + (int) (end - start));

      Element sigElement =
         (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
                                              Constants._TAG_SIGNATURE).item(0);
      XMLSignature signature = new XMLSignature(sigElement,
                                                f.toURL().toString());
      boolean verify =
         signature.checkSignatureValue(signature.getKeyInfo().getPublicKey());
      int failures = 0;

      if (!verify) {
         for (int i = 0; i < signature.getSignedInfo().getLength(); i++) {
            boolean refVerify =
               signature.getSignedInfo().getVerificationResult(i);

            if (refVerify) {
               log.debug("Reference " + i + " was OK");
            } else {
               log.debug("Reference " + i + " failed");

      Canonicalizer20010315OmitComments c = new Canonicalizer20010315OmitComments();
      System.out.println(new String(c.engineCanonicalizeSubTree(doc)));

      XMLSignature sig = new XMLSignature(doc, "", XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
      A_A.appendChild(sig.getElement());

      Transforms transforms = new Transforms(doc);

      XPath2FilterContainer xf2_1 = XPath2FilterContainer.newInstanceIntersect(doc, "//self::node()[local-name() = 'B']");
      transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, xf2_1.getElement());

      XPath2FilterContainer xf2_2 = XPath2FilterContainer.newInstanceSubtract(doc, "//namespace::*[local-name()='B']");
      transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, xf2_2.getElement());

      log.info("Created signature object");

      sig.addDocument("", transforms);

      log.info("Reference added");

      sig.sign(sig.createSecretKey("secret".getBytes()));

      log.info("Signing finished");

      XMLSignatureInput s = sig.getSignedInfo().getReferencedContentAfterTransformsItem(0);
      Set nodes = s.getNodeSet();
      Iterator it = nodes.iterator();
      while (it.hasNext()) {
         Node n = (Node) it.next();
         if (n.getNodeType() == Node.ATTRIBUTE_NODE) {