Examples of org.apache.xml.security.signature.XMLSignature

Package org.apache.xml.security.signature

Examples of org.apache.xml.security.signature.XMLSignature

org.apache.xml.security.signature.XMLSignature
Handles <ds:Signature> elements. This is the main class that deals with creating and verifying signatures.
There are 2 types of constructors for this class. The ones that take a document, baseURI and 1 or more Java Objects. This is mostly used for signing purposes. The other constructor is the one that takes a DOM Element and a baseURI. This is used mostly with for verifying, when you have a SignatureElement. There are a few different types of methods:
- The addDocument* methods are used to add References with optional transforms during signing.
- addKeyInfo* methods are to add Certificates and Keys to the KeyInfo tags during signing.
- appendObject allows a user to add any XML Structure as an ObjectContainer during signing.
- sign and checkSignatureValue methods are used to sign and validate the signature.

        Element envelope = doc.createElementNS("http://www.usps.gov/",
                                               "Envelope");
        envelope.appendChild(doc.createTextNode("\n"));
        doc.appendChild(envelope);


        XMLSignature sig = 
      new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);


        ObjectContainer object1 = new ObjectContainer(doc);
        object1.setId("object-1");
        object1.setMimeType("text/plain");
        sig.appendObject(object1);


        ObjectContainer object2 = new ObjectContainer(doc);


        object2.setId("object-2");
        object2.setMimeType("text/plain");
        object2.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
        object2.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
        sig.appendObject(object2);


        Transforms transforms = new Transforms(doc);
        XPathContainer xpathC = new XPathContainer(doc);


        xpathC.setXPath("self::text()");
        transforms.addTransform(Transforms.TRANSFORM_XPATH,
                                xpathC.getElementPlusReturns());
        sig.addDocument("#object-1", transforms,
                        Constants.ALGO_ID_DIGEST_SHA1, null,
                        "http://www.w3.org/2000/09/xmldsig#Object");


        KeyStore ks = KeyStore.getInstance("JKS");
  FileInputStream fis = null;
        if (BASEDIR != null && !"".equals(BASEDIR)) {
            fis = new FileInputStream(BASEDIR + SEP + 
      "data/org/apache/xml/security/samples/input/keystore.jks");
  } else {
            fis = new FileInputStream(
      "data/org/apache/xml/security/samples/input/keystore.jks");
  }
        ks.load(fis, "xmlsecurity".toCharArray());
        PrivateKey privateKey = (PrivateKey) ks.getKey("test",
                                 "xmlsecurity".toCharArray());


  sig.sign(privateKey);
    }

View Full Code Here

        if (sig != null) {
            Element signatureElement = sig.getDOM();
            
            try {
                // Use XML-Security class to obtain SignatureValue
                XMLSignature xmlSignature = new XMLSignature(signatureElement, "");
                return xmlSignature.getSignatureValue();
            } catch (XMLSignatureException e) {
                throw new WSSecurityException(
                    WSSecurityException.FAILURE, "invalidSAMLsecurity", null, e
                );
            } catch (XMLSecurityException e) {

View Full Code Here

        String referenceId = "#" + id;
        
        String digestAlgo = sigProps.getSignatureDigestAlgo() == null 
            ? Constants.ALGO_ID_DIGEST_SHA1 : sigProps.getSignatureDigestAlgo();
        
        XMLSignature sig = null;
        if (ENVELOPING_SIG.equals(sigStyle)) {
            sig = prepareEnvelopingSignature(doc, id, referenceId, sigAlgo, digestAlgo);
        } else if (DETACHED_SIG.equals(sigStyle)) {
            sig = prepareDetachedSignature(doc, id, referenceId, sigAlgo, digestAlgo);
        } else {
            sig = prepareEnvelopedSignature(doc, id, referenceId, sigAlgo, digestAlgo);
        }
        
        if (this.keyInfoMustBeAvailable) {
            sig.addKeyInfo(issuerCerts[0]);
            sig.addKeyInfo(issuerCerts[0].getPublicKey());
        }
        sig.sign(privateKey);
        return sig.getElement().getOwnerDocument();
    }

View Full Code Here

        Element object = newDoc.createElementNS(Constants.SignatureSpecNS, "ds:Object");
        object.appendChild(docEl);
        docEl.setAttributeNS(null, "Id", id);
        docEl.setIdAttributeNS(null, "Id", true);  
        
        XMLSignature sig = new XMLSignature(newDoc, "", sigAlgo);
        newDoc.appendChild(sig.getElement());
        sig.getElement().appendChild(object);
        
        Transforms transforms = new Transforms(newDoc);
        transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
        
        sig.addDocument(referenceId, transforms, digestAlgo);
        return sig;
    }

View Full Code Here

        Element root = newDoc.createElementNS(envelopeQName.getNamespaceURI(), 
                envelopeQName.getPrefix() + ":" + envelopeQName.getLocalPart());
        root.appendChild(docEl);
        newDoc.appendChild(root);
        
