/** * Signs a SoapMessage with the holder-of-key configuration provided on class creation. This * method changes the SoapMessage. * * @param message cannot be null * @return The signed SoapMessage * @throws ParserException * @throws SignatureException */ @Override public final SoapMessage sign(SoapMessage message) throws ParserException, SignatureException { assert message != null; Provider securityProvider = holderOfKeyConfig.getSecurityProvider(); XMLSignatureFactory xmlSigFactory = (securityProvider != null) ? XMLSignatureFactory.getInstance("DOM", securityProvider) : XMLSignatureFactory.getInstance(); try { String bodyUuid = createSoapBodyUuid(message); CanonicalizationMethod canonicalizationMethod = xmlSigFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); SignatureMethod signatureMethod = getSignatureMethod(xmlSigFactory); ArrayList<String> refList = new ArrayList<String>(); refList.add(bodyUuid); refList.add(createTimestampUuid(message)); List<Reference> references = createSignatureReferences(xmlSigFactory, refList); SignedInfo signedInfo = xmlSigFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); KeyInfoFactory kif = KeyInfoFactory.getInstance(); KeyInfo ki = kif.newKeyInfo( Collections.singletonList(new DOMStructure(createKeyInfoContent(message)))); XMLSignature signature = xmlSigFactory.newXMLSignature(signedInfo, ki, null, addUseKeySignatureId(message), null); DOMSignContext dsc = new DOMSignContext( holderOfKeyConfig.getPrivateKey(), message.getHeader().getFirstChild()); dsc.putNamespacePrefix(XMLSignature.XMLNS, DIGITAL_SIGNATURE_NAMESPACE_PREFIX); signature.sign(dsc); log.debug("Message with SOAPBody id: " + bodyUuid + " is signed."); } catch (NoSuchAlgorithmException e) { log.debug(CREATING_SIGNATURE_ERR_MSG); throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e); } catch (InvalidAlgorithmParameterException e) { log.debug(CREATING_SIGNATURE_ERR_MSG); throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e); } catch (MarshalException e) { log.debug(CREATING_SIGNATURE_ERR_MSG); throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e); } catch (XMLSignatureException e) { log.debug(CREATING_SIGNATURE_ERR_MSG); throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e); } return message; }
private static void signImpl( DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, PublicKey publicKey, X509Certificate x509Certificate) throws GeneralSecurityException, MarshalException, XMLSignatureException { dsc.setDefaultNamespacePrefix("dsig"); DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null); List<Transform> transformList = new ArrayList<Transform>(); transformList.add(transform1); transformList.add(transform2); Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null); CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null); List<Reference> referenceList = Collections.singletonList(ref); SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList); KeyInfo ki = null; if (includeKeyInfoInSignature) { ki = createKeyInfo(publicKey, x509Certificate); } XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); }