private boolean validateSender(Document signedDocument, PublicKey publicKey) throws ProcessingException { try { return XMLSignatureUtil.validate(signedDocument, publicKey); } catch (Exception e) { log.error("Error validating signature:", e); throw new ProcessingException(ErrorCodes.INVALID_DIGITAL_SIGNATURE + "Error validating signature."); } }
Node certNode = nl.getFirstChild(); String certNodeValue = certNode.getNodeValue(); cert = XMLSignatureUtil.getX509CertificateFromKeyInfoString(certNodeValue.replaceAll("\\s", "")); break;
/** * Sign only specified element (assumption is that it already has ID attribute set) * * @param elementToSign element to sign with set ID * @param nextSibling child of elementToSign, which will be used as next sibling of created signature * @param keyPair * @param digestMethod * @param signatureMethod * @param referenceURI * @throws GeneralSecurityException * @throws MarshalException * @throws XMLSignatureException */ public static void sign(Element elementToSign, Node nextSibling, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException { sign(elementToSign, nextSibling, keyPair, digestMethod, signatureMethod, referenceURI,null); }
XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
XMLSignatureUtil.setCanonicalizationMethodType(configuration.getXMLDSigCanonicalizationMethod()); rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, DigestMethod.SHA1, signatureMethod, ""); if (trace) log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
Node importedNode = tokenDocument.importNode(securityToken, true); tokenDocument.appendChild(importedNode); XMLSignatureUtil.propagateIDAttributeSetup(securityToken, tokenDocument.getDocumentElement()); if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) { status = new StatusType(); status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
propagateIDAttributeSetup(nodeToBeSigned, newDoc.getDocumentElement()); newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI); propagateIDAttributeSetup(newDoc.getDocumentElement(), (Element) signedNode);
/** * Set to false, if you do not want to include keyinfo in the signature * * @param val * * @since v2.0.1 */ public void setSignatureIncludeKeyInfo(boolean val) { if (!val) { XMLSignatureUtil.setIncludeKeyInfoInSignature(false); } }
private static void signImpl(DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, PublicKey publicKey, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { dsc.setDefaultNamespacePrefix("dsig"); DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); List<Transform> transformList = new ArrayList<Transform>(); transformList.add(transform1); transformList.add(transform2); Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null); CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null); List<Reference> referenceList = Collections.singletonList(ref); SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList); KeyInfo ki = null; if (includeKeyInfoInSignature) { ki = createKeyInfo(publicKey, x509Certificate); } XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); }
XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
XMLSignatureUtil.setCanonicalizationMethodType(configuration.getXMLDSigCanonicalizationMethod()); rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, DigestMethod.SHA1, signatureMethod, ""); if (trace) log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
Node importedNode = tokenDocument.importNode(securityToken, true); tokenDocument.appendChild(importedNode); XMLSignatureUtil.propagateIDAttributeSetup(securityToken, tokenDocument.getDocumentElement()); if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) { status = new StatusType(); status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
propagateIDAttributeSetup(nodeToBeSigned, newDoc.getDocumentElement()); newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI, x509Certificate); propagateIDAttributeSetup(newDoc.getDocumentElement(), (Element) signedNode);
/** * Set to false, if you do not want to include keyinfo in the signature * * @param val * * @since v2.0.1 */ public void setSignatureIncludeKeyInfo(boolean val) { if (!val) { XMLSignatureUtil.setIncludeKeyInfoInSignature(false); } }
private static void signImpl(DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, PublicKey publicKey, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { dsc.setDefaultNamespacePrefix("dsig"); DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); List<Transform> transformList = new ArrayList<Transform>(); transformList.add(transform1); transformList.add(transform2); Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null); CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null); List<Reference> referenceList = Collections.singletonList(ref); SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList); KeyInfo ki = null; if(includeKeyInfoInSignature){ ki = createKeyInfo(publicKey,x509Certificate); } XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); }
XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
XMLSignatureUtil.setCanonicalizationMethodType(configuration.getXMLDSigCanonicalizationMethod()); rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, DigestMethod.SHA1, signatureMethod, setupIDAttribute(tokenElement),x509Certificate); if (logger.isTraceEnabled()) { Document tokenDocument = DocumentUtil.createDocument(); tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); logger.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
private boolean validateSender(Document signedDocument, PublicKey publicKey) throws ProcessingException { try { return XMLSignatureUtil.validate(signedDocument, publicKey); } catch (Exception e) { log.error("Error validating signature:", e); throw new ProcessingException(ErrorCodes.INVALID_DIGITAL_SIGNATURE + "Error validating signature."); } }
Node importedNode = tokenDocument.importNode(securityToken, true); tokenDocument.appendChild(importedNode); XMLSignatureUtil.propagateIDAttributeSetup(securityToken, tokenDocument.getDocumentElement()); if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) { status = new StatusType(); status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
/** * Sign the root element * * @param doc * @param signingKey * @param publicKey * @param digestMethod * @param signatureMethod * @param referenceURI * @return * @throws GeneralSecurityException * @throws XMLSignatureException * @throws MarshalException */ public static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException { return sign(doc,keyPair,digestMethod,signatureMethod,referenceURI,null); }