Package javax.xml.crypto.dsig

Examples of javax.xml.crypto.dsig.Reference

87
88
89
90
91
92
93
94
95
96
97
   * @return a {@link Document} object.
   */
  public Document sign( @Nonnull Document xmlDocument ) {
    try {
      @Nonnull String elementName = xmlDocument.getFirstChild().getNodeName();
      Reference ref = SIGNATURE_FACTORY.newReference( '#' + elementName, SIGNATURE_FACTORY.newDigestMethod( DigestMethod.SHA256, null ) );

      Node invoice = xmlDocument.getDocumentElement();
      XMLStructure content = new DOMStructure( invoice );
      XMLObject obj = SIGNATURE_FACTORY.newXMLObject( Collections.singletonList( content ), elementName, null, null );

View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    // Step 2: Decide on a digest method and create the reference object. We
    // use the XMLSignatureFactory instance created in the first step to
    // create both the DigestMethod and Reference objects.
    Reference ref = fac.newReference("#invoice", fac.newDigestMethod(DigestMethod.SHA256, null));

    // Step 3: Load invoice.xml and wrap it in an XMLObject object. Not all
    // signature generation processes require this step. XMLObject in
    // JSR-105 models the optional Object element we briefly discussed
    // before.
View Full Code Here
68
69
70
71
72
73
74
75
76
77
78
    // generate the enveloped signature.
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

    // Step 2 : Create a Reference to a remote PDF file
    // and also specify the SHA256 digest algorithm
    Reference ref = fac.newReference("http://www.actstudent.org/plan/pdf/sample.pdf", fac.newDigestMethod(DigestMethod.SHA256, null));

    // Step 3 : Create the SignedInfo.
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null),
        fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref));
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
    // Step 2 : Create a Reference to the enveloped document (in this case,
    // you are signing the whole document, so a URI of "" signifies
    // that, and also specify the SHA256 digest algorithm and
    // the ENVELOPED Transform.
    Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA256, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null,
        null);

    // Step 3 : Create the SignedInfo.
    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
        Collections.singletonList(ref));
View Full Code Here
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
        policy.isBSP(isBSP);
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding )policy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm());
        Iterator itr = referencesList.iterator();
        while(itr.hasNext()){
            Reference ref = (Reference) itr.next();
            SignatureTarget.Transform transform = getSignatureTransform(ref);
            SignatureTarget target = new SignatureTarget();
            target.isBSP(isBSP);
            if(transform != null){
                target.addTransform(transform);
            }
            target.setDigestAlgorithm(ref.getDigestMethod().getAlgorithm());
      if(ref.getURI().length() >0){
               target.setValue(SecurableSoapMessage.getIdFromFragmentRef(ref.getURI()));
      }else{
               target.setValue(ref.getURI());
      }
            target.setType(SignatureTarget.TARGET_TYPE_VALUE_URI);
            featureBinding.addTargetBinding(target);
        }
    }
View Full Code Here
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
        //policy.isBSP(isBSP);
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding )policy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(cm.getAlgorithm());
        Iterator itr = referencesList.iterator();
        while(itr.hasNext()){
            Reference ref = (Reference) itr.next();
            SignatureTarget.Transform transform = getSignatureTransform(ref);
            SignatureTarget target = new SignatureTarget();
            //target.isBSP(isBSP);
            if(transform != null){
                target.addTransform(transform);
            }
            target.setDigestAlgorithm(ref.getDigestMethod().getAlgorithm());
            if(ref.getURI().length() >0){
                String Id = SecurableSoapMessage.getIdFromFragmentRef(ref.getURI());
                //SOAPElement se = secMsg.getElementByWsuId(Id);
                SOAPElement se = (SOAPElement) secMsg.getElementById(Id);
                if(se != null){
                    if(se.getNamespaceURI().equals(MessageConstants.WSSE_NS) ||
                            se.getNamespaceURI().equals(MessageConstants.WSSE11_NS) ||
View Full Code Here
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
                        logger.log(Level.FINEST, "SignedInfo val id "+id);
                   
                    targetURI = "#"+id;
                   
                    byte [] digestValue = fpContext.getDigestValue();
                    Reference reference = null;
                    if(!verify && digestValue != null){
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null,digestValue);
                    }else{
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
                    }
                    references.add(reference);
                }
                continue;  
            }else if(signatureType ==SignatureTarget.TARGET_TYPE_VALUE_URI){
                targetURI = signatureTarget.getValue();
               
