1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
/*
* Copyright 2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package javax.xml.crypto.dsig.samples;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.*;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.*;
import java.util.Arrays;
import java.util.Collections;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.*;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
/**
* This is a simple example of generating an Enveloping XML
* Signature using the JSR 105 API. The signature in this case references a
* local URI that points to an Object element.
* The resulting signature will look like (certificate and
* signature values will be different):
*
* <pre><code>
* <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
* <SignedInfo>
* <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
* <Reference URI="#object">
* <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
* <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
* </Reference>
* </SignedInfo>
* <SignatureValue>
* RpMRbtMHLa0siSS+BwUpLIEmTfh/0fsld2JYQWZzCzfa5kBTz25+XA==
* </SignatureValue>
* <KeyInfo>
* <KeyValue>
* <DSAKeyValue>
* <P>
* /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imbz
* RMqzVDZkVG9xD7nN1kuFw==
* </P>
* <Q>
* li7dzDacuo67Jg7mtqEm2TRuOMU=
* </Q>
* <G>
* Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOH
* CBiNU0NogpsQW5QvnlMpA==
* </G>
* <Y>
* wbEUaCgHZXqK4qLvbdYrAc6+Do0XVcsziCJqxzn4cJJRxwc3E1xnEXHscVgr1Cql9
* i5fanOKQbFXzmb+bChqig==
* </Y>
* </DSAKeyValue>
* </KeyValue>
* </KeyInfo>
* <Object Id="object">some text</Object>
* </Signature>
*
* </code></pre>
*/
public class GenEnveloping {
//
// Synopis: java GenEnveloping [output]
//
// where "output" is the name of a file that will contain the
// generated signature. If not specified, standard ouput will be used.
//
public static void main(String[] args) throws Exception {
// First, create the DOM XMLSignatureFactory that will be used to
// generate the XMLSignature
String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
(Provider) Class.forName(providerName).newInstance());
// Next, create a Reference to a same-document URI that is an Object
// element and specify the SHA1 digest algorithm
Reference ref = fac.newReference("#object",
fac.newDigestMethod(DigestMethod.SHA1, null));
// Next, create the referenced Object
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().newDocument();
Node text = doc.createTextNode("some text");
XMLStructure content = new DOMStructure(text);
XMLObject obj = fac.newXMLObject
(Collections.singletonList(content), "object", null, null);
// Create the SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
Collections.singletonList(ref));
// Create a DSA KeyPair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
// Create a KeyValue containing the DSA PublicKey that was generated
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
// Create a KeyInfo and add the KeyValue to it
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
// Create the XMLSignature (but don't sign it yet)
XMLSignature signature = fac.newXMLSignature(si, ki,
Collections.singletonList(obj), null, null);
// Create a DOMSignContext and specify the DSA PrivateKey for signing
// and the document location of the XMLSignature
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc);
// Lastly, generate the enveloping signature using the PrivateKey
signature.sign(dsc);
// output the resulting document
OutputStream os;
if (args.length > 0) {
os = new FileOutputStream(args[0]);
} else {
os = System.out;
}
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}
}
|
