/**
   * @param context JAXBFilterProcessingContext
   * @return errorCode
   * @throws XWSSecurityException
   */
  public static int sign(JAXBFilterProcessingContext context) throws XWSSecurityException {
    try {
      SignaturePolicy signaturePolicy = (SignaturePolicy) context.getSecurityPolicy();
      ((NamespaceContextEx) context.getNamespaceContext()).addSignatureNS();
      WSSPolicy keyBinding = (WSSPolicy) signaturePolicy.getKeyBinding();
      if (logger.isLoggable(Level.FINEST)) {
        logger.log(Level.FINEST, "KeyBinding is " + keyBinding);
      }

      Key signingKey = null;

      SignatureElementFactory signFactory = new SignatureElementFactory();

      KeyInfo keyInfo = null;
      SecurityHeader securityHeader = context.getSecurityHeader();

      // Get the Signing key and KeyInfo from TokenProcessor
      TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context);
      BuilderResult builderResult = tokenProcessor.process();
      signingKey = builderResult.getDataProtectionKey();
      keyInfo = builderResult.getKeyInfo();

      if (keyInfo != null || !keyBinding.isOptional()) {
        SignedInfo signedInfo = signFactory.constructSignedInfo(context);
        JAXBSignContext signContext = new JAXBSignContext(signingKey);
        signContext.setURIDereferencer(DSigResolver.getInstance());
        XMLSignature signature =
            signFactory.constructSignature(signedInfo, keyInfo, signaturePolicy.getUUID());
        signContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context);
        NamespaceAndPrefixMapper npMapper =
            new NamespaceAndPrefixMapper(
                context.getNamespaceContext(), context.getDisableIncPrefix());
        signContext.put(NamespaceAndPrefixMapper.NS_PREFIX_MAPPER, npMapper);
        signContext.putNamespacePrefix(MessageConstants.DSIG_NS, MessageConstants.DSIG_PREFIX);
        signature.sign(signContext);

        JAXBSignatureHeaderElement jaxBSign =
            new JAXBSignatureHeaderElement(
                (com.sun.xml.ws.security.opt.crypto.dsig.Signature) signature,
                context.getSOAPVersion());
        securityHeader.add(jaxBSign);

        // For SignatureConfirmation
        List scList = (ArrayList) context.getExtraneousProperty("SignatureConfirmation");
        if (scList != null) {
          scList.add(Base64.encode(signature.getSignatureValue().getValue()));
        }
      }
      // End SignatureConfirmation specific code

    } catch (XWSSecurityException xe) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), xe);
      throw xe;
    } catch (Exception ex) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), ex);
      throw new XWSSecurityException(ex);
    }
    return 0;
  }
Example #2
0
  /**
   * Validate a signed document with the given public key
   *
   * @param signedDoc
   * @param publicKey
   * @return
   * @throws MarshalException
   * @throws XMLSignatureException
   */
  @SuppressWarnings("unchecked")
  public static boolean validate(Document signedDoc, Key publicKey)
      throws MarshalException, XMLSignatureException {
    if (signedDoc == null) throw logger.nullArgumentError("Signed Document");

    propagateIDAttributeSetup(signedDoc.getDocumentElement(), signedDoc.getDocumentElement());

    NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");

    if (nl == null || nl.getLength() == 0) {
      throw logger.nullValueError("Cannot find Signature element");
    }

    if (publicKey == null) throw logger.nullValueError("Public Key");

    for (int i = 0; i < nl.getLength(); i++) {
      DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(i));
      XMLSignature signature = fac.unmarshalXMLSignature(valContext);

      boolean coreValidity = signature.validate(valContext);

      if (!coreValidity) {
        if (logger.isTraceEnabled()) {
          boolean sv = signature.getSignatureValue().validate(valContext);
          logger.trace("Signature validation status: " + sv);

          List<Reference> references = signature.getSignedInfo().getReferences();
          for (Reference ref : references) {
            logger.trace(
                "[Ref id="
                    + ref.getId()
                    + ":uri="
                    + ref.getURI()
                    + "]validity status:"
                    + ref.validate(valContext));
          }
        }

        return false;
      }
    }

    return true;
  }