                if(targetURI == null){
                    targetURI="";
                }
                if(targetURI == MessageConstants.PROCESS_ALL_ATTACHMENTS){
                    Iterator itr = secureMessage.getAttachments();
                    if ( !itr.hasNext()) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1372_NO_ATTACHMENT_FOUND());
                        throw new XWSSecurityException("No attachment present in the message");
                        //logger.log(Level.WARNING, "No Attachment Part present in the message to be secured");
                        //continue;
                    }
                    while(itr.hasNext()){
                        String cid = null;
                        AttachmentPart ap = (AttachmentPart)itr.next();
                        String _cid = ap.getContentId();
                        if (_cid.charAt(0) == '<' && _cid.charAt(_cid.length()-1) == '>'){
                            int lindex = _cid.lastIndexOf('>');
                            int sindex = _cid.indexOf('<');
                            if(lindex < sindex || lindex == sindex){
                                //log error
                                logger.log(Level.SEVERE,LogStringsMessages.WSS_1303_CID_ERROR());
                            }
                            cid = "cid:"+_cid.substring(sindex+1,lindex);
                        }else{
                            cid = "cid:"+_cid;
                        }
                        Reference reference = signatureFactory.newReference(cid,digestMethod,transformList,null,null);
                        references.add(reference);
                    }
                    continue;
                }else{
                    if (exclTransformToBeAdded) {
                        // exc-14-n must be one of the last transforms under ReferenceList by default.
//                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
//                        ExcC14NParameterSpec spec = null;
//                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
//                        transformList.add(transform);
                        SOAPElement dataElement = null;
                        if (featureBinding != null && featureBinding.isBSP()) {
                           
//                            try {
                                String _uri = targetURI;
                                if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
                                    _uri = targetURI.substring(1);
                                }
                                dataElement =(SOAPElement) secureMessage.getElementById(_uri);
//                            } catch (TransformerException te) {
//                                logger.log(Level.SEVERE, "WSS1373.failedto.resolve.elementbyID", te);
//                                throw new XWSSecurityException(te.getMessage(), te);
//                            }
                        }
                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                        ExcC14NParameterSpec spec = null;
                        if(dataElement != null && !disableInclusivePrefix){
                            spec =   new ExcC14NParameterSpec(getReferenceNamespacePrefixes(dataElement));
                        }
                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                        transformList.add(transform);
                    }
                    if(targetURI.equals(SignatureTarget.ALL_MESSAGE_HEADERS)){
                        SOAPHeader soapHeader=null;
                        try{
                            soapHeader = secureMessage.getSOAPHeader();
                        }catch(SOAPException se) {
                            se.printStackTrace();
                        }
                        NodeList headers = soapHeader.getChildNodes();
                        Reference reference = null;
                        for(int i=0;i<headers.getLength();i++){
                            if(((Node)headers.item(i)).getNodeType() ==  Node.ELEMENT_NODE){
                            Element element = (Element)headers.item(i);
                                if(!("Security".equals(element.getLocalName()) &&
                                    MessageConstants.WSSE_NS.equals(element.getNamespaceURI())) ){
                                    reference = signatureFactory.newReference("#"+generateReferenceID(element, secureMessage),digestMethod,transformList,null,null);
                                    references.add(reference);
                                }
                            }
                        }
                        continue;
                    }
                }
            }
           
            byte [] digestValue = fpContext.getDigestValue();
            Reference reference = null;
            if(!verify && digestValue != null){
                reference = signatureFactory.newReference(targetURI,digestMethod,transformList,null,null,digestValue);
            }else{
                reference = signatureFactory.newReference(targetURI,digestMethod,transformList,null,null);
            }
View Full Code Here
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
                    boolean sv = signature.getSignatureValue().validate(validationContext);
                    logger.log(Level.FINEST,"Signature validation status: " + sv);
                    // check the validation status of each Reference
                    Iterator i = signature.getSignedInfo().getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference ref = (Reference) i.next();
                        logger.log(Level.FINEST,"Reference ID "+ref.getId());
                        logger.log(Level.FINEST,"Reference URI "+ref.getURI());
                        boolean refValid =
                                ref.validate(validationContext);
                        logger.log(Level.FINEST,"Reference["+j+"] validity status: " + refValid);
                    }
                }
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1315_SIGNATURE_VERIFICATION_FAILED());
                XWSSecurityException xwsse =   new XWSSecurityException("Signature verification failed");
                throw SecurableSoapMessage.newSOAPFaultException(
                        MessageConstants.WSSE_FAILED_CHECK,"Signature verification failed ",xwsse);
            } else {
                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINE,"Signature Passed Core Validation");
                }
                SignedInfo signInfo = signature.getSignedInfo();
                if (isBSP) {
                    Iterator i = signInfo.getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference reference = (Reference) i.next();
                       
