下面列出了怎么用javax.xml.crypto.dsig.CanonicalizationMethod的API类实例代码及写法,或者点击链接到github查看源代码。
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException {
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
//
byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
// load the document that's going to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(inputXml));
// create a key pair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
// sign the document
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = System.out;
new XmlGenerator().generate(doc.getDocumentElement(), os);
}
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException {
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
//
byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
// load the document that's going to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(inputXml));
// create a key pair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
// sign the document
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = System.out;
new XmlGenerator().generate(doc.getDocumentElement(), os);
}
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
String requestId = requestElement.getAttribute("RequestID");
requestElement.setIdAttribute("RequestID", true);
List<Transform> transforms = new LinkedList();
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
KeyInfo keyInfo = null;
if (keyInfoValue instanceof PublicKey) {
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
} else {
if (!(keyInfoValue instanceof X509Certificate)) {
throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
}
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
}
XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(domSignContext);
}
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
String requestId = requestElement.getAttribute("RequestID");
requestElement.setIdAttribute("RequestID", true);
List<Transform> transforms = new LinkedList();
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
KeyInfo keyInfo = null;
if (keyInfoValue instanceof PublicKey) {
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
} else {
if (!(keyInfoValue instanceof X509Certificate)) {
throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
}
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
}
XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(domSignContext);
}
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
String requestId = requestElement.getAttribute("RequestID");
requestElement.setIdAttribute("RequestID", true);
List<Transform> transforms = new LinkedList();
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
KeyInfo keyInfo = null;
if (keyInfoValue instanceof PublicKey) {
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
} else {
if (!(keyInfoValue instanceof X509Certificate)) {
throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
}
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
}
XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(domSignContext);
}
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
String requestId = requestElement.getAttribute("RequestID");
requestElement.setIdAttribute("RequestID", true);
List<Transform> transforms = new LinkedList();
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
KeyInfo keyInfo = null;
if (keyInfoValue instanceof PublicKey) {
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
} else {
if (!(keyInfoValue instanceof X509Certificate)) {
throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
}
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
}
XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(domSignContext);
}
private void signRequest(Element requestElement, PrivateKey privateKey, Object keyInfoValue) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, KeyException {
DOMSignContext domSignContext = new DOMSignContext(privateKey, requestElement, requestElement.getFirstChild());
String requestId = requestElement.getAttribute("RequestID");
requestElement.setIdAttribute("RequestID", true);
List<Transform> transforms = new LinkedList();
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec)null));
transforms.add(xmlSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null));
Reference reference = xmlSignatureFactory.newReference("#" + requestId, xmlSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec)null), transforms, (String)null, (String)null);
CanonicalizationMethod canonicalizationMethod = xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec)null);
SignatureMethod signatureMethod = xmlSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec)null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(reference));
