Examples of javax.xml.crypto.dsig.keyinfo.KeyInfoFactory

• javax.xml.crypto.dsig.keyinfo.KeyInfoFactory
  A factory for creating {@link KeyInfo} objects from scratch or forunmarshalling a KeyInfo object from a corresponding XML representation.

  Each instance of KeyInfoFactory supports a specific XML mechanism type. To create a KeyInfoFactory, call one of the static {@link #getInstance getInstance} methods, passing in the XML mechanism type desired, for example:

  KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");

  The objects that this factory produces will be based on DOM and abide by the DOM interoperability requirements as defined in the DOM Mechanism Requirements section of the API overview. See the Service Providers section of the API overview for a list of standard mechanism types.

  KeyInfoFactory implementations are registered and loaded using the {@link java.security.Provider} mechanism.For example, a service provider that supports the DOM mechanism would be specified in the Provider subclass as:

   put("KeyInfoFactory.DOM", "org.example.DOMKeyInfoFactory"); 

  Also, the XMLStructures that are created by this factory may contain state specific to the KeyInfo and are not intended to be reusable.

  An implementation MUST minimally support the default mechanism type: DOM.

  Note that a caller must use the same KeyInfoFactory instance to create the XMLStructures of a particular KeyInfo object. The behavior is undefined if XMLStructures from different providers or different mechanism types are used together.

  Concurrent Access

  The static methods of this class are guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

  However, this is not true for the non-static methods defined by this class. Unless otherwise documented by a specific provider, threads that need to access a single KeyInfoFactory instance concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating a different KeyInfoFactory instance need not synchronize. @author Sean Mullan @author JSR 105 Expert Group

    public static void signDOM(Node node, PrivateKey privateKey, Certificate origCert) {
        XMLSignatureFactory fac = initXMLSigFactory();
        X509Certificate cert = (X509Certificate) origCert;
        // Create the KeyInfo containing the X509Data.
        KeyInfoFactory kif = fac.getKeyInfoFactory();
        List<Object> x509Content = new ArrayList<Object>();
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert);
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Create a DOMSignContext and specify the RSA PrivateKey and
        // location of the resulting XMLSignature's parent element.
        DOMSignContext dsc = new DOMSignContext(privateKey, node);
        dsc.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ns2");

        references.add(signFactory.newReference("cid:" + dataSource.getContentId(),sha1DigestMethod,Collections.emptyList(),null,null,DigestUtils.sha(IOUtils.toByteArray(dataSource.getInputStream()))));

      SignedInfo signedInfo = signFactory.newSignedInfo(signFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec)null),signFactory.newSignatureMethod(SignatureMethod.RSA_SHA1,null),references);

      List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();
      KeyInfoFactory keyInfoFactory = signFactory.getKeyInfoFactory();
      keyInfoElements.add(keyInfoFactory.newKeyValue(keyPair.getPublic()));

      Certificate[] certificates = keyStore.getCertificateChain(alias);
      //keyInfoElements.add(keyInfoFactory.newX509Data(Arrays.asList(certificates)));
      keyInfoElements.add(keyInfoFactory.newX509Data(Collections.singletonList(certificates[0])));

      KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoElements);

      XMLSignature signature = signFactory.newXMLSignature(signedInfo,keyInfo);

      Element soapHeader = getFirstChildElement(document.getDocumentElement());
      DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),soapHeader);

        //
        // Next marshal the KeyInfo DOM element into a javax KeyInfo object and get the
        // (public key) credential
        //
        X509Certificate[] certs = null;
        KeyInfoFactory keyInfoFactory = null;
        try {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException ex) {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM");
        }
        XMLStructure keyInfoStructure = new DOMStructure(keyInfoElement);

        try {
            javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo =
                keyInfoFactory.unmarshalKeyInfo(keyInfoStructure);
            List<?> list = keyInfo.getContent();

            for (int i = 0; i < list.size(); i++) {
                XMLStructure xmlStructure = (XMLStructure) list.get(i);
                if (xmlStructure instanceof KeyValue) {

    // Step 5 : Retrieve private and public key from keystore
    KeyPair kp = KeyStoreUtil.getKeyPair(KEYSTORE, KEYSTORE_PASSWORD, PRIVATE_KEY_ALIAS_PASSWORD, PRIVATE_KEY_ALIAS);

    // Step 6: Create a KeyInfo object. This step is optional, just as
    // KeyInfo as an element in Signature element is optional.
    KeyInfoFactory kif = fac.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(kp.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    // Step 7: Create an XMLSignature object. In JSR-105, the XMLSignature
    // interface models the Signature element of the W3C recommendation.
    XMLSignature signature = fac.newXMLSignature(si, ki, Collections.singletonList(obj), null, null);

    // Step 5a : Retrieve private and public key from keystore
    KeyPair kp = KeyStoreUtil.getKeyPair(KEYSTORE, KEYSTORE_PASSWORD, PRIVATE_KEY_ALIAS_PASSWORD, PRIVATE_KEY_ALIAS);