                        Iterator t = reference.getTransforms().iterator();
                        for (int index=0; t.hasNext(); index++) {
                            Transform transform = (Transform) t.next();
                            if (Transform.ENVELOPED.equals(transform.getAlgorithm())) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1336_ILLEGAL_ENVELOPEDSIGNATURE());
                                throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
View Full Code Here
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
        List signedReferences = signedInfo.getReferences();
        Iterator sr = signedReferences.listIterator();
        ArrayList signedDataList = new ArrayList();
        ArrayList signedReferenceList = new ArrayList();
        while(sr.hasNext()){
            Reference reference = (Reference)sr.next();
            Data tmpObj = getData(reference,validationContext);
            signedDataList.add(new DataWrapper(tmpObj));
            //TODO:Should use cached data from References of already validated
            //messages when sean provides on . For now get the Data again.
            signedReferenceList.add(reference);
        }
       
        ArrayList optionalReqList = new ArrayList();
        ArrayList requiredDataList = new ArrayList();
        ArrayList requiredReferenceList = new ArrayList();
        ArrayList optionalDataList = new ArrayList();
        ArrayList optionalReferenceList = new ArrayList();
        //It would have been better If I had optional list
        //seperated
       
        Iterator targetItr = targets.iterator();
        SecurableSoapMessage secureMessage = context.getSecurableSoapMessage();
        while(targetItr.hasNext()){
            SignatureTarget signatureTarget = (SignatureTarget) targetItr.next();
            boolean requiredTarget = signatureTarget.getEnforce();
            List referenceList = null;
            try{
                if(requiredTarget){
                    referenceList = dsigUtil.generateReferenceList(Collections.singletonList(signatureTarget),secureMessage,context,true, featureBinding.isEndorsingSignature());
                }else{
                    //dont resolve it now.
                    optionalReqList.add(signatureTarget);
                }
            }catch(Exception ex){
                logger.log(Level.SEVERE,LogStringsMessages.WSS_1302_REFLIST_ERROR(),ex);
                if(requiredTarget){
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                    throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                            signatureTarget.getValue()+" is not met");
                }
                //log
            }
            if(!requiredTarget){
                continue;
            }
            if( referenceList.size() <= 0){
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                        signatureTarget.getValue()+" is not met");
            }
            boolean allRef = false;
            //Verify all attachments are signed.              || all header elements are signed
           /* if(signatureTarget.getValue().startsWith("cid:*") || signatureTarget.getValue().equals(SignatureTarget.ALL_MESSAGE_HEADERS)){
                allRef = true;
            }*/
            for(int i =0; i<referenceList.size(); i++){
                Reference reference = (Reference)referenceList.get(i);
                Data data = null;
                try{
                    data = getData(reference,validationContext);
                    if(requiredTarget && data != null){
                        DataWrapper tmpObj = new DataWrapper(data);
                        tmpObj.setTarget(signatureTarget);
                        //It would still have cid:*
                        requiredDataList.add(tmpObj);
                        requiredReferenceList.add(reference);
                    }
                }catch(Exception ex){
                    if(requiredTarget){
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1339_INVALID_RECEIVER_REQUIREMENTS());
                        throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                                signatureTarget.getValue()+" is not met");
                    }
                }
                /*if(!allRef){
                    break;
                }*/
            }
        }
       
        if(optionalReqList.size() ==0 && requiredReferenceList.size() != signedReferenceList.size()){
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1340_ILLEGAL_UNMATCHED_NOOF_TARGETS());
            throw new XWSSecurityException("Number of Targets in the message"+
                    " dont match number of Targets in receiver requirements");
        }
       
        if(requiredDataList.size() == 0){
            if(logger.isLoggable(Level.FINER)){
                logger.log(Level.FINER,"No mandatory receiver requirements were provided");
            }
            return;
        }
       