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
KeyInfo keyInfo = null;
if (keyInfoValue instanceof PublicKey) {
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue((PublicKey)keyInfoValue)));
} else {
if (!(keyInfoValue instanceof X509Certificate)) {
throw new IllegalArgumentException("Unsupported keyinfo type [" + keyInfoValue.getClass() + "]");
}
keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoValue))));
}
XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
xmlSignature.sign(domSignContext);
}
@BeforeEach
public void init() throws Exception {
documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));
signatureParameters = new XAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
// Will add the signature within the tr tag
signatureParameters.setXPathLocationString("//*[local-name() = 'tr']");
service = new XAdESService(getOfflineCertificateVerifier());
}
@Test
public void base64WithOtherReferencesTest() {
List<DSSTransform> transforms = new ArrayList<>();
Base64Transform dssTransform = new Base64Transform();
transforms.add(dssTransform);
CanonicalizationTransform canonicalizationTransform = new CanonicalizationTransform(
CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS);
transforms.add(canonicalizationTransform);
List<DSSReference> refs = buildReferences(document, transforms);
XAdESSignatureParameters signatureParameters = new XAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setReferences(refs);
Exception exception = assertThrows(DSSException.class, () -> signAndValidate(document, signatureParameters));
assertEquals("Reference setting is not correct! Base64 transform cannot be used with other transformations.", exception.getMessage());
}
@BeforeEach
public void init() {
signatureParameters = new ASiCWithXAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setSignKeyInfo(true);
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.setKeyInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E);
service = new ASiCWithXAdESService(getCompleteCertificateVerifier());
service.setTspSource(getGoodTsa());
}
@BeforeEach
public void init() {
signatureParameters = new ASiCWithXAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_LTA);
signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E);
// DSS-1548
signatureParameters.setSignKeyInfo(true);
signatureParameters.setKeyInfoCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
service = new ASiCWithXAdESService(getCompleteCertificateVerifier());
service.setTspSource(getGoodTsa());
}
@BeforeEach
public void init() throws Exception {
documentToSign = new InMemoryDocument("Hello World !".getBytes(), "test.text");
signatureParameters = new ASiCWithXAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_LTA);
signatureParameters.aSiC().setContainerType(ASiCContainerType.ASiC_E);
// DSS-1548
signatureParameters.setSignKeyInfo(true);
signatureParameters.setKeyInfoCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
service = new ASiCWithXAdESService(getCompleteCertificateVerifier());
service.setTspSource(getGoodTsa());
}
@Test
public void toTimestampDTOTest() throws Exception {
TimestampToken timestampToken = new TimestampToken(Utils.fromBase64(timestampBinaries), TimestampType.CONTENT_TIMESTAMP);
assertNotNull(timestampToken);
timestampToken.setCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS);
timestampToken.setTimestampIncludes(Arrays.asList(new TimestampInclude("reference-id-1", true)));
TimestampDTO timestampDTO = TimestampTokenConverter.toTimestampDTO(timestampToken);
assertNotNull(timestampDTO);
assertEquals(timestampToken.getTimeStampType(), timestampDTO.getType());
assertEquals(timestampToken.getCanonicalizationMethod(), timestampDTO.getCanonicalizationMethod());
assertEquals(1, timestampDTO.getIncludes().size());
assertEquals("reference-id-1", timestampDTO.getIncludes().get(0).getURI());
assertTrue(timestampDTO.getIncludes().get(0).isReferencedData());
assertTrue(Arrays.equals(timestampToken.getEncoded(), timestampDTO.getBinaries()));
}
private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception {
Reference ref = initReference(fac);
String cm = null;
cm = map.getProperty(CANONICALIZATIONMETHOD);
String sigmethod = null;
sigmethod = map.getProperty(SIGNATURE_METHOD);
if (sigmethod == null) {
sigmethod = SignatureMethod.RSA_SHA1;
}
if (cm == null) {
cm = CanonicalizationMethod.EXCLUSIVE;
}
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(
cm,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(sigmethod,
null), Collections.singletonList(ref));
return si;
}
protected byte[] perform(byte[] input) throws Exception {
String signMethod = (String)signatureMethod.getSelectedItem();
PrivateKeyEntry keyEntry = this.selectedEntry;
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
ArrayList<Reference> references = getReferences(fac);
SignedInfo signatureInfo = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null), fac.newSignatureMethod(signatureMethods.get(signMethod), null), references);
KeyInfo keyInfo = this.getKeyInfo(fac, keyEntry);
XMLSignature signature = fac.newXMLSignature(signatureInfo, keyInfo);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(input));
try {
validateIdAttributes(doc);
} catch( Exception e ) {
throw new IllegalArgumentException("Provided Id identifier seems to be invalid.");
}
DOMSignContext dsc = new DOMSignContext (keyEntry.getPrivateKey(), doc.getDocumentElement());
signature.sign(dsc);
DOMSource source = new DOMSource(doc);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
StreamResult result = new StreamResult(bos);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
transformer.transform(source, result);
return bos.toByteArray();
}
protected void createSignature(Document document) throws Exception {
String signMethod = (String)signatureMethod.getSelectedItem();
PrivateKeyEntry keyEntry = this.selectedEntry;
if( this.multiSignature )
this.validateIdAttributes(document);
ArrayList<Reference> references = this.getReferences();
SignedInfo signatureInfo = signatureFac.newSignedInfo(signatureFac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null), signatureFac.newSignatureMethod(signatureMethods.get(signMethod), null), references);
KeyInfo keyInfo = this.getKeyInfo();
XMLSignature signature = signatureFac.newXMLSignature(signatureInfo, keyInfo);
DOMSignContext dsc = new DOMSignContext (keyEntry.getPrivateKey(), document.getDocumentElement());
signature.sign(dsc);
}
public static void main(String[] args) throws Exception {
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
//
byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
// load the document that's going to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(inputXml));
// // create a key pair
// KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
// kpg.initialize(512);
// KeyPair kp = kpg.generateKeyPair();
PublicKey pub = getPublicKey("C:\\work\\fhirserver\\tests\\signatures\\public_key.der");
PrivateKey priv = getPrivateKey("C:\\work\\fhirserver\\tests\\signatures\\private_key.der");
// sign the document
DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(pub);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = new FileOutputStream("c:\\temp\\java-digsig.xml");
new XmlGenerator().generate(doc.getDocumentElement(), os);
}
public static void main(String[] args) throws Exception {
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
//
byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
// load the document that's going to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(inputXml));
// // create a key pair
// KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
// kpg.initialize(512);
// KeyPair kp = kpg.generateKeyPair();
PublicKey pub = getPublicKey("C:\\work\\fhirserver\\tests\\signatures\\public_key.der");
PrivateKey priv = getPrivateKey("C:\\work\\fhirserver\\tests\\signatures\\private_key.der");
// sign the document
DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(pub);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = new FileOutputStream("c:\\temp\\java-digsig.xml");
new XmlGenerator().generate(doc.getDocumentElement(), os);
}
public static void main(String[] args) throws SAXException, IOException, ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, FHIRException, org.hl7.fhir.exceptions.FHIRException {
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
//
byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
// load the document that's going to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new ByteArrayInputStream(inputXml));
// create a key pair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
// sign the document
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
OutputStream os = System.out;
new XmlGenerator().generate(doc.getDocumentElement(), os);
}
public RequestSigner ( final Configuration configuration ) throws Exception
{
this.fac = XMLSignatureFactory.getInstance ( "DOM" );
this.md = this.fac.newDigestMethod ( configuration.getDigestMethod (), null );
this.kif = this.fac.getKeyInfoFactory ();
this.t = this.fac.newTransform ( Transform.ENVELOPED, (TransformParameterSpec)null );
this.ref = this.fac.newReference ( "", this.md, Collections.singletonList ( this.t ), null, null );
this.cm = this.fac.newCanonicalizationMethod ( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null );
}
private static String c14Xml(final String xml) {
if (xml == null) {
return null;
}
try {
final DocumentBuilder documentBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
final Document document = documentBuilder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
final TransformService transformation = TransformService.getInstance(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, "DOM");
transformation.init(null);
final NodeList allElements = document.getElementsByTagName("*");
final List<Node> elements = new ArrayList<>();
for (int i = 0; i < allElements.getLength(); i++) {
elements.add(allElements.item(i));
}
final OctetStreamData data = (OctetStreamData) transformation.transform((NodeSetData) elements::iterator, null);
try (final InputStream stream = data.getOctetStream()) {
final byte[] buffy = new byte[stream.available()];
stream.read(buffy);
return new String(buffy, StandardCharsets.UTF_8);
}
} catch (GeneralSecurityException | TransformException | SAXException | IOException | ParserConfigurationException e) {
throw new AssertionError(e);
}
}
public Document sign(FileInputStream fileStream, KeyPair keyPair)
throws ParserConfigurationException, SAXException, IOException,
NoSuchAlgorithmException, InvalidAlgorithmParameterException,
KeyException, MarshalException, XMLSignatureException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(fileStream);
DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
document.getDocumentElement());
XMLSignatureFactory signFactory = XMLSignatureFactory
.getInstance("DOM");
Reference ref = signFactory.newReference("", signFactory
.newDigestMethod(digestMethod, null), Collections
.singletonList(signFactory.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
SignedInfo si = signFactory.newSignedInfo(signFactory
.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null), signFactory
.newSignatureMethod(signatureMethod, null), Collections
.singletonList(ref));
KeyInfoFactory kif = signFactory.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(keyPair.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature signature = signFactory.newXMLSignature(si, ki);
signature.sign(signContext);
return document;
}
protected String[] getWrapperTags() throws Exception {
String ns = wrapperNS, prefix = wrapperPrefix, xsi = null, xsiSchemaLoc = null;
boolean isXsi = useWrapperXsi, isXsiSchemaLoc = useWrapperXsiSchemaLoc;
if (isXsi) {
xsi = wrapperXsi;
if (isXsiSchemaLoc)
xsiSchemaLoc = wrapperXsiSchemaLoc;
}
if (prefix == null)
prefix = "";
if ("".equals(ns) && !"".equals(prefix))
throw new Exception("non-empty wrapperPrefix not allowed for empty wrapperNS");
String[] tags = new String[2];
String startTag, endTag;
//DO NOT CHANGE CanonicalizationMethod.INCLUSIVE
Canonicalizer canonicalizer = Canonicalizer.getInstance(CanonicalizationMethod.INCLUSIVE);
if ("".equals(prefix)) {
//<Wrapper xmlns="urn:xmpp:xml-element" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:xmpp:xml-element FileWrapper-1.1.xsd">
startTag = "<Wrapper xmlns=\"" + ns + "\"" + (xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">";
endTag = "</Wrapper>";
} else {
//<xyz:Wrapper xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xyz="urn:xmpp:xml-element" xsi:schemaLocation="urn:xmpp:xml-element FileWrapper-1.1.xsd">
startTag = "<" + prefix + ":Wrapper xmlns" + ":" + prefix + "=\"" + ns + "\"" +
(xsi==null?"":" " + xsi + (xsiSchemaLoc==null?"":" " + xsiSchemaLoc)) + ">";
endTag = "</" + prefix + ":Wrapper>";
}
startTag = new String(canonicalizer.canonicalize((startTag + endTag).getBytes()));
startTag = startTag.replaceFirst(endTag, "");
tags[0] = startTag;
tags[1] = endTag;
return tags;
}
protected String getCanonicalizationMethod(SigXmlTransform sigXmlTransform) {
switch(sigXmlTransform) {
case InclusiveWithComments:
return CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS;
case Exclusive:
return CanonicalizationMethod.EXCLUSIVE;
case ExclusiveWithComments:
return CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
case Inclusive:
case None:
default:
return CanonicalizationMethod.INCLUSIVE;
}
}
@BeforeEach
public void init() throws Exception {
documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));
signatureParameters = new XAdESSignatureParameters();
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
signatureParameters.setGenerateTBSWithoutCertificate(true);
service = new XAdESService(getOfflineCertificateVerifier());
}
public byte[] build(Date signingDate, CertificateToken signingCertificate) {
// Re-initialize parameters to simulate external process.
params = new XAdESSignatureParameters();
params.setSignaturePackaging(SignaturePackaging.ENVELOPED);
params.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
params.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
params.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
params.bLevel().setSigningDate(signingDate);
params.setSigningCertificate(signingCertificate);
return super.build();
}
@BeforeEach
public void init() throws Exception {
documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));
String referenceId = "TOTO";
// Canonicalization is optional
String canonicalizationAlgo = CanonicalizationMethod.EXCLUSIVE;
List<DSSTransform> transforms = new ArrayList<>();
Base64Transform dssTransform = new Base64Transform();
transforms.add(dssTransform);
List<DSSReference> references = new ArrayList<>();
DSSReference dssReference = new DSSReference();
dssReference.setContents(documentToSign);
dssReference.setId(referenceId);
dssReference.setUri("#" + documentToSign.getName());
dssReference.setDigestMethodAlgorithm(DigestAlgorithm.SHA1);
dssReference.setTransforms(transforms);
dssReference.setType(Reference.OBJECT_URI);
references.add(dssReference);
signatureParameters = new XAdESSignatureParameters();
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setDigestAlgorithm(DigestAlgorithm.SHA1);
signatureParameters.setReferences(references);
byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA1, DSSXMLUtils.canonicalize(canonicalizationAlgo, DSSUtils.toByteArray(documentToSign)));
TimestampBinary timeStampResponse = getAlternateGoodTsa().getTimeStampResponse(DigestAlgorithm.SHA1, digest);
TimestampToken timestampToken = new TimestampToken(timeStampResponse.getBytes(), TimestampType.INDIVIDUAL_DATA_OBJECTS_TIMESTAMP);
timestampToken.setTimestampIncludes(Arrays.asList(new TimestampInclude(referenceId, true)));
timestampToken.setCanonicalizationMethod(canonicalizationAlgo);
signatureParameters.setContentTimestamps(Arrays.asList(timestampToken));
service = new XAdESService(getOfflineCertificateVerifier());
}
@BeforeEach
public void init() throws Exception {
documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));
signatureParameters = new XAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
service = new XAdESService(getOfflineCertificateVerifier());
}
@Test
public void contentTstTest() throws Exception {
XAdESSignatureParameters signatureParameters = new XAdESSignatureParameters();
service.getContentTimestamp(new InMemoryDocument(new byte[] {}), signatureParameters);
signatureParameters.setContentTimestampParameters(null);
service.getContentTimestamp(new InMemoryDocument(new byte[] {}), signatureParameters);
XAdESTimestampParameters timestampParameters = new XAdESTimestampParameters();
Exception exception = assertThrows(IllegalArgumentException.class, () -> timestampParameters.setCanonicalizationMethod(null));
assertEquals("Canonicalization cannot be empty! See EN 319 132-1: 4.5 Managing canonicalization of XML nodesets.", exception.getMessage());
exception = assertThrows(IllegalArgumentException.class, () -> timestampParameters.setCanonicalizationMethod(""));
assertEquals("Canonicalization cannot be empty! See EN 319 132-1: 4.5 Managing canonicalization of XML nodesets.", exception.getMessage());
InMemoryDocument document = new InMemoryDocument("Hello World!".getBytes());
timestampParameters.setCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE);
signatureParameters.setContentTimestampParameters(timestampParameters);
TimestampToken contentTimestamp = service.getContentTimestamp(document, signatureParameters);
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
contentTimestamp.setCanonicalizationMethod(null);
signatureParameters.setContentTimestamps(Arrays.asList(contentTimestamp));
exception = assertThrows(DSSException.class, () -> service.getDataToSign(document, signatureParameters));
assertEquals("Unable to create a timestamp with empty canonicalization method. "
+ "See EN 319 132-1: 4.5 Managing canonicalization of XML nodesets.", exception.getMessage());
}
@BeforeEach
public void init() throws Exception {
documentToSign = new FileDocument(new File("src/test/resources/sample.xml"));
signatureParameters = new XAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(getSigningCert());
signatureParameters.setCertificateChain(getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.DETACHED);
signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
signatureParameters.setSignedInfoCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
signatureParameters.setSignedPropertiesCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE);
service = new XAdESService(getOfflineCertificateVerifier());
}