        XMLSignature sig = new XMLSignature(newDoc, "", sigAlgo);
        root.appendChild(sig.getElement());
        
        Transforms transforms = new Transforms(newDoc);
        transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
        
        sig.addDocument(referenceId, transforms, digestAlgo);
        return sig;
    }

View Full Code Here

            String sigAlgo,
            String digestAlgo) throws Exception {
        doc.getDocumentElement().setAttributeNS(null, "Id", id);
        doc.getDocumentElement().setIdAttributeNS(null, "Id", true);    
    
        XMLSignature sig = new XMLSignature(doc, "", sigAlgo);
        doc.getDocumentElement().appendChild(sig.getElement());
        Transforms transforms = new Transforms(doc);
        transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
        transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
        
        sig.addDocument(referenceURI, transforms, digestAlgo);
        return sig;
    }

View Full Code Here

            throwFault("Crypto can not be loaded", ex);
        }
        boolean valid = false;
        Reference ref = null;
        try {
            XMLSignature signature = new XMLSignature(signatureElement, "", true);
            
            if (sigProps != null) {
                SignedInfo sInfo = signature.getSignedInfo();
                if (sigProps.getSignatureAlgo() != null
                    && !sigProps.getSignatureAlgo().equals(sInfo.getSignatureMethodURI())) {
                    throwFault("Signature Algorithm is not supported", null);
                }
                if (sigProps.getSignatureC14nMethod() != null
                    && !sigProps.getSignatureC14nMethod().equals(sInfo.getCanonicalizationMethodURI())) {
                    throwFault("Signature C14n Algorithm is not supported", null);
                }
            }
            
            ref = getReference(signature);
            Element signedElement = validateReference(root, ref);
            if (signedElement.hasAttributeNS(null, "ID")) {
                signedElement.setIdAttributeNS(null, "ID", true);
            }
            if (signedElement.hasAttributeNS(null, "Id")) {
                signedElement.setIdAttributeNS(null, "Id", true);
            }
            
            X509Certificate cert = null;
            PublicKey publicKey = null;
            
            
            // See also WSS4J SAMLUtil.getCredentialFromKeyInfo 
            KeyInfo keyInfo = signature.getKeyInfo();
            
            if (keyInfo != null) {
                cert = keyInfo.getX509Certificate();
                if (cert != null) {
                    valid = signature.checkSignatureValue(cert);
                } else {
                    publicKey = keyInfo.getPublicKey();
                    if (publicKey != null) {
                        valid = signature.checkSignatureValue(publicKey);
                    }
                } 
            } else if (!keyInfoMustBeAvailable) {
                String user = getUserName(crypto, message);
                cert = SecurityUtils.getCertificates(crypto, user)[0];
                publicKey = cert.getPublicKey();
                valid = signature.checkSignatureValue(cert);
            }
            
            // validate trust 
            new TrustValidator().validateTrust(crypto, cert, publicKey);
            if (valid && persistSignature) {

View Full Code Here

                // this SAML assertion and the main payload have been signed by the same
                // signature
                if (assertionParent != signedElement) {
                    // if not then try to compare if the same cert/key was used to sign SAML token
                    // and the payload
                    XMLSignature signature = message.getContent(XMLSignature.class);
                    if (signature == null) {
                        return false;
                    }
                    SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSignatureKeyInfo();
                    if (!compareCredentials(subjectKeyInfo, signature, tlsCerts)) {

View Full Code Here

                                    SamlAssertionWrapper assertionWrapper,
                                    Certificate[] tlsCerts) {
        List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
        for (String confirmationMethod : confirmationMethods) {
            if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
                XMLSignature sig = message.getContent(XMLSignature.class);
                SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
                if (!compareCredentials(subjectKeyInfo, sig, tlsCerts)) {
                    return false;
                }
            }

View Full Code Here

            X509Certificate receiverCert = null;
            
            String userName = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
            if (SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
                && !MessageUtils.isRequestor(message)) {
                XMLSignature sig = message.getExchange().getInMessage().getContent(XMLSignature.class);
                if (sig != null) {
                    receiverCert = sig.getKeyInfo().getX509Certificate(); 
                }
            } else {
                CryptoLoader loader = new CryptoLoader();
                Crypto crypto = loader.getCrypto(message, 
                                          SecurityConstants.ENCRYPT_CRYPTO,

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.xml.security.signature.XMLSignature

com.sun.xml.wss.core.SignatureHeaderBlock

org.apache.abdera.security.xmlsec.XmlSignature

org.apache.cxf.rs.security.saml.AbstractSamlInHandler

org.apache.cxf.rs.security.xml.AbstractXmlSigInHandler

org.apache.cxf.rs.security.xml.XmlSigOutInterceptor

org.apache.wookie.util.digitalsignature.DigitalSignatureProcessor

org.apache.ws.security.message.WSSecDKSign

org.apache.ws.security.message.WSSecSignature

org.apache.ws.security.message.WSSignEnvelope

org.apache.ws.security.processor.SignatureProcessor

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.