        for(int i=0;i<requiredDataList.size();i++){
            DataWrapper rData = (DataWrapper)requiredDataList.get(i);
            boolean found = false;
            for(int j=0;j< signedDataList.size();j++){
                DataWrapper sData = null;
                sData = (DataWrapper)signedDataList.get(j);
                if(isEqual(rData,sData,(Reference)requiredReferenceList.get(i),(Reference)signedReferenceList.get(j))){
                    signedDataList.remove(j);
                    signedReferenceList.remove(j);
                    found = true;
                    break;
                }
            }
            if(!found){
                //Reference st = (Reference)requiredReferenceList.get(i);
                String uri = rData.getTarget().getValue();
                String type = rData.getTarget().getType();
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1341_ILLEGAL_UNMATCHED_TYPE_URI());
                throw new XWSSecurityException("Receiver requirement for SignatureTarget "+
                        "having " + type+" type and value " +uri+" is not met");
            }
        }
       
        if(signedDataList.size() == 0){
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST,"All receiver requirements are met");
            }
            return;
        }else{
            List referenceList = null;
           
            //Resolve All optional references if any
            for(int i=0;i<optionalReqList.size();i++){
                SignatureTarget signatureTarget = (SignatureTarget)optionalReqList.get(i);
                try{
                    referenceList = null;
                    referenceList = dsigUtil.generateReferenceList(Collections.singletonList(signatureTarget),secureMessage,context,true, featureBinding.isEndorsingSignature());
                }catch(Exception ex){
                    if(logger.isLoggable(Level.FINE)){
                        logger.log(Level.FINE,"Optional Target not found in the message ",ex);
                    }
                }
                if(referenceList == null || referenceList.size() <= 0){
                    continue;
                }
                Reference reference = (Reference)referenceList.get(0);
                Data data = null;
                try{
                    data = getData(reference,validationContext);
                }catch(Exception ex){
                    //log
                }
                if(data != null){
                    DataWrapper tmpObj  = new DataWrapper(data);
                    tmpObj.setTarget(signatureTarget);
                    optionalDataList.add(tmpObj);
                    optionalReferenceList.add(reference);
                }
            }
           
            for(int i=0;i<signedDataList.size();i++){
                DataWrapper sData = (DataWrapper)signedDataList.get(i);
                DataWrapper oData = null;
                boolean found = false;
               
                for(int j=0;j< optionalDataList.size();j++){
                    oData = (DataWrapper)optionalDataList.get(j);
                   
                    if(isEqual(oData,sData,(Reference)optionalReferenceList.get(j),(Reference)signedReferenceList.get(i))){
                        optionalDataList.remove(j);
                        optionalReferenceList.remove(j);
                        found = true;
                        break;
                    }
                }
               
                if(!found){
                    Reference st = (Reference)signedReferenceList.get(i);
                    logger.log(Level.SEVERE,LogStringsMessages.WSS_1341_ILLEGAL_UNMATCHED_TYPE_URI());
                    throw new XWSSecurityException("SignatureTarget in the message "+
                            "with URI " +st.getURI()+ " has not met receiver requirements");
                }
            }
           
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST,"All receiver requirements are met");
View Full Code Here
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
                    boolean sv = signature.getSignatureValue().validate(validationContext);
                    logger.log(Level.FINEST,"Signature validation status: " + sv);
                    // check the validation status of each Reference
                    Iterator i = signature.getSignedInfo().getReferences().iterator();
                    for (int j=0; i.hasNext(); j++) {
                        Reference ref = (Reference) i.next();
                        logger.log(Level.FINEST,"Reference ID "+ref.getId());
                        logger.log(Level.FINEST,"Reference URI "+ref.getURI());
                        boolean refValid =
                                ref.validate(validationContext);
                        logger.log(Level.FINEST,"Reference["+j+"] validity status: " + refValid);
                    }
                }
            }
            return coreValidity;
View Full Code Here
TOP

Related Classes of javax.xml.crypto.dsig.Reference

  • br.net.woodstock.rockframework.security.sign.impl.XMLSigner
  • com.cedarsoft.crypt.xml.XmlSignatureSupport
  • com.cedarsoft.utils.crypt.xml.XmlSignatureSupport
  • com.righettod.jse6xmlsig.Sample01
  • com.righettod.jse6xmlsig.Sample02
  • com.righettod.jse6xmlsig.Sample03
  • com.sun.xml.ws.security.opt.impl.dsig.SignatureElementFactory
  • com.sun.xml.ws.security.trust.impl.SBIssuedSamlTokenContractImpl
  • com.sun.xml.wss.impl.dsig.SignatureProcessor
  • com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.