    // Step 5b: Create a KeyInfo object. This step is optional, just as
    // KeyInfo as an element in Signature element is optional.
    KeyInfoFactory kif = fac.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(kp.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    // Step 5c : Create a DOMSignContext and specify the DSA PrivateKey and
    // location of the resulting XMLSignature's parent element.
    DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc);

    // Step 5a : Retrieve private and public key from keystore
    KeyPair kp = KeyStoreUtil.getKeyPair(KEYSTORE, KEYSTORE_PASSWORD, PRIVATE_KEY_ALIAS_PASSWORD, PRIVATE_KEY_ALIAS);

    // Step 5b: Create a KeyInfo object. This step is optional, just as
    // KeyInfo as an element in Signature element is optional.
    KeyInfoFactory kif = fac.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(kp.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    // Step 5c : Create a DOMSignContext and specify the DSA PrivateKey and
    // location of the resulting XMLSignature's parent element.
    DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());

    public KeyInfo constructKeyInfo(MLSPolicy signaturePolicy,SecurityTokenReference reference) throws PolicyGenerationException,SOAPException,XWSSecurityException {

        if(PolicyTypeUtil.signaturePolicy(signaturePolicy)) {
            //SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding();
            //WSSPolicy keyBinding =(WSSPolicy) signaturePolicy.getKeyBinding();
            KeyInfoFactory keyFactory = getKeyInfoFactory();

            DOMStructure domKeyInfo = new DOMStructure(reference.getAsSoapElement());

            KeyInfo keyInfo = keyFactory.newKeyInfo(Collections.singletonList(domKeyInfo));
            return keyInfo;

        }

        return null;

    public KeyInfo constructKeyInfo(MLSPolicy signaturePolicy,String KeyName) throws PolicyGenerationException,SOAPException,XWSSecurityException {

        if(PolicyTypeUtil.signaturePolicy(signaturePolicy)) {
            //SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding();
            //WSSPolicy keyBinding =(WSSPolicy) signaturePolicy.getKeyBinding();
            KeyInfoFactory keyFactory = getKeyInfoFactory();
            javax.xml.crypto.dsig.keyinfo.KeyName keyName = keyFactory.newKeyName(KeyName);
            java.util.List list = new java.util.ArrayList();
            list.add(keyName);

            KeyInfo keyInfo = keyFactory.newKeyInfo(list);

            return keyInfo;

        }

    private void signDOM(Node node, PrivateKey privateKey, Certificate origCert) {
        XMLSignatureFactory fac = initXMLSigFactory();
        X509Certificate cert = (X509Certificate) origCert;
        // Create the KeyInfo containing the X509Data.
        KeyInfoFactory kif = fac.getKeyInfoFactory();
        List<Object> x509Content = new ArrayList<Object>();
        //x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert);
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Create a DOMSignContext and specify the RSA PrivateKey and
        // location of the resulting XMLSignature's parent element.
        DOMSignContext dsc = new DOMSignContext(privateKey, node);
        dsc.putNamespacePrefix(XML_DIGSIG_NS, "ns2");

        private void signDOM(Node node, PrivateKey privateKey, Certificate origCert) {
                XMLSignatureFactory fac = initXMLSigFactory();
                X509Certificate cert = (X509Certificate) origCert;
                // Create the KeyInfo containing the X509Data.

                KeyInfoFactory kif = fac.getKeyInfoFactory();

                List<Object> x509Content = null;//new ArrayList<Object>();
                List<X509Data> data = new ArrayList<X509Data>();
                if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN)) {
                        x509Content = new ArrayList<Object>();

                        x509Content.add(cert.getSubjectDN().getName());
            //  x509Content.add(cert);
                        //x509Content.add(cert.getSubjectDN().getName());
                        X509Data xd = kif.newX509Data(x509Content);
                        data.add(xd);
                }

        //  if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL)) {
                // }
                if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_BASE64)) {
                        x509Content = new ArrayList<Object>();
                        x509Content.add(cert);
                        //x509Content.add(cert.getSubjectX500Principal().getName());
                        X509Data xd = kif.newX509Data(x509Content);
                        data.add(xd);
                }
                if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_SERIAL)) {
                        x509Content = new ArrayList<Object>();

                        X509IssuerSerial issuer = kif.newX509IssuerSerial(cert.getIssuerX500Principal().getName(), cert.getSerialNumber());

                        x509Content.add(issuer);
                        X509Data xd = kif.newX509Data(x509Content);
                        data.add(xd);
                }

        //
                //x509Content.add(cert);
                KeyInfo ki = kif.newKeyInfo(data);

        // Create a DOMSignContext and specify the RSA PrivateKey and
                // location of the resulting XMLSignature's parent element.
                DOMSignContext dsc = new DOMSignContext(privateKey, node);
                dsc.putNamespacePrefix(XML_DIGSIG_NS, "